Update: The Joomla! project just released the new security fix with version 3.4.6. All Free Mode and standard users should update their installations as soon as possible. Our 1&1 Safe Mode updates were already started for all customers. For all new installations via our 1&1 App Center we already provide the secure version 3.4.6. We also prepared our shields and adjusted the ruleset for the security fix.
Release notes can be found on joomla.org.
Update 18-Dec-2015: A CVE ID has been issued for this vulnerability: CVE-2015-8562.
This is how you can plan for this important update:
- Free Mode / Standard and self maintained installations: Please update your website from your Joomla! admin panel as soon as Joomla! 3.4.6 becomes available.
- 1&1 Safe Mode installations: we will update your website automatically, once Joomla! 3.4.6 is released.
To protect your Joomla! websites hosted with 1&1, we have updated our security shields, dedicated mod_security rules for example, as soon as possbible.
An additional layer of security: backing up your Joomla! websites
Everytime a security issue pops up, you might think for a short moment about how to best protect your website… Apply all updates promptly and back up your website regularly. These are two fundamental points that make your website safe and help you recover, should something go wrong.
With Joomla!, setting up a backup is a matter of minutes! You can easily create backups using Akeeba Backup or EJB (Easy Joomla! Backup, developed by Viktor Vogel). So give yourself peace of mind, by setting up your Joomla! backup now.
Easy Joomla! Backup
EJB offers a cronjob plugin and CLI script, with which it is very easy to create automated backups through cronjobs.
- Create quickly and easily backups in Joomla!
- Extension creates Backups of all files and the database
- 3 different backup types: Full, Database and File Backup
- All files and a database dump are packed into one ZIP archive
- Extended ACL settings: Configure, Access Administration Interface, Delete, Download, Full Backup, Database Backup, File Backup, Discover
- Easy recovery – files via FTP, database dump via a database tool, e.g. phpMyAdmin
- Exclude files from the backup archive
- Exclude folders from the backup archive
- Add ‘DROP TABLE’ order to the dump file
- Add additional tables from the database
- System Plugin: EJB Cronjob
- It configures itself for optimal operation with your site. Just click on Configuration Wizard.
- AJAX powered backup (site and database, database only, files only or incremental files only backup)
- The fastest native PHP backup engine.
- Choose between standard ZIP or highly efficient JPA archive format
- able to exclude specific files, folders
- able to exclude specific database tables or their contents
- Unattended backup mode (CRON job scheduling), fully compatible with Webcron.org
- AJAX powered site restoration
- “Kickstart” restore: restore without unpacking backup
- Move your site between hosts without downloading/uploading anything (using the DirectFTP backup engine)
1&1 Joomla! Brute Force Protection plugin
The 1&1 Brute Force Protection plugin (beta) stops brute force login attempts on the login form in the Joomla! backend, providing an additional layer of security for your website.
After a set number of login attempts a small captcha with an arithmetic task has to be solved successfully to get access, even if the credentials are entered correctly.
Setting Up Two Factor Authentication with Joomla! and Google Authenticator
Google Authenticator allows you to combine the classic Joomla! login with username and password with an additional security code. This increases the security of your Joomla! website.
Since version 3.2, Joomla! supports two-factor authentication via Google Authenticator und Yubikey out of the box.