Joomla! Security Module Released by Incapsula for Joomla! Versions 1.6-2.5 Vulnerabilities

2 minute read
Anthony Myers avatar

Older versions of the Joomla! open source CMS are susceptible to takeover hacking attempts, according to a three month study by website security service Incapsula. Incapsula has now released an integrated Joomla! module to stop these dangerous attacks on one of the most popular open source Web CMSs in the world.

Most Joomla! Users Not Upgraded to v3.0

Because 90% of Joomla! websites still run on the first version of the platform, they are more vulnerable to two specific types of attack, Incapsula found.

In fact, 15% of those websites run versions 1.6 through 2.5 and they are most likely to be forcibly attacked through a security hack or a JCE shell upload attack.

The security hack is known as a privilege escalation exploit, and JCE is a popular Joomla! extension that offers WYSIWYG document processing and editing tools.

Incapsula for Joomla! eliminates these types of attacks, and the release offers an easier integration with the Web CMS. 

Before the release, Incapsula could only be set up directly through the company, and so the integration will make it a bit simpler for Joomla! admins, developers and resellers to manage their security systems.


Incapsula's Joomla module boosts performance by reducing bandwidth and using advanced caching and optimization.

Learning Opportunities

Joomla! Report + Joomla! 3.0 Highlights

Nearly three percent of all websites use Joomla!, a new report by W3 Techs says. WordPress continues to be the most popular open source CMS according to the report, but platforms like Drupal and vBulletin are among the largest of open source based websites.

Incapsula performed a three month study on a random sample of Joomla! websites, and found 59% suffered some form of malicious activity. Additionally, 13% had experienced a full takeover attempt via the above listed vulnerabilities.

Based on the established attack rate and the number of websites using Joomla! found in the W3 Techs report, Incapsula figured 400,000 Joomla! sites could be targets in the next few months.

Of course, those using Joomla! 3.0 seem to be not as open to these types of attack. However, v3 is only a couple months old, and websites don't seem to be lining up to upgrade. Version 3 includes a new design featuring the popular Bootstrap framework, and compatibility with the PostgreSQL open source relational database management system (ORDBMS).

Incapsula for Joomla! is a free download for website owners and admins, and additional Incapsula services start at US $9 per month per website.