Laptop showing a website security dashboard on a desk in a modern office

Joomla! remains a powerful and reliable website platform, but like any widely used CMS, it needs to be kept up to date. Recent security issues affecting Joomla core, extensions, plugins and template frameworks are a reminder that website security is not something that can be checked once and then forgotten.

In recent months, serious vulnerabilities have been reported in popular Joomla extensions and template frameworks. Some of these have been actively exploited. Security expert Phil Taylor has written about recent issues affecting extensions and frameworks including JCE, SP Page Builder, Helix3 Framework, and AcyMailing.

This does not mean that Joomla itself is “unsafe”. It means that Joomla websites, especially older or long-running sites with several extensions, need regular maintenance and proper security checks. A website can be vulnerable because of the Joomla core version, but also because of an outdated extension, an old template framework, a forgotten plugin, or files left behind from an earlier compromise.

The recent Joomla core updates also show why staying current matters. Joomla 6.1.1 and 5.4.6 were released as security and bugfix releases in May 2026, and Joomla 6.1.2 and 5.4.7 followed as further security and bugfix releases in July 2026.

Importantly, these security issues do not only matter to websites already on Joomla 5 or Joomla 6. Some Joomla security notices also affect earlier versions. For example, one 2026 Joomla security notice listed affected versions from Joomla 3.0.0 through Joomla 5.4.3, as well as Joomla 6.0.0 to 6.0.3. The solution was to upgrade to a fixed supported release.

That is where older Joomla websites become a serious concern. Once a Joomla version is no longer supported, it no longer receives normal security updates from the Joomla project. Joomla 3 reached end of support in August 2023, and the Extended Long Term Security Support programme for Joomla 3 ended on 17 February 2025.

If a website is still running on an unsupported Joomla version, the risk is not only that “something might break one day”. The bigger issue is that newly discovered security problems may never be fixed for that version. At the same time, extension developers may also stop releasing security fixes for older Joomla branches.

What should Joomla website owners do?

The first step is to check what version of Joomla your website is running, and whether all installed extensions, plugins and templates are still actively supported. If the site is on Joomla 5 or Joomla 6, it should be updated to the latest available patch release. If the site is still on Joomla 3 or Joomla 4, it is worth planning an upgrade rather than waiting for a problem.

It is also sensible to run a proper security scan. Services such as mySites.guru can help identify vulnerable extensions, modified files, rogue profiles, suspicious changes and signs of reinfection. This is useful because hacked websites do not always show obvious symptoms on the front page.

A Joomla security extension can also help. For many sites, Akeeba Admin Tools Professional is a practical option because it adds additional hardening and firewall-style protections. It should not be seen as a replacement for updates, backups or proper monitoring, but it can form part of a sensible security setup.

A practical Joomla security checklist

If you manage a Joomla website, now is a good time to review it:

  • Is Joomla itself up to date?
  • Are all extensions, plugins and templates current?
  • Are any extensions no longer supported?
  • Is the site still on Joomla 3 or Joomla 4?
  • Has the site had a recent security scan?
  • Are backups working and stored safely?
  • Is there a Joomla security extension or firewall-style protection in place?

Joomla websites can remain stable and secure for many years, but they do need regular attention. If your site has not been reviewed recently, or if you are unsure whether it should be updated, upgraded or rebuilt, a practical Joomla website review is a good place to start.

Further reading

Need help reviewing a Joomla website?

New Web Consulting can help assess your Joomla website, check the current version and extensions, and advise whether the safest next step is an update, upgrade, rebuild or security review.

Joomla Support and Upgrades

Menu