Joomla! Tips & Troubleshooting Guide

Joomla is a powerful content management system that can be tooled to power virtually any type of website. However, getting started with Joomla can be overwhelming due to the platform’s exceptional flexibility. In this guide, we’ve pulled together some of the best configuration tips, maintenance practices, security recommendations, hack recovery strategies, and general resources from around the web to help you whether you’re just getting started with Joomla!, if you’re an experienced Joomla! developer, or if you have a Joomla! site that’s been hacked that needs immediate attention.

We’ve arranged the content in the order that will make the most sense to a Joomla! beginner. So if you’re new to Joomla! we recommend you review the resources in the order we present them. On the other hand, if you already have some experience, feel free to jump in at the point that provides the information you need right now.

Server Configuration & Site Setup

Configuring your hosting account correctly, setting up directory and file permissions, and copying a site from a local environment to the server are frequently encountered tasks for any developer building Joomla! websites. In this chapter we’ll link to resources that will help you tackle some of these common site and server setup tasks.

Moving From a Local Environment to a Web Server.

Many website professionals prefer to work in a local environment as they design and develop their Joomla! websites. Doing so provides an added layer of security during development, eliminates the possibility that you might accidentally publish a site during development, and speeds up the processing of information since you don’t have to wait for information to pass between the web server and your computer. We found two solid resources that walk you through the steps to move a locally-developed Joomla! site to a web server.

Joomla! Documentation: Copying a website from a local host to a remote host

JoomlaDirect Video: How to transfer a Joomla site from localhost to your live server

Convert a Static Site To Joomla!

Many first-time Joomla! users have an existing website built with static HTML and CSS files that already includes a design they like and want to keep using. In these cases it may be desirable to simply convert the existing HTML and CSS design into a Joomla! layout. The Joomla! community has created a guide for this process that walks you step-by-step through the process.

Joomla! Documentation: Converting an existing website to a Joomla! website

Tuning your Joomla! Website

A standard Joomla! installation won’t be slow by most standards as long as it’s hosted by a good hosting provider. Still, there are things you can do to improve the load speed of your website for your visitors. Keeping software up to date, enabling caching, enabling compression, and optimizing image file sizes before uploading them to your site are a few of the things you can do. For a detailed overview of these steps and several additional speed-boosting tips check out this tutorial.

Siteground: How to Improve Your Joomla Speed

Connecting to an external database

Every Joomla! website uses an SQL database for object storage and retrieval. This is the basic premise behind a dynamic website. In some instances it may make sense to pull data from more than one database. This is typically the case when you are working with an existing database that already contains a lot of information, and you want to pull data out of it. The good news is that connecting Joomla! to an external database is not overly complex and there is an official Joomla! document that explains the process.

Joomla! Document: Connecting to an external database

Restricting Directory Access

We’ll get into more stringent security measures and recommendations in a later chapter, for now we just want to cover some basic measures recommended to provide at least a small barrier of protection around Joomla! administrative files. The easiest way to do this is to use htaccess to password protect the administrator directory. A much more effective step to take is to restrict directly access to specific IP addresses, but doing so will require that you have a static IP address assigned by your internet service provider. To read more about both steps and implement them as applicable check out these guides.

Joomla! Documentation: How do you password protect directories using htaccess?

Joomla! Documentation: How do you restrict directory access by IP address using htaccess?

Tips for Common Tasks

There are a handful of changes and updates every Joomla! user will probably want to make to a standard Joomla! installation. How to make most of these changes isn’t obvious the first time, or maybe even the second time, you go through the process. The following resources will help you tackle these common moves quickly.

Install a Template

If you’ve found a Joomla! template you want to use the next step is to install it. Installation varies a bit depending on the version of Joomla! you’re using. Luckily the Joomla! documentation site has instructions for template installation with all currently supported versions of Joomla!

Joomla! Documentation: How do you install a new template?

Install an Extension

Extensions dramatically increase the power of Joomla! websites, and there are thousands of extensions available for installation. Once you’ve found an extension that does exactly what you’ve been looking for how do you install it? Thankfully, there’s a guide for that.

Joomla! Documentation: How do you install an extension?

Determine the Installed Joomla! Version

Every version of Joomla! is a little different. Template and theme compatibility, configuration details, upgrade procedures, and security concerns vary considerably from one version to the next. If you aren’t running the most recent version of Joomla! you should really plan on upgrading. In the meantime, if you need to determine which version of Joomla! you have installed you can do so by following the instructions in this document.

Joomla! Documentation: How to check the Joomla! version

View Updates Without Publishing

When making layout and appearance changes to a Joomla site that is already hosted on the server it is a good idea to preview the changes prior to publishing them. This can be done by setting the site to maintenance mode, making the changes, and then navigating back to the site in an administrator view while the site remains in maintenance mode. But don’t take our word for it. Instead, you’ll want to follow the official step-by-step instructions.

Joomla! Documentation: How to view a live site while developing, but hide it from others.

Enable Search Engine Friendly URLs

Since Joomla! version 1.6 the default setting for Search Engine Friendly (SEF) URLs has been "Yes". However, if you’re running an earlier version of Joomla!, or if you’ve somehow switch this option to "No", turning on SEF URLs is an important step towards improved SEO performance and user experience. It is worth mentioning that if you have a well established site that does not have SEF URLs turning them on will have a negative impact on your search engine results in the immediate term. If you’re ready to go ahead with enabling SEF URLs there’s a guide for that.

Joomla! Documents: How to implement SEF URLs

Joomla! Documents: Common problems when enabling SEF URLs: Enabling Search Engine Friendly urls

Remove "Powered by Joomla"

Every Joomla! installation comes with the notice "Powered by Joomla" embedded in the site footer. While you aren’t supposed to remove the wording from the source code files, you can hide it. Depending on the version of Joomla! you are running the procedure will be a little different. The good news is that the Joomla! Documentation site includes instructions for hiding this message if you don’t want to advertise the fact that your site runs on Joomla!

Joomla! Documentation: How to remove the "Powered by Joomla!" message.

Change Your Favicon

Every website should have a favicon - the icon that appears next to the website title in the browser address bar. Joomla! comes with a standard favicon, but you can customize it easily by following this tutorial.

Joomla! Documentation: How do you change the favicon?

Manage Your Admin Account

One recommended step to add a layer of security to your site is to change the standard Joomla! Super User from Admin to a unique username. In addition, if you ever lose the Super User username or password, you’ll need a way to recover or replace that information. This guide covers both of those topics: recovering and resetting admin access, and changing the Super User.

Joomla! Documentation: How do you recover or reset your admin password?

Use Gmail as Your Mail Server

There is built-in support for the use of SMTP to send messages (such as contact forms) from a Joomla! site. If you don’t have access to an SMTP server with your hosting account, or if you would just rather use Gmail and you have an active Gmail account, then you can use Gmail’s SMTP server as your mail server. Set up is pretty straightforward, and there’s a guide for it.

Joomla! Documentation: How do I use Gmail as my mail server?


Regular website maintenance is a critical, and often overlooked, part of any webmaster’s responsibilities. Backing up your site, keeping software up to date, and managing content is important if you want to maximize website uptime and provide the best experience possible for your website visitors. We’ve pulled together some resources that will help you plan and implement a comprehensive maintenance plan for your Joomla! powered website.

Site Backup Best Practices

Site backups are a critical part of any website maintenance plan. Creating and implementing a regular program of website and database information backups is critical if you want to have the necessary information on hand to recover from a hack or server failure. We’ve found two great resources to help you think through your optimal backup plan.

Joomla! Documentation: What are the best practices for site backups? Siteground Tutorial

Upgrading Joomla!

Updating your Joomla! site is one of the best things you can do to protect against hacks and other security issues. Since version 1.7 of Joomla!, a software updater component has been included. Prior to version 1.7 updates had to be complete manually. Keep in mind that you’ll always want to create a complete site backup prior to beginning a software update so that you can restore your site if something goes wrong. Also keep in mind that extensions and templates may not be compatible when updating from one major version of Joomla! to another (i.e. version 1.5 to version 3.x for example). With a complete backup copy in hand, check out the resources below for step-by-step Joomla! software upgrading procedures.

Joomla! Documentation: Upgrading Versions

Joomla! Documentation: Upgrading to Version 3.x

Siteground Video: Upgrading from Version 2.5 to Version 3.x

Migrating a Joomla! Website

Sometimes it makes sense to have a clean start and to migrate from one version of Joomla! to a newer version. In addition, when moving from some older versions of Joomla! an upgrade isn’t possible, and a site migration is your only option if you want the newest version of the software.

Migrating your site to a fresh Joomla! installation gives you the opportunity to think through your site structure, extensions, and content and make significant changes to improve your site. However, migrating can be challenging. Thankfully there are a few good resources out there to help you assess your readiness to take on the task, and think through the process before you begin.

Joomla! Documentation: Why Migrate?

Siteground Video: Migrate from Joomla! 1.5 to Joomla! 3.x

Updating Joomla! Extensions

Joomla! extensions add critical functionality to nearly every Joomla! installation. However, out-of-date extensions are also one of the biggest security risks for any Joomla! website. Keeping extensions up to date is therefore a critical part of any website maintenance plan. Thankfully, updating extensions is usually pretty straightforward, and we even found a guide for it.

Siteground Tutorial: Updating Joomla! Extensions

As a website grows new content is added, old content is removed, things are rearranged and as a result it’s very normal for links to break. Also, anytime you link to content external from your website you are creating a link that can be broken without your knowledge and when you least expect it. While you probably are pretty good at catching these issues when they occur in obvious places, such as your main navigation menu, it’s a lot harder to catch broken links embedded in your site content. Finding and fixing broken links doesn’t need to be all that time consuming or difficult if you know the rights tools to use. This guide will help you clean up broken links without pulling your hair out in the process.

Theme Expert Blog Post: How to Find and Fix Broken Links in Joomla


The best way to recover a hacked site is to prevent the hack in the first place. While no one can completely guarantee that your site won’t be hacked, there are things you can do to minimize the risk that your site will be hacked.

First, there are some common-sense tips:

  • Keep Joomla! extensions updated.
  • Keep Joomla! software updated.
  • Always control access to your hosting account and website back end. If you ever have to provide credentials to a third-party, such as when you hire an independent developer, always delete or reset those credentials when access is no longer needed.

After taking care of the most common sense steps, there are additional steps you should take to keep your site as secure as possible.

Basic Security Recommendations

You should take a look at basic security recommendations provided by reputable sources such as good hosting providers and the Joomla! community. We found two resources that, if followed, will give you a major head start on securing your website.

Siteground Tutorial: Joomla Security Tutorial

Joomla! Documentation: Security Checklist

Avoid Vulnerable Extensions

Exploiting vulnerable extensions is one of the most common ways hackers gain unauthorized access to Joomla! websites. For this reason, Joomla! keeps a list of extensions with known security vulnerabilities. Before installing an extension always make sure it isn’t on Joomla!’s list of vulnerable extensions.

Joomla! Vulnerable Extensions List

Setting Correct Permissions

It’s important to set file and directory permissions correctly. Permissions that too restrictive will prevent you from making that changes you need to make. However, permissions that aren’t restrictive enough will provide an open door to a knowledgeable hacker. Joomla! provides specific recommendations on setting file and directory permission levels. To set your sites permissions correctly check out these resources.

Joomla! Documentation: What are the recommended file and directory permissions?

Joomla! Documentation: Working with Preconfigured htaccess

Avoid the Media Upload Hack

Some older versions of Joomla! were susceptible to a frighteningly simple and effective hack that made use of the media upload function (such as when using a WYSIWYG editor to post a comment). If you haven’t updated Joomla! in a while you’ll want to update to the newest version, or at a minimum grab the security patch that was released in 2013. To read more about this vulnerability check out this resource.

Krebs on Security Article:

Protect Your Super User Admin Account

It was very easy to guess the Admin user in versions of Joomla! prior to version 3.1. By making use of password cracking software this enabled a hacker to gain access to your Admin user account relatively simply. In order to avoid this hack either upgrade your older version of Joomla! or check out these resources to protect your Super User account.

Akeeba Backup Documentation: Changing Your Super Admin ID

Joomla! Documentation: How do you recover or reset your admin password?

Fixing a Hacked or Broken Joomla! Site

Joomla is an extremely popular Content Management System (CMS) used to create websites around the world (including sites for major universities and corporations). Its flexibility and customizability have made it a powerful choice for website designers who want to create professional sites without needing to learn programming or scripting.

But what can you do when the unthinkable happens, and your Joomla-based website is infiltrated by hackers? A compromised site might have its content altered or even deleted altogether. With your hard work and online reputation at stake, it's critical that you identify the issue and address it immediately.

How Joomla Sites Get Hacked

While the Joomla core is relatively resistant to hacking efforts, the software's use of extensions and modules opens it up to attack via these add-ons. Themes and extensions are both vulnerable to what's known as Cross-Site Scripting (XSS). An XSS attack consists of a bit of malicious code (usually a script) that is used either to alter the site directly or gather information from other users in order to gain access to site administration.

Another popular hacking method is to use Structured Query Language (SQL) injections. SQL is the language used by many popular database management and interface applications. This hack takes advantage of vulnerabilities in your site's code that allow forms (e.g., a customer login form) to query a given database directly. On sites with direct query access, all the hacker has to do is input specific SQL commands in order to retrieve information from the database (in this case, customer login information), which can then be used to access more areas of the site.

Take a closer look at some of the techniques hackers use to break into Joomla sites:

Repairing A Hacked Joomla! Site

Regardless of how your site has been compromised, once you discover the hack, your most important goals are to repair and remove the damage, and to prevent it from happening again.

Fixing the Hack

The first thing you should do is make sure that the hack is limited to your site, and not the entire Web server. A repaired site on an infected server remains vulnerable to future attacks.

NOTE: This is most important if you have shared hosting, as you are more likely to share your server with other sites. Virtual Private Server (VPS) accounts run in their own memory space, and dedicated hosting reserves an entire Web server for your site's exclusive use, but it still pays to scan both the site and the server if possible.

When you're ready to clean up your site:

  1. Check your site and server logs for information on how the hackers accessed your site (ask your hosting provider to check the server logs if you don't have access to these files).
  2. Scan your site with a tool such as Akeeba SiteDiff in order to identify any recent changes to your site. If you suspect an SQL injection, look for unknown PHP Hypertext Preprocessor (PHP) files or terms such as "update," "replace," or "insert" in your log files.
  3. Restore all of your website files to the latest uninfected versions. Regular backups and solid support from your provider can make the difference between an irritating inconvenience and a huge loss.
  4. If possible, recover any updates and content added since your last backup.
  5. Let your customers and anyone else with access to your site know about the hacking, and keep them posted with your progress during repairs.
  6. Contact Google and request that your site cache be cleared (you can do this with Google Webmaster Tools).
  7. Update all your extensions to the latest versions
  8. Scan and clean your site with malware and virus scanning software.
  9. Delete any unnecessary content, extensions, or test environments.
  10. Delete any unnecessary database files.
  11. Adjust the access permissions on your files and folders to the highest level that still permits your site to function smoothly for visitors.
  12. Change all your passwords.
  13. Document the incident, including all information you gathered from the logs, in order to create a reference for (and to help prevent) future incidents.

If you're not comfortable tackling the restoration yourself, you don't have a backup (and if you don't, start doing it now), or if it seems like your core Joomla installation has been hacked, rather than just your content, you may need to take more thorough measures. Your hosting provider's support team can likely help, either by performing the restore themselves or walking you through it. In addition, you can also hire a professional Joomla audit and restoration service to get your site back up and running for a fee.

Protecting Yourself From Future Attacks

When it comes to website maintenance, an ounce of protection is worth a pound of repair. Following a few simple procedures can help you makeâ€"and keepâ€"your site safer from hacker attacks.

  • Back up your data. Backing up your site is essential. Restoring your hacked site will be much less painful if you've made regular backups of all your site files. Many hosts offer this service as a part of their hosting packages or as an add-on service for a modest fee. You may want to consider maintaining your own backups for extra security.
  • Monitor your website and server. Hosting providers often include a variety of monitoring tools, accessible from your hosting control panel, you can use to keep an eye on the data flowing in and out of your Web server. Many also offer extended support services (including fully managed hosting) that will monitor traffic to and from your site, track changes to files and site pages, and provide increased security.
  • Keep unnecessary files and accounts to a minimum. Clever hackers can exploit even seemingly innocuous content to access the rest of your site or server. If you regularly create testing environments or have excess databases you use to store data temporarily, be sure to tidy up frequently by deleting these files when they're no longer in use.
  • Tighten up your security. Keep your Joomla core installation up to date with the latest patches, and make sure your themes and extensions are all updated regularly as well. Use strong passwords (a mix of letters, numbers, and symbols) to protect your directories and files from prying eyes, and change your passwords regularly. Limit access permissions for all users to the minimum level necessary.

Having to deal with the aftermath of a hacker's mischief is nobody's idea of a good time. Every second your site is out of commission costs you not only time, but money and potential customers. By taking the time to keep your site updated, and carefully managing your security and files, you'll be ready to limit the damage hackers can do to your Joomla site.

You’ve Been Hacked

If you’ve been hacked a good place to start is by reviewing the documentation provided by the Joomla! community. An extensive list of recommendations has been developed by the Joomla! community to provide all of the information necessary to recover a hacked site. While not as easy for beginners to follow, it’s a great comprehensive resource for webmasters with a bit more experience.

Joomla! Documentation: You have been hacked or defaced

Fix a Site Broken by a Bad Extension

You should always be careful about the extensions you install. It isn’t unheard of for a bad extension to completely shut down your websites front end and back end leaving you with no way to use the Joomla! administrator interface to remove the troublesome extension. Thankfully, you can still remove the extension by accessing the server either through your hosting account control panel or using FTP software. We even found an easy-to-follow guide for removing back extensions in this way.

Joobi Blog Post: How to Fix White Page

Database Connection Errors

After installing Joomla!, making configuration changes, or modifying your database you may find that you experience database connection problems evidenced by missing content or an error message on your site letting you know that Joomla! couldn’t connect to the database. If you are facing this situation don’t panic! This is usually a pretty simple problem to fix once you know the problem you’re trying to fix.

TemplateMonster Joomla Troubleshooter: How to fix database connection errors

Fix File Permission Issues

File permissions can cause issues if Joomla! is trying to modify files and directories using the shared server credentials when the files and folders themselves were created using your own FTP credentials. This disagreement between credentials can cause issues if permissions are set too restrictively. The good news is that Joomla! can be configured to use the credentials of your choosing rather than the default server credentials. To configure Joomla! with your personalized credentials just follow the steps in this tutorial.

NorrTheme Troubleshooting Documentation: File Permission Issues

Identify JavaScript Conflicts

JavaScript conflicts between Joomla! website templates and extensions can cause major rendering issues. However, it can be tricky to identify the culprit extension and begin the process of working to correct the issue. For help getting started identifying the source of a rendering issue due to a JavaScript conflict check out this article.

NorrTheme Troubleshooting Documentation: Most Common JavaScript Conflicts

Fix a Site Using a Backup and Fresh Joomla! Install

While not necessarily the lowest-impact method, especially if you’re running an older version of Joomla!, the simplest way to get a hacked site back up and running quickly is to use a recent backup and fresh clean installation of the latest version of Joomla! If you have a recent backup, check out these tutorials.

InMotion Support Article: Fix Joomla Hack and Upgrade for Security

Siteground Tutorial: My Joomla has been hacked!

Akeeba Backup Walkthrough: Unhacking Your Site

Fix a Site Using a Third-Party Extension

There are premium (meaning: paid) third-party extensions that can help repair a hacked site - assuming you can still access the administrator site backend. If you can’t gain access the backend you’ll have to use one of the other recovery methods, but you might want to consider a third-party extension to protect your site from future hacks. While we don’t endorse any particular third-party security extensions, we did find one helpful tutorial that walks through implementation of {code}{manage}.myJoomla{/code}, and provides a good idea of the sort of premium third-party options that are out there.

Theme Expert Blog Post: How to Fix a Hacked Joomla Website

Fix a Site By Cleaning Affected Files

If you’re an advanced Joomla! user the fastest way to clean up a hacked site will probably be to identify infected files, inspect them, and clean up suspicious code. If you aren’t a programmer and advanced Joomla! user you should not undertake this method. However, if you’re already comfortable poking around in Joomla!’s source-code check out this tutorial.

IT Octopus Article: How to Quickly Fix a Hacked Joomla Website

Thanks to an easy-to-use, template-based interface and plenty of powerful customization options, Joomla is one of the most popular content management system (CMS) applications in use today. Millions of sites around the Web have been built using Joomla, and a bevy of free tools, plug-ins, and templates make it even easier for just about anyone to create a professional and interesting site.

Unfortunately, using these freebies without carefully reviewing their contents can end up causing you serious headaches. Many free Joomla templates contain embedded hidden links (also known as SPAM links). In addition, hidden links can be added to your site by hackers using iFrame injections, fake media files (such as .gif files that disguise malicious code), malicious code, and other tricks.

These links are often invisible to both you and visitors to your site. They can be hidden using CSS, or simply by making the text of the link the same color as the background of the page. And while some are simply used to insert advertisements, others can redirect visitors to other sites, run malicious code, or even gather and send sensitive information (such as customer financial data) back to a hacker.

Regardless of their intended functions, these links can create big-time problems. Hidden links can:

  • Slow site performance. Hidden links can leach bandwidth and other resources from your Web server, slowing down your site and making it difficult or even impossible for visitors to use.
  • Damage your advertising efforts, credibility, and search engine rankings. Using hidden links is strictly forbidden by the Google Adsense, and can cost you your account if Google discovers them in a scan. In addition, many hidden links lead to spam-laden or malicious sites, which can further damage your ranking when detected by Google and other search engines.
  • Redirect visitors to all the wrong places. A hidden link can take visitors to inappropriate or intentionally harmful sites.
  • Give hackers access to sensitive information. Using hidden links, hackers can attempt to access your site, install malware, or collect information from your site's visitors.

If you're using a new free template or suspect your existing template contains hidden links, it's a good idea to give it a thorough once-over in order to locate and remove anything suspicious or harmful.

  1. Make a backup of your site and content. Before you make any changes, make sure you have a backup copy of your site, stored offline. If something goes wrong, you'll be able to restore everything and try again, rather than having to rebuild from scratch.
  2. If your provider includes anti-virus and malware removal tools with your hosting package, you can use them to help you find hidden links, suspect code, and viruses. They may not catch encrypted or encoded files that deliver links from databases by decoding them into your site, however, so don't rely solely on this method to identify threats.
  3. Do a manual search of your code. If you're comfortable with code and knowledgeable enough to identify suspicious content, a quick search of your files may turn up the culprits. Potential offenders include links to unknown content, unfamiliar images or other media files, and unfamiliar .php, database, and .htaccess files.
  4. Start with your index.php file and expand your search from there. Pay special attention to unfamiliar .php files, especially those with names such as "footer.php", "inject.php", or "includes.php". Carefully note the location of each suspicious item. You'll also want to do a direct comparison between the original template files and your versions. You can do this by downloading a fresh copy of the template, then downloading your site files, and opening each corresponding file side by side in a text editor. If you find links and code that don't match, or if your site contains suspicious files not present in the original template, you may have been hacked. Remember, though, that some free templates come with these hidden links already embedded, so it pays to check out anything that's out of the ordinary.
  5. Use a scanning tool. If you want additional security, or aren't comfortable with manually searching your code, several custom scripts and tools are available to help you find hidden links in your template files. Some, such as the Web Developer Toolbar (available for both Firefox and Chrome) allow you to search your code, identify all the links (including those pesky hidden ones), and more. Other tools (such as Securi, a free Web-based scanner, or Jamss.php, a free script file that scans your entire Joomla site) will identify potential malware as well as hidden links. You may have to do the more difficult work of manually deleting the offending content yourself, however, since many of these services scan for free, but require payment for automatic removal. Take careful note of any results from the scans, as well as the location of any suspicious links, for reference.
  6. Remove the offending links and code. After identifying all the suspicious content, you can remove it manually by navigating to the suspect files in your FTP application, downloading them, and then editing each one with a text editor such as WordPad or Notepad. If the malicious links are being inserted from a database, you can use a tool like phpMyAdmin to examine your database files for suspicious code.
  7. Secure your site. Once you've removed any hidden links or malware code, be sure to tighten up the security on your site to help reduce and prevent future problems.
    • Always keep your Joomla install up-to-date. Hackers love outdated software, because multiple exploits have often been discovered for it.
    • Delete any unnecessary databases, media files, and .php files (again, being careful to ensure they're truly unnecessary) to limit the files hackers can use to infiltrate your site.
    • Adjust your file access permissions to the highest level that still allows for normal site function, and delete any unneeded administrator accounts.
    • Password-protect the folders containing sensitive information. Use strong passwords, and change all your passwords - hosting account, FTP, admin, and user - regularly.
    • Use templates, plug-ins, and add-ons only from reliable, trusted sources.

NOTE: Even the best scanning utilities can return "false positives," or valid content that's misidentified as suspicious. Always make a back-up of your site, and only remove code from your site that you're absolutely sure doesn't need to be there.

Removing essential code can damage or even break your site completely, so if you're unsure about a change to one of your files, seek help from your host or an experienced Joomla developer before deleting something forever.

Hidden links aren't the worst trick hackers can use to infiltrate your Joomla site, but they are some of the most common. By carefully vetting your template files, keeping your Joomla install up to date, and securing your content and file structure, you can keep these secretive bits of code from ruining your day, your website, and your business.

Further Reading

There’s more to the Joomla! world than we could possibly cover in a resource guide of any reasonable length. We’ve attempted to pull together the most useful resources we could to help you optimize your Joomla! website, develop a website management strategy, secure your site as much as possible, and recover from a hack if you ever face that headache.

If you want to go further, there are a lot of additional resources, guides, tutorials, and books to check out. For further reading, check out these guides and resources, which are the some of the best the web has to offer.

Official Joomla! Documentation Site

Most of the resources we’ve linked to within this guide come from the extensive Joomla! documentation site, and we’ve only scratched the surface. This extensive collaborative community manual is one of the best reasons to consider using Joomla! to power your website, and is a resource you should become comfortable with if you have any websites powere by Joomla!

Joomla! Documentation

Official Joomla! Security & Beginner’s Guides

If you’re just getting started with Joomla!’s documentation site it can be a bit overwhelming. There is a mountain of content available, and knowing where to start is not easy. If you’re new to the world of Joomla! we recommend two guides: Joomla! Beginner’s Guide and Security Guide.

Joomla! Documentation: Beginner’s Guide

Joomla! Documentation: Security Guide

Joomla! Tutorials, Guides, and Videos

Siteground has pulled together an excellent repository of original Joomla! tutorials, guides, and videos. They cover everything from backups, to upgrades, to security, to installation, and more.

Siteground Joomla Tutorials

Top 10 Stupid Admin Tricks

Mistakes can be the best teachers. Let the mistakes of others be your guide. Joomla! has pulled together a list of the dumbest things site admins do. For a lighthearted look at managing your site check out this How-NOT-To guide.

Joomla! Documentation: Stupid Admin Moves


There are also lots of great books if you want to learn more about Joomla! We’ve found some of the best up-to-date books available. If you’re looking for the book that’s right for you check out the information below to identify the resource that best fits your situation.

Joomla! 3 Beginner’s Guide by Eric Tiggeler. Available in Paperback and for Kindle.

A comprehensive guide to building a Joomla! website. No prior knowledge of HTML, CSS, or PHP is required. This is a great resource for beginners, but won’t satisfy experience users looking to get heavily technical and detailed.

Joomla! 3 Boot Camp: 30-Minute Lessons to Joomla! 3 Mastery by Robin Turner and Herb Boeckenhaupt. Available in Paperback or for Kindle.

A comprehensive introduction to Joomla! broken into manageable 30-minute lessons. This is a great guide for Joomla! beginners who want a way to cover all of the basics of Joomla! installation and site building in an easy-to-follow sequential format.

Joomla! 3 Explained: Your Step-By-Step Guide (2nd Edition) by Stephen Burge. Available in Paperback or for Kindle.

Great for beginners and as a reference manual for more experienced developers. Written in simple and understandable language, this extensive manual covers virtually all aspects of developing with Joomla! stopping just short of technical programming topics.

Joomla! SEO and Performance by Simon Kloostra. Available in Paperback or for Kindle.

If you already have a basic understanding of Joomla!, and maybe even have a website or two under your belt, but want to improve website speed and SEO performance this might be the resource for you. This guide won’t teach you how to create a Joomla! site, but it will teach you how to optimize your site for speed and SEO ranking.

Programming Joomla! Plugins by Jisse Reitsma. Available in Paperback.

If you’re ready to start building your own plugins for Joomla! this is the book for you. Bypassing introductory Joomla! topics, this text jumps right into developing a wide variety of plugins. If you want to create plugins for your own site, or for sale to customers, this book will help you get there.