(Please note – at the time of this post – February 1, 2018 – the latest version of Joomla! was version 3.8.4. If you are reading this post after February 1, 2018 then the versioning may have changed)

Updating your Joomla! script can be a hassle. Unlike a lot of other Content Management Software, Joomla! updates are typically more demanding. Depending on what version of Joomla! you are updating from, the update process may cause you some issues.

• Joomla! 3.8.0 or greater – Update should go through without any issues.
• Joomla! 3.6.5 – Joomla! 3.8.0 – Update should go through but you may have to sort out some issues.
• Joomla! 3.6.5 or lower – The update very likely won’t go through.

Keep in mind, if you don’t keep your Joomla! script up-to-date, then it’s a matter of WHEN your website will be hacked, compromised, and abuse and not a question of IF. While updating your Joomla! script might be painstaking it is a necessary step.

We really encourage you to post any questions you have about updating your Joomla! script at the Joomla! Community Forums:

http://forum.joomla.org

We are not all that well-versed in how Joomla! is coded and how it is maintained. The folks at the Joomla Community Forums have a much better grasp of this.

3.8.0 or greater
If you are updating from a Joomla! 3.8.0 or greater, then the update process should go on without any issues. Although I would encourage you to make sure that you have plenty of disk space on your account, and making a backup before performing the update is never a bad idea.

A version between 3.6.5 and 3.8.0
If you are updating a Joomla! script that is 3.6.5 or greater, then the update process will probably go through – although you may encounter a few issues. I would encourage you to make sure all of your themes, extensions, and addons are up-to-date before attempting an update. Again make sure you have plenty of disk space for the update process and backing up your script before performing the update is never bad idea.

From what I have read, Joomla! versions 3.6.5 and greater have very few issues with the update process, but issues are known to pop up.

A version less than 3.6.5
If you are using a Joomla! version less than 3.6.5, then chances are the update process won’t work. Depending on how far you are from Joomla! 3.6.5, you might be able to wiggle your way into an update, but it requires a lot of work and just depends on each individual case.

If you find yourself using an extremely old version of Joomla! we would really recommend that you delete that script and start your website over with a fresh, up-to-date version of Joomla! (or another CMS) and keeping the script up-to-date from now on.

If you encounter any issues with the update process, again we are going to refer you to the Joomla! Community Forum at:

http://forum.joomla.org

If you have any other questions about the Joomla! update process, we would recommend that you discuss it on their forums.

Joomla! is a very powerful and very popular Content Management System used on many websites. However updating Joomla! and keeping it up to date is often very difficult. We know this, but unfortunately we don’t have many answers.

Why should I update my Joomla! script?
You’re kind of between a rock and a hard place when it comes to weighing the virtues of updating your Joomla! script and leaving it out of date. Joomla! is a heavily targeted CMS for exploits and abuse – this means that if you don’t keep your Joomla! script up to date the chances of your web hosting account being hacked and used for abuse goes up. However, on the flip side, attempting an update of your Joomla! site increases the chances that your website will break due to the update process. So you really are between a rock and a hard place.

Unfortunately for us, we believe security trumps everything else, so it’s really wise to keep your scripts – including Joomla! – up to date. So failing to keep your Joomla! script up to date can lead to security issues on your account and can lead to the suspension of your account. While we do recognize just how finicky Joomla! is about it’s update process, we really just can’t stand by while outdated Joomla! scripts are compromised and used for abuse.

How can I increase my odds of a successful Joomla! update process?
Keeping your Joomla! script up to date will help alleviate some of the strain in the Joomla! update process. For example, Joomla! 3.8.4 was just released this week. If you are using Joomla! 3.8.3 then the update process to Joomla! 3.8.4 is much, much more likely to go through successfully compared to a Joomla! 3.6.1 to Joomla! 3.8.4 update. Any Joomla! 3.8 script is more likely to have a successful Joomla! 3.8.4 update process compared to any previous versions.

The further down you are updating from, the less likely the update process will go through successfully. In fact, if you are using anything less than Joomla! 3.6.5 then the chances of a successful update go down rather substantially. If you are not even using Joomla! 3.x.x then an update isn’t even possible.

If you are attempting an update of your Joomla! script and you are not using any where close to a latest version of Joomla! then we highly suggest that you reach out to the Joomla! Community Forums at:

https://forum.joomla.org

because they are much more aware of what steps need to be taken before attempting an update that can help for a smooth and successful update.

(Just a note – at the time of this post – January 31, 2018 – the latest version of Joomla! was Joomla! 3.8.4)

Why are Joomla! updates so difficult?
This is a good question, and we encourage you to ask and participate in discussions involving this at the Joomla! Community Forums

https://forum.joomla.org

The Joomla! developers will tell you that more times than not issues related to Joomla! updates stem from the various components, themes, extensions, and plugins that end users have installed on their Joomla! site – and they’re probably not wrong. There are a ton – an uncountable number – of various Joomla! themes, extension, plugins and addons that can be added to Joomla! to extend it’s use. It is impossible for the Joomla! developers to stay in tuned with all of these addons to know how they will react to certain updates. A lot of those addons are either poorly written or were abandoned many, many years ago and are no longer receiving any updates or attention from their respective developers.

We would encourage you to keep your Joomla! addons to a minimum – this helps to alleviate potential conflicts with update processes.

We also encourage you to use well written and reputable addons on your Joomla! site. The higher the reputation is with the developer of an addon (theme, extension, plugin, etc) then the higher the chances are that the developer has released an update for the latest version of Joomla! and will be there to help you should you have any problems.

All Joomla! addons are written based on the Joomla! framework. When that framework changes between major Joomla! versions, this has an adverse affect on how those addons operate within the Joomla! update process.

This all points back to using well written and reputable addons. If you are using an addon that hasn’t been updated in years, then chances are it’s abandoned and it will cause issues during the Joomla! update process. If you have other concerns about any addons, we really recommend that you discuss all of this with the people at the Joomla! Community Forums:

https://forum.joomla.org

Can I continue to use my outdated version of Joomla! on my site?
I suppose the best answer to this is both Yes and No.

The answer is No because using an outdated version of Joomla! on your site is a security issue. If you continue to use an outdated version of Joomla! your web hosting account will get hacked, compromised, and used for abuse. It is not a matter of IF but a matter of WHEN. And when that does happen, we will have no choice but to suspend your web hosting account and you will basically have to start your website over from scratch.

So while the answer might be Yes that you can continue to use your outdated version of Joomla! you should really realize that you are running it on borrowed time. It is only a matter of time before it will be taken down.

If you have concerns over why you should update your Joomla! site or the update process in general, again we really want to point you to the Joomla! Community Forums:

https://forum.joomla.org

Tell them that you don’t like the Joomla! updates breaking your site. Or the fact that you have to keep your Joomla! site up to date to prevent hackings, compromises, and abuse. Voicing your concerns with the Joomla! developers and communities is the only way changes are going to be made to this process.

In the US, the FCC is waging a war against Net Neutrality. On December 14th, the FCC is going to vote on how to classify Internet Service, which can lead to an end to Net Neutrality.

What is Net Neutrality?
Basically Net Neutrality is a set of rules that says Internet Service Providers (ISPs) can’t purposefully give one connection more priority over another connection. In layman’s terms it means that ISPs can’t intentionally throttle a connection to NetFlix while not throttling a connection to DirecTV Now.

What does this mean for you?
As more and more users “cut the cord” with their television viewing habits, a lot of people are replacing that with subscriptions to various video streaming services – NetFlix, Amazon Video, Hulu, Sling TV, DirecTV Now, Playstation Vue, etc. This is all due to the high carriage fees that TV providers have to pay in order to show content from your favorite TV networks. But those fees are never made public, so it’s entirely possible for TV providers to increase prices during these carriage disputes and pocket some of the profit.

A lot of the Internet Service Providers in the US are also TV Providers. When users cut the cord and don’t pay for TV from these providers, those providers lose some money that they would otherwise profit from.

If Net Neutrality is voted down on December 14th, then it may become possible for Internet Service Providers to slow down access to services like NetFlix, Amazon Video, Sling TV, etc. And if users can’t stream video from these video services, they would be forced to either pay more for an Internet package that allows for streaming or go back to subscribing to TV from their Internet Service Provider so that the TV provider can get more profit.

Bottom Line: Voting out Net Neutrality is a win for TV and Internet Service Providers and a loss for consumers. Unless those TV and Internet Service Providers turn that extra money consumers are paying them into better infrastructure and extending their coverage areas. But will they do that? Not a lot in the history of TV and Internet Service Providers says they will.

What does all of this mean for the web hosting industry?
The short answer is, we don’t know. It probably won’t affect connections to our hosting services very much. There’s just no real reason for ISPs to block or throttle connections to regular websites. Their main concern is going to be the various streaming services out there. But, without Net Neutrality rules in place – ISPs will have the opportunity to throttle connections to certain servers that host websites. If a website is extremely popular, ISPs could decide to cash in on that opportunity and charge consumers extra for the ability to access those popular websites. This would be a strict money grab, but without Net Neutrality rules in place, it would not be illegal.

How can you help?
You are encouraged to contact your congressional representatives and tell them that you want Net Neutrality rules to remain. If elected officials feel the heat from their constituents that they may not be re-elected if Net Neutrality ends, then more of those elected officials will start listening.

You can help by going to:

https://www.battleforthenet.com/breaktheinternet

and seeing all of the ways you can help.

These is also more information at:

https://www.savetheinternet.com

We have seen a growing number of web hosting accounts being hacked and when investigating and tracking down the reasons for the hacks, we are finding most of those accounts are hacked through weak admin passwords on their website CMSs (WordPress, Joomla!, Drupal, etc).

One thing you should understand, if you are using a weak admin password for anything tied to your web hosting account then you share some of the blame for it’s hacking. That may seem harsh to say that, but it is the truth. Being an administrator of your web hosting account you are responsible for practicing good security on your web hosting account. Sure, it sucks that there are malicious users and hackers out there taking advantage of your web hosting account – but there is also some level of responsibility on you for allowing a weak password to be used.

How do I choose a secure password?

A good password will use a combination of upper and lower case letters, numbers, and non-alphanumeric characters. I like to use the Password Strength meter at

http://www.passwordmeter.com

to determine how strong a password might be. I generally aim for something above 80% and the closer you can get to 100% the better.

I also encourage the user of local password managers. I’m less thrilled by online password managers, because if those get hacked, then all of the passwords you have stored there could then potentially be hacked as well. I like the portable version of KeePass. The portable version allows you to run it from a USB thumb drive – this way the database is not installed on your local computer. If you have a password manager installed on your local computer, and your local computer gets infected with malware, a virus, or a keylogger then the information stored in the installed password manager could potentially be compromised.

Putting a password manager – like KeePass – on a USB thumb drive and keeping it near your computer insures that your passwords are safe from any malware infections you might have on your local computer, and also available to be used whenever you need it.

To download the portable version of KeePass, see:

https://keepass.info/download.html

Instructions for setting up the portable version of KeePass is at:

https://keepass.info/help/v2/setup.html#portable

Why do hackers hack into my site?

The simple answer is because they can. You might think that you have a small web site that doesn’t really garner a lot of attention. But if you are using a weak password, outdated script/plugin, or otherwise have something in place that would allow malicious users to take advantage of your web hosting account – you’d better bet that they will eventually.

Commonly hackers and malicious users will hack into a web hosting account to setup phishing sites, send out spam, SEO Spamming, or Search Engine Poisoning.

• Phishing sites have to do with creating a look-a-like mirror of a popular with the intent of tricking visitors to disclose personal information about their real account at these popular websites. A NetFlix phishing scam recently went through this cycle, hackers had to have a place to host the NetFlix look-a-like site. They do this by hacking and exploiting other smaller websites.

• Spamming pertains to the sending of unsolicited messages. We’ve all received spam messages and we all know what spam messages look like. Most of those messages are sent out because someone allowed their web hosting account to become compromised.

• SEO Spamming or Search Engine Optimization spamming has to do with building a network of links to raise the search engine rankings of one website. That website can then monetize this popularity with ads.

• Search Engine Poisoning is similar to SEO Spamming but has to do with poisoning the content that search engine crawlers see when they crawl your website. This can have the effect of associating your website with various pharmaceuticals, gambling, or other shady businesses.

How do I keep my web hosting account safe?

• Keep your scripts, plugins, themes, components, etc. all up to date. When an update is released by it’s developers that update is not automatically applied to your installed version. You will need to update it. Sometimes this is simple, sometimes it is not. But not doing the update is dangerous to the well being of your web hosting account.

• Use reputable scripts, plugins, themes, and components. Stick to popular and well maintained scripts. When looking at plugins, themes, and addon components check to see when it was last updated. The further back this is, the less reputable this plugin is. Check to see how many active installations the plugin is said to have, the more the better. Check the plugins overall rating, the higher the rating, the better. A plugin that was last updated 3 years ago, has less than 1000 active installations, and 3 or fewer stars is probably not reputable and probably something to avoid.

• Use strong and secure passwords. The weaker a password is, the easier it is for hackers and malicious users to guess the password and log into your account. If your website is important to you, then you will want to insure that you are using strong and secure passwords.