Shape 5

Hi I recently got hacked on one of my sites - not a Shape 5 template though.

Having researched all my security business, I have been advised to update everything from Joomla, to components, modules, plugins, and templates.  I know you update templates sometimes, but I don't know how to find out this information.

I would gladly sign up to an email update on templates that I've used, or any other suggestion would be good.  I basically intend to update all my templates to the latest versions from here on in.

Anything you can do to assist me with this would be great.

Eoin

Hello,

Templates really aren't security risks because they don't interact with the core joomla framework, they simply stylize. The updates that we do are usually just simply css updates which we post in the template's forum board at the top if there are any.

Ah ok, but templates aren't simply CSS files.  They do usually have PHP within them right?  Hence I would suggest that there is a possibility of Joomla being updated and the templates not meeting security standards.  I can imagine a situation where a few years ago a template allowed PHP Injections or something similar to that.

I could be wrong, it was just that was what I had been told.  The website I read it on said that older joomla templates were often vulnerabilities.

Hello,

The only php in a template is to check for modules being published and to create layouts. They aren't php calls that would modify files, or connect to databases, etc. Those are the type of functions that cause security risk. Simply echos that create a layout or not security risks.

Hello, it might be helpful to note there is a published list of extensions and modules with known security risks on the Joomla site.

rgrds