Joomla critical security bug disclosed. Every website affected

Joomla 3.4.6 has just been released to fix a critical security flaw. Here’s what to to do.

Even school kid can hack you now


With Joomla 3.4.6 released now everyone can easily look at the changes and hack outdates websites. We have analyzed it ourselves and must admit that unless you update you can be hacked very easily. That is why updating is so critical.

Every Joomla website affected

This bug affects all Joomla websites, as it has been in the core since Joomla 1.5. If you run:

  • Joomla 3.X  update to Joomla 3.4.6
  • Joomla 2.5.28 (or older) which hit end of live and is not supported anymore you shall install this patch today & upgrade to Joomla 3.4.6 sooner than later
  • Joomla 1.5.26 (or older) which hit end of live and is not supported anymore you shall install this patch today & upgrade to Joomla 3.4.6 sooner than later

Course of action

Here’s our recommend work flow:

  1. Backup a website
  2. Verify if backup is complete on the other server
  3. Prepare test scenarios or screens for visual comparison
  4. Update / upgrade to Joomla 3.4.6
  5. Update extensions to newest versions (if required)
  6. Perform test or a visual comparison

Try our automated update platform

We used to manage websites ourselves and we know what a struggle it is to update all websites at once. Especially, when it is a second Joomla security update in 3 weeks. That is why, we have developed an automated update platform to help with updating all websites at once. It automates not only the update itself, but also do backup with integrity test and performs automatic website test, pointing out potential errors. A few weeks ago we have called it Perfect Dashboard and made it available for general public. Try it yourself for free, if you want to ease the pain of updating.

I wish you a lot of patience. We both know you will need it.