An important consideration in using any of the amazing 'free' open source platforms for web site creation is keeping the software up to date.
Why?
Great software is always being tweaked and improved. Sometimes that is because new features are being added! [Woo-woo new free stuff!!] However, sometimes it is because a security flaw that was previously unknown has been discovered, and so the developers release a 'patch' that has to be applied to the software to 'fix' the security problem. So, an install of eg 'Wordpress' that was fine yesterday, has now become vulnerable to attack. It's not that anything in the software has changed, but users and hackers have discovered that the software has a flaw. Sometimes those flaws are like leaving the front door of your house wide open for anyone to get in and deface, change, misuse, or hijack in any way they can.
Another factor is any 3rd party extras that you may have installed, as these extensions or plugins can also suffer the same fate - ie it's not just the core of Wordpress or Joomla, but also any extras that have been installed.
What we recommend for anyone who uses a CMS is that they check their site's software for updates at least monthly. Thankfully both Joomla and Wordpress will usually alert you to updates if you log into the main control panel of the software. ie there is a prompt that says that there are updates available. So when you see one of these prompts, you should act on it immediately. Joomla and Wordpress also have very active user communities, and so it is a good idea to subscribe to any mailing lists or forums that may alert you when scary vulnerabilities are discovered. This is a link to Joomla's update history, and this is Wordpress's.
As we host loads of websites, we know that the most common cause of a website being hacked, is that the software that website uses has become out of date. So, regularly check and update your software! :-) - as prevention is much easier than fixing a hacked website.
Updating
Make sure you have a backup of the current site before performing any updates! Let us emphasise that again: Make sure you have a backup before performing any updates! :-)
However, a backup is only as good as being able to 'go back' to the older version if needed. For this reason, we recommend you use Softaculous to help manage your CMS. Softaculous is provided in our hosting accounts, and is also provided by many other hosts who offer "Cpanel". With softaculous, you can take a quick backup of just the site, storing it temporarily, whilst you perform any software updates your site may need. Maybe keep the backup for a week, just in case - but you don't want to keep too many, or the backups might consume all your disk space. On this, make sure you have enough disk space available in your hosting account before creating a backup in softaculous. A good guideline is that you have about 50% of your account space 'free' - although it might be that much of your disk space is used in email storage.
Here's a short video we prepared showing the use of Softaculous for a backup that can easily be restored.
Service
We offer a service for all Joomla sites where we look after all the updates etc for you. Please order here.
We know that for many people, backups and updates can look daunting, so for just $125 per annum we can monitor your Joomla site. This includes a once a month audit of the site - checking files for potential hack signatures, and applying updates available; plus a pro-active update whenever we know an update has been released. For our many Wordpress friends, we can't offer this service, sorry. We really are Joomla experts :-) However, if you have a Wordpress need, our good friend Michael - a wordpress guru will be happy to advise or quote.