Protection against a critical Joomla < 3.4.6 security bug

The authors of the Joomla software announced today that every version of Joomla below 3.4.6 has a critical security bug that allows “hackers” to take over a site.

The bug was in use by hackers for two days before the Joomla authors patched it, and we found several Joomla customer sites that had been modified as a result. We’ve restored backups of those sites and notified those customers directly, but we recommend that all Joomla users change their password to be safe, even if we didn’t notify you of a problem.

The best solution for Joomla users is to update to version 3.4.6 immediately. However, we also added a rule to our servers this morning to block any more attacks until our customers can update. The rule should ensure that if you use our hosting service, and your site hasn’t already been modified, hackers won’t be able to take advantage of this bug.