Third-party site Extensions

It is essential that you take a moment after updating the core to check if your extensions are up to date, and update them if a newer version is available.

Often newer versions address not only bugs but security as well. You can do this by showing in the components, modules and mambots installer pages, which display a URL to the homepage of the authors, or by checking on

Extensions Security Warning Center

A large number of Joomla! extensions have come under the scrutiny of hackers and vulnerabilities exposed within them. To that end a new Security Forum for 3rd Party Extensions has been created:

Also a new official list of 3rd Party Extensions with known Vulnerabilities has been created to assist the community.

You are strongly advised to subscribe to the list (or visit it regularly) to ensure you are kept up-to-date on security vulnerabilities in 3rd Party extensions.

Extension Developers

All extension developers are strongly urged to read the new Developer Security Guide to ensure they are matching best/industry practices in how to code securely for Joomla! - put together by Development Working Group Member friesengeist:

They are also urged to monitor the new Security Forum for 3rd Party Extensions, to ensure that keep track of new security threat reports.

Developers are also highly advised to track the development progress of Project Joomla! via the Developer Blogs, which are the primary method that the Official Joomla! Developers communicate with the external Development community.