Joomla regularly releases security updates. To keep your site from getting hacked, it is very important to keep your site updated with the latest security release.
The following procedure explains how to install the security updates.
- The ability to extract a .tar.gz file on your web server. Most web hosts provide you a file manager with a function for extracting .zip, .tar, .gz, or .tar.gz files.
- The ability to upload files to your web server. Most web hosts provide a file manager with a function for uploading files. You can also use FTP to upload the security patch
- The ability to make a complete backup of your site. I recommend Akeeba Backup, a Joomla extension that allows you to make a complete backup of your site including all files and the Joomla database.
Important: It is possible that a Joomla security update could break one or more of the Joomla extensions you have installed. I have performed dozens of Joomla security updates on dozens of Joomla sites, and I have never had a problem with the update. But it’s best to be prepared.
To install a Joomla security update
- Make a complete backup of your Joomla website. I recommend Akeeba Backup, a Joomla extension for creating complete backups of your Joomla website.
- Download the security update from the following url:
You need to get a specific security package based on the version of Joomla on your site. For example, if your site is using Joomla 1.5.12 and you want to upgrade to Joomla 1.5.20, get the package:
Joomla_1.5.12_to_1.5.20-Stable-Patch_Package.tar.gzImportant: Make sure you get the .tar.gz package. If you get the .zip package, the extraction process will not overwrite duplicate files on the server.
- Upload the .tar.gz update package to the web space folder on your server. This directory is often called www, or public_html, or htdocs. If you are not sure, check with your web host.You can use FTP or your web host File Manager to upload the file.
- Extract the update package in your web space folder.Use your web host File Manager to extract the package.Important: If you do not have the ability to extract the package on your server, you can extract the package on your local computer and then upload the files to the web space folder. The problem with this method is that the updates often contain hundreds of files and this method can take a long time. Furthermore, there is more chance that a file will get corrupted in the upload process. The best method is to upload the .tar.gz package as a whole and then extract it on the server.
- After the files are extracted, log into your Joomla Administration screen and verify that Joomla has been updated to the latest version. You can find the version number in the top-right corner of the Joomla Admin screen.
- If the version number does not change to the update number, it means the patch did not get uploaded and extracted correctly. It’s possible you uploaded the patch to the wrong directory or that you extracted a zip file on the server and the duplicate files were not overwritten.
- If the upgrade process breaks your site, you can restore it with the complete backup you made.