Here is the scoop:
There are many viruses out there that are designed to find a back door to your site. This means any unprotected hole that they can use to creep into your site. These back doors are facilitated by unprotected sites, outdated sites, or sites with third-party extensions that are also outdated. They might not be even in use and forgotten in the extensions folders. it doesn't matter. If they haven't been updated, they might be the highway to the site.
Because I am a Joomla developer, I will concentrate on Joomla only.
Joomla is very good about identifying these holes and releasing security updates on a regular basis. It is imperative that they are done as soon as they are released. Don't wait to give the hackers time to get into your site. The same with extensions. Check to see if there are new versions of the plugins, modules and components in your site. If an extension hasn't been updated in a long time, contact us to find an alternative. Don't think it won't happen to you. It will. Joomla has makes it very easy to update. You get a message in the backend of the site letting you know when there are updates ready whether they are for joomla or third-party extensions. It can't get any easier. (There are a few extensions that have not complied with the built-in auto update. But they are all getting on board.)
In the last few months there have been quite a few viruses that have brought down millions of Wordpress and Joomla sites. All these sites had the same thing in common: old Joomla version or old third party extensions. The sites were either killed right off, or, worse, no one knew they were infected but all the traffic from the site was being diverted to another site, such as the Pharma Viruses. Others sit quietly and capture the information of anyone who fills out any forms in your site. There is even a recent attack to a well-known company with an image virus. The site was hacked with a social media icon. When people visited the site, the icon then infected the visitor's browsers and computers. Not a pretty thing.
What to do:
1. Keep Joomla up to date. Update it as soon as the program tells you there is a new version. They come out as soon as there is a security breach identified.
2. Do the same for third-party extensions. Some use the Joomla update system to announce their update version, but some don't. Make sure you find the latest and install it. If this is too much, we are glad to offer a maintenance package for your site.
3. Get Sitelock or comparable hosting software to protect your site from attacks.
4. Get automatic backup. If your site gets hacked, it takes about 20 minutes to kill the hacked version and replace it with a backup from a few days prior.
5. Contact us if your site gets hacked. It might require our help.
If you want to be impressed, click here to see the latest lists at the Norton's site. This is a list of the latest viruses out there. It is updated all day long as new threats appear.
NOTE: Since publishing this post, Google requires all the sites to have Secure Socket Layer (SSL) to protect it. It scrambles the data sent through the Internet and it is unscrambled at the other end.