Skip to main content
mySites.guru

JCE Profiles Hack · CVE-2026-48907 (26th June):Things have cooled down, but we are still seeing waves of attacks and breaches on Joomla sites. Check your site today with mySites.guru.

Best Practice for Joomla & WordPress Sites

Best Practice for Joomla & WordPress Sites

Every check in the mySites.guru Snapshot and Audit - well over 100 of them - has a “Learn More” page explaining what the check looks for, why it matters, and what to do about it.

Not everyone will agree with every recommendation we make, and that’s fine. Each check exists for a reason, most of it based on years of involvement with the Joomla project (and more recently WordPress).

Each “Learn More” page includes most of the following:

  • Our Recommendation
  • How the audit checks this setting
  • Background Information
  • A tool to investigate, or an explanation of why no tool is available
  • Further Reading
  • Get Expert Assistance

To make this concrete, the rest of this post walks through one check: “Logs/tmp Folder Locations Should Exist At Default Locations” for Joomla sites.

WordPress-specific checks include things like debug constants and admin bar logo removal, each with a one-click toggle. Joomla-specific checks work the same way - for example, the new Enable Joomla 6.1 module versioning check flips save_history on across every connected 6.1 site in a click.

This check is in the snapshot, and looks like this:

Screenshot of mySites.guru feature

You can click on the Learn More link to get to that page.

The recommendation

This block states what we consider the correct best practice, with context explaining why.

Screenshot of mySites.guru featureExample “Our Recommendation” block on the Learn More page

How the audit checks this

This block explains, in technical and non-technical language how the mySites.guru snapshot/audit process gets its data for this check.

Screenshot of mySites.guru feature

Background information

This block includes any additional background context worth knowing about the issue.

Screenshot of mySites.guru feature

Further Reading

Links to relevant documentation, official Joomla or WordPress resources, or third-party guidance. Where licensing prevents us from reproducing content directly, we link out instead.

Tools

Usually a direct link to the Investigate Tool, or back to the Snapshot/Audit tabs if this check has a toggle.

Get Expert Assistance

If you need help fixing an issue, we offer fixed-fee paid consultancy to resolve problems identified in a snapshot or audit. Full details and request form at fix.mysites.guru.

Frequently Asked Questions

What information is on a mySites.guru 'Learn More' page?
Each page includes a best practice recommendation, an explanation of how the check works, background information, links to further reading, and a link to request expert assistance.
How many checks does the mySites.guru snapshot and audit cover?
The snapshot and audit together cover well over 100 individual checks, each with its own dedicated Learn More page.
What if I can't fix an issue identified in the audit myself?
mySites.guru offers fixed-fee paid consultancy through fix.mysites.guru to resolve any issues found in a snapshot or audit.

More from the blog

Quick Snapshot of All Your Sites

Quick Snapshot of All Your Sites

The mySites.guru snapshot runs 140+ best-practice checks - PHP version, CMS config, security headers, SSL and more - twice a day on every connected site.

Hacked Yesterday, Exploited Today: Why One Cleanup Is Never the End

Hacked Yesterday, Exploited Today: Why One Cleanup Is Never the End

The first hack plants a dormant dropper. The real damage comes in the second wave, days or weeks later. Here is why monitoring beats one-shot cleanup.

AcyMailing Vulnerability Also Affects Joomla Sites

AcyMailing Vulnerability Also Affects Joomla Sites

CVE-2026-3614 is listed as a WordPress bug. We diffed the 10.8.1 and 10.8.2 source and the same vulnerable code ships to Joomla sites too.

What our users say

Csapó Krisztina
Csapó Krisztina
★★★★★

I love it. I also appreciate the new filter for 100% certain hacked/Suspect content too, and that now I can compare all sites at once based on these filters. The white listed label next to certain files is helpful, too. These improvements save lots of time and nerve (especially when I see 188 potentially hacked files). Thanks Phil, you make the world a better place for me.

Read more reviews
Jet de Jager
Jet de JagerBiographix

Phil's attention to continually improve website management / security is on a different level.

Read more reviews

Read all 213 reviews →

Ready to Take Control?

Start with a free site audit. No credit card required.

Get Your Free Site Audit