mySites.guru
Protecting Joomla sites since 2012

Think Your Joomla
Site Has Been
Hacked?

Something feels wrong — unexpected redirects, Google flagging your site, your host suspending your account. Run a free file-level scan and find out exactly what is hiding in your Joomla installation.

Scan Your Joomla Site Now →
No credit card Joomla 3, 4, 5 & 6 supported Results in minutes

80,000+

sites protected

Since 2012

Joomla-native expertise

1,000,000+

site audits completed

Warning signs your Joomla site has been compromised

Most Joomla hacks are invisible to the site owner. The attackers want access, not visibility. Here is what they actually leave behind.

Backdoor Files in /components/ or /modules/

Attackers drop PHP shells and file uploaders into extension directories. They look like legitimate extension files but give remote access to your entire server.

Modified index.php or configuration.php

Core files that should never change. If index.php has been altered, there is almost certainly injected redirect code or malware loading on every page view.

Rewritten or Appended .htaccess

Attackers modify .htaccess to silently redirect mobile visitors or Googlebot to pharma spam sites while showing your real site to desktop users.

Unauthorised Extensions Installed

Malicious actors install rogue components or plugins with admin access. These persist across restores if you do not check the extension list before recovery.

SEO Spam & Hidden Links

Japanese keyword attacks, pharma hacks, and hidden link farms injected into your templates or database. Your rankings drop while Google indexes thousands of spam pages.

Obfuscated PHP in Template Files

Base64-encoded blobs and eval() chains buried inside your active template. Nearly invisible to manual inspection, but our scanner flags them immediately.

Joomla-native since day one

Born from the Joomla Health Checker in 2012

mySites.guru did not start out as a generic security tool that later added "Joomla support". It started inside the Joomla community as the Joomla Health Checker — a tool built specifically to inspect Joomla file structures, understand extension layouts, and detect the attack patterns that target Joomla specifically.

Fourteen years and over a million audits later, that Joomla-specific knowledge is baked into every scan. We know which files should exist in a fresh Joomla 3.10 install versus 4.4 versus 5.2. We know the attack patterns that target Joomla's component system. We've seen every variant of the Joomla-specific backdoors, template injections, and database-level compromises that have emerged since 2012.

No other platform has that depth of Joomla-specific threat data. When we scan your site, we are not running generic pattern matches — we are applying over a decade of Joomla-focused security research.

2012

Launched as the Joomla Health Checker inside the Joomla community

2015

Expanded to multi-site management as mySites.guru, adding WordPress support

2018

Passed 500,000 audits completed across WordPress and Joomla sites

2022

Added Joomla 4 support on day one of Joomla 4's stable release

2024

Full Joomla 5 support. Over 1,000,000 audits completed

Not a surface scan — every file, every directory

Most free security checkers visit your homepage and look for obvious warning signs. That catches almost nothing. Here is how we actually find Joomla hacks.

Direct server-side access

We connect to your Joomla site through a lightweight connector extension — not by crawling URLs. That means we see files your visitors and search engines never see: deactivated extensions, files in subdirectories, and anything buried outside your web root.

12 years of Joomla-specific threat data

Our threat database has been built exclusively around real Joomla hacks since 2012. We know the specific obfuscation patterns, file naming conventions, and injection points that Joomla-targeting attackers use — not just generic PHP malware signatures.

File integrity checking against Joomla core

We maintain clean checksums for every Joomla core version. Any modification to a core file — even a single character — is flagged immediately. This catches the subtlest backdoors that blend into legitimate-looking code.

Heuristic analysis for zero-day threats

Signature matching catches known threats. Heuristic analysis catches new variants. We look for structural patterns in PHP code that indicate malicious intent — eval chains, base64 blobs, dynamic function calls — even if the specific code has never been seen before.

What the scan checks

  • All files in /components/, /modules/, /plugins/, /templates/
  • Joomla core files compared against known-clean versions
  • .htaccess and .htpasswd files in all directories
  • configuration.php and any configuration backup files
  • All uploaded files in /images/ and /media/
  • PHP files anywhere in the webspace — including above web root
  • Database-level content for hidden links and injections
  • Admin user list for unauthorised accounts
  • Installed extension list for rogue components

How it works

1

Connect your Joomla site

Register for free and install the mySites.guru connector extension on your Joomla site. It takes about two minutes. No configuration required.

2

We scan every file

Our engine takes a complete snapshot of your entire webspace — every PHP file, every template, every uploaded asset — and runs it against 12 years of Joomla-specific threat data.

3

Investigate and fix

Your results appear in the dashboard with full details on every flagged file. Use 60+ diagnostic tools to investigate, understand, and remove anything malicious.

Scan Your Joomla Site Now →

Free to start. No credit card required.

The longer a hack goes undetected, the worse the damage

A backdoor file sitting quietly in your /components/com_users/ directory is not causing visible damage right now. That is the point. Attackers want long-term access, not immediate attention.

But every day that access persists is another day they can use your server to send spam, host phishing pages, inject links into your content, and accumulate Google penalties that take months to reverse. By the time the damage is visible, the cleanup cost is ten times higher.

Email blacklisting

Your server gets used to send thousands of spam emails. Your IP ends up on every major blacklist. Legitimate emails stop being delivered.

Google Search penalties

Google detects the spam content, flags your site as dangerous, and removes pages from the index. Recovering lost rankings takes months of clean-up work.

Customer data exposure

If your Joomla site handles user accounts, orders, or contact forms, a persistent backdoor means that data is accessible to the attacker indefinitely.

Hosting suspension

Shared hosting providers monitor for malicious activity. When they find it, they suspend the account first and ask questions later. Your site goes offline with no warning.

Common questions

Does this work with Joomla 3, 4, 5, and 6?
Yes — Joomla 3.x, 4.x, 5.x, and 6.x are all fully supported. Our connector plugin installs without any changes to your configuration. The scan engine understands the file structure of each version and knows exactly which core files should exist and which should not.
How long does the scan take?
Setup takes about two minutes. Once connected, the first scan typically completes within a few minutes. Larger Joomla sites with many extensions and a large media library may take a little longer, but the scan runs in the background — you do not need to wait around.
What happens if the scan finds a hack?
You get a full breakdown in the dashboard: which files were flagged, what was found in each file, and how severe the issue is. You can view the suspect content directly, compare files against known-clean versions, and use the 60+ diagnostic tools to investigate further. We show you exactly what is wrong — what you do next is your call, though our documentation covers common remediation steps.
Is the scan really free?
Yes. The first scan and full access to the dashboard and all 60+ tools is completely free. No credit card required, no time limit on the trial. If you want to set up automated daily scanning and ongoing monitoring across multiple sites, paid plans start from £19.99/month.
Will the scan affect my live site?
No. The connector plugin reads files — it does not modify anything on your server. Your visitors will not notice any difference during or after the scan. The plugin is deliberately lightweight and designed to have zero impact on site performance.

More ways mySites.guru protects your sites

WordPress Site Hacked?

Free security scan for compromised WordPress sites

Malware Scanner

Deep file-level malware scanning for WordPress

Vulnerability Scanner

Automatic CVE alerts for plugins and themes

Bulk Updates

Update all plugins across every site at once

Manage Multiple Sites

One dashboard for all your WordPress sites

Find out what is hiding in your Joomla site

We have been scanning Joomla sites since 2012. Your scan takes about two minutes to set up, and it is completely free.

Scan Your Joomla Site Now →
No credit card Joomla 3, 4, 5 & 6 Protecting Joomla since 2012

Out of your depth? Need Help?

Phil Taylor

The Original Joomla Expert – Since 2004

Found issues with your Joomla or WordPress site? Get same-day expert help fixing errors, security issues, and performance problems. Flat-rate pricing, no hourly billing surprises.

  • ● Fix hacked or compromised sites
  • ● Resolve PHP errors & White Screen of Death
  • ● System upgrades & PHP 8 compatibility
  • ● Performance optimization & hosting issues
  • ● £120 flat rate per incident
Get Expert Help TODAY! →

If we can't add value, you don't pay • Same-day turnaround

20+ Years – Fixing Websites

Need Help Addressing Health Check Issues?

Phil Taylor has been fixing Joomla sites since 2004. If it were simple, you would have done it yourself by now. Get professional help from someone who's seen it all.

  • 20+ years of Joomla & PHP expertise
  • Same-day turnaround on most issues
  • No charge if we can't add value or fix the problem