Talk to your sites, and patch the JCE Editor for Joomla again

Two things have happened since the last newsletter. First, JCE shipped three releases in a week. 2.9.99.4 patched two authenticated flaws, the emergency 2.9.99.5 closed an unauthenticated file upload, then 2.9.99.6 followed days later as a hardening release after a full audit of the editor. If you run Joomla, get every site to 2.9.99.6.

Second, the part I have wanted to ship for a long time. Your account now has a secure API and an MCP connector that works with Claude, ChatGPT and any other MCP client. You can run audits, backups and updates across every WordPress and Joomla site from your own scripts, or just by typing what you want in plain English. There is also AI malware analysis built into the audit, so you can hand a flagged file to Claude or GPT and get a verdict in seconds.

All guides are free to read on the blog

Your account now has a secure API

The Agency API lets your own scripts, dashboards and cron jobs talk to your account directly. List sites, read audits and backups, and trigger audits, backups, snapshots and extension updates across your whole estate from code. It runs on OAuth2 with PKCE, every token is scoped to your own sites, and it is the same engine the MCP connector uses. If you would rather type in plain English than write code, that connector gives you the same reach from Claude, ChatGPT or any other MCP client, with no plugin to install on each site.

Patch now

JCE 2.9.99.6 hardens Joomla's most-installed editor

This is the third JCE release in a week, after 2.9.99.4 and the emergency 2.9.99.5. For this one the developer spent four days auditing JCE end to end, narrowing entry points and tightening input validation. There is no new CVE, but it is strongly recommended for every site. Whichever version you patched to last week, update again to 2.9.99.6 now. The extension search finds every site below the current version in seconds, and the mass updater pushes the fix to all of them in one batch.

AI control, malware analysis and a faster Joomla routine

Need help with your site? Phil Taylor – Fixing websites since 2004

Found something wrong with your Joomla or WordPress site? If it were simple, you'd have fixed it already. I offer same-day expert help at a flat rate of £120 per incident. No hourly billing surprises.

If I can't add value, you don't pay