Website security is not a one-time task, but an ongoing process. The latest critical vulnerability in the JCE Editor for Joomla has shown how quickly cyberattacks can spread across the internet and how important an immediate response is.
As soon as the vulnerability was disclosed, MyDreams.cz launched an extraordinary security operation focused on all Joomla websites we have built, manage, or service over the years. In total, we inspected nearly 3,000 websites.
Immediate response to a critical threat
The JCE Editor vulnerability represented one of the most serious security flaws in the Joomla ecosystem in recent years. It allowed attackers to abuse the editor profile import mechanism and subsequently upload their own files to the server, including malicious PHP code.
Almost immediately after the security warning was published, automated attacks from all over the world began searching for vulnerable Joomla installations. During the following days, our servers recorded an average of more than 600 intrusion attempts per minute. The attacks came from thousands of IP addresses located around the world, with the sole aim of finding websites running an outdated JCE Editor.
For every hacker, this vulnerability represented an extremely attractive opportunity. Once it was disclosed, the first automated exploits and scanning tools began appearing within hours.
Updates for newer Joomla websites
For all modern websites built on Joomla 5 and Joomla 6, we carried out:
- an update of the Joomla CMS to the latest available version,
- an update of the JCE Editor to a secure version,
- an update of RSFirewall,
- a system integrity check,
- additional security checks of the server environment.
Thanks to centralized management and modern architecture, most of these interventions could be performed very quickly and without affecting website operation.
Solutions for older Joomla installations
A significant number of managed websites are also older Joomla installations running versions 1.5, 2.5, 3, and 4, which often can no longer be fully updated due to technological limitations, outdated extensions, or client requirements.
Even in these cases, we did everything technically possible:
- updated available components and plugins,
- updated the server environment wherever possible,
- removed the vulnerable JCE Editor,
- replaced JCE with the safer TinyMCE Editor,
- applied additional security measures at the server level.
This significantly reduced the risk of exploitation even for historical websites that can no longer be migrated to the latest Joomla version.
Only 185 compromised websites out of nearly 3,000
Although this was an exceptionally widespread and actively exploited vulnerability, the impact was minimized thanks to the rapid response of our team.
Out of nearly 3,000 inspected websites, only 185 installations were compromised. In most cases, these were older websites that had been exposed to attacks before the security measures could be applied.
For all compromised websites, we subsequently performed:
- a complete analysis of the compromise,
- removal of malicious code,
- inspection of all files and databases,
- closure of the exploited security gaps,
- additional system hardening.
All identified compromised websites have now been cleaned and secured.
The biggest advantage? Long-term Joomla website support
Many companies can build a website. The real value, however, becomes clear when a security incident occurs.
Warranty and post-warranty Joomla website support are among the greatest strengths of MyDreams.cz. Our work does not end when a website goes live. We continuously monitor new security threats, update systems, track attacks, and intervene before serious damage can occur.
The latest JCE Editor incident was a clear example of why professional website administration matters. Thanks to the experience of our team, fast coordination, and long-established processes, we managed to protect thousands of websites from mass compromise.
Security never sleeps
Cyberattacks are now fully automated. The moment a new vulnerability is disclosed, attackers begin scanning the internet within minutes, looking for their first victims.
The latest wave of attacks against the JCE Editor showed that even a single outdated extension can put an entire website at risk. That is why we recommend that all Joomla website operators regularly update their CMS, extensions, and server environment, and do not underestimate continuous security monitoring.
If you are unsure about the current state of your Joomla website, our team will be happy to help you with a security audit, updates, and long-term administration. This way, you will be prepared for the next security threats the internet may bring in the future.