FREE Joomla extensions to protect your website from online security threats. Don’t get hacked!

We all put a lot of time and efforts in designing, developing a website. However, we often forget or don’t consider securing Website. For me, security is first!

Joomla is second infected website platform according to the latest report by SUCURI.


There are two ways you can protect websites from online threats.

  1. Cloud (hosted outside of your website) – It’s always good to have cloud-based security providers like My Joomla, Cloud Flare, SiteGuarding, Incapsula or SUCURI. They protect your website from their network edge and block the malicious requests coming to your web server/hosting.
  2. Plugins/Configuration (On your server/website) – protect your website by the extensions which you install within your Joomla. Let’s take a look at the following extensions.


1. R Antispam

R Antispam is to prevent spamming for forums (Kunena, NinjaBoard, and ccBoard). R Antispam use the Bayesian algorithm and works better with Akismet.

Once installed, you can go to System >> Global Configuration >> R-Antispam and configure the way you want. 


2. Centrora Security

Centrora Security has built-in malware and security scanner that helps you to identify any security risks, malicious codes, spam, virus, SQL injection and security vulnerabilities.

This package is modified from OSE Firewall Security. You can do following in FREE version.

  • MD5 hash scanner
  • Modified file scanner
  • Vulnerabilities scanner
  • File permissions scanner
  • Brute force protection
  • Two-factor authentication
  • Check malicious user agent
  • Check basic SQL injection
  • Backup
  • and much more….


3. Brute Force Stop

Brute Force Stop helps you to prevent hacking from brute force attack. It stores details about failed login attempts so you can review it and take necessary action. You can configure notification about failed login and blocked IP addresses.

4. Incapsula

Incapsula for Joomla let you manage security & CDN from your Joomla admin. So if you are looking for performance with security, then this would be your interest. Incapsula helps you in many ways including following:

  • Instant virtual security patching
  • Unique bot detection technology to reduce spam, fake registration
  • Detect vulnerabilities
  • Improve website performance by caching and optimization mechanism
  • Advanced analytics

Setting up with Incapsula takes around 5 minutes so go ahead and try yourself to see how it works for you.


KeyCAPTCHA helps you to stop forms being spammed. It offers visitors to complete an easy interactive task.

6. AntiCopy

AntiCopy helps you to restrict web page printing, copy page contents, disable right click, highlight and copy functions using javascript. Protect your contents by using this plugin.

7. Antivirus Website Protection

Antivirus Website Protection by SiteGuarding is to prevent/detect and remove malicious viruses and suspicious codes. It helps you to detect backdoors, Trojans horses, worms, adware, spyware, etc.


It sounds like a good deal in FREE.

8. Security Check

Security Check web firewall helps in protecting for more than 90 attack types including SQLi, LFI, XSS, Session protection.


It’s perfect single component to provide Login protection, Access & Site security.

9. Akeeba Backup

Akeeba Backup is one of the most popular extensions and has won the prestigious Administrator extension J.O.S.C.A.R. Award at J and Beyond 2010.  It helps you with one click backup; exclude specific files/folders, restore, etc. Backup is essential for security.

10. kSecure

kSecure is my favorite tiny plugin which adds the additional layer of security to Joomla administrator.

By default, Joomla admin is accessible as that means anyone can open the admin console page and try the brute force attacks.

It’s recommended to hide the /administrator by adding the extra key which kSecure let you do that.

Ex: you can configure your admin console to be accessible only from

Much better, Isn’t it?

11. SecurityCheck

SecurityCheck is security suite which let you manage entire Joomla extensions centrally and offer the following protections. It supports IPv6.

  • Web Application Firewall – protection from more than 90 types of vulnerability attacks including SQL, LFI, XSS, etc.
  • Default page redirection if attack is detected
  • Session protection
  • Vulnerability scanner
  • .Htaccess protection
  • File manager

12. Clef

Clef is a fantastic way to replace the traditional user and password and use your mobile phone as a credential. Once Clef is implemented, you just need to wave your phone in front of the login screen, and you are in. It’s magic!

I hope the above free Joomla extensions helps you to protect from security vulnerabilities and common online threats

Reader Interactions


  1. As any open source application Joomla is subjected to all sorts of hacking attacks. This is why it is important to take all possible measures to protect your Joomla site and improve its security.
    You can use the following Joomla extensions for improving the security of your Joomla website :-
    Akeeba Admin Tools


  2. Thanks for sharing this article with us. Its really helpful and useful for us. I also would like to add some more Joomla security extensions that you can add to your list are Adminexile, Securitycheck . These extensions are also very useful for Joomla websites. Securitycheck help protecting the website from SQL injection attacks, LFI and XSS attacks.


Your email address will not be published. Required fields are marked *