Rhye Media Rhye Media Rhye Media Rhye Media
  • Home
  • Services
    • Website Design
    • Website Maintenance
    • Joomla Websites
    • WordPress Websites
    • Website Packages
    • Design
    • Wordpress Blog Design
  • About
    • Owner Profile
    • Mission Statement
    • Client Feedback
    • History
    • What's in a name
    • Portfolio
    • Our Clients
  • News
  • Hosting
    • Hosting Packages
    • Our Data Centre
    • SLA Terms
    • Hosting Terms
    • Domain Registration
  • Contact Us
  1. Home
  2. News

News at Rhye Media

Critical Cyber Security Alert: Why Website Maintenance and Backups Matter

Details
Rhye Media logo
17 July 2026

Critical alert warning of a large-scale cyber exploitation

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) has issued a critical alert warning of a large-scale cyber exploitation campaign targeting websites built using popular Content Management Systems (CMS).

View Full Article Here >

The campaign is targeting vulnerabilities in CMS software and plugins, with many Australian businesses already impacted.

The alert specifically identifies a number of affected systems and plugins, including WordPress, Joomla, Craft CMS, MaxSite CMS, MetInfo CMS and others. In the case of Joomla, the JCE editor is among the software identified in the current campaign.

The ACSC is warning that attackers are actively scanning websites for vulnerabilities that can allow them to upload malicious files and install hidden backdoors known as "webshells".

Once installed, these webshells can give attackers remote access to a website's server.

What can happen if a website is compromised?

A compromised website can be used for a number of malicious purposes, including:

  • Making unauthorised changes to the website
  • Redirecting visitors to malicious or inappropriate websites
  • Stealing login credentials or other information
  • Uploading additional malware
  • Using the compromised website as a pathway to attack other systems

For website owners, the visible signs may be obvious—such as a defaced website or visitors being redirected elsewhere.

However, a compromise can also remain hidden. A website may continue to look perfectly normal while malicious files are quietly being used in the background.

This is why regular website maintenance matters

A Content Management System such as Joomla or WordPress is not a single piece of software. A typical website may include the CMS itself, a template or theme, plugins, components, modules and other extensions.

Each of these can potentially contain security vulnerabilities.

As vulnerabilities are discovered, developers release updates and security patches. However, those updates only protect a website once they have actually been installed.

This is why keeping a website up to date is one of the most important parts of website security.

My Website maintenance service includes regular reviews of the CMS, templates and extensions used on a website. Outdated components can be updated or, where necessary, replaced with more suitable alternatives.

Regular maintenance also provides an opportunity to identify unused or outdated software that may no longer be supported and should be removed.

Website security requires more than just updating software

While keeping software up to date is essential, no website can ever be guaranteed to be 100% secure.

Hackers are constantly searching for vulnerabilities, and new security issues are discovered regularly. There is also always a period between a vulnerability being discovered, a patch being released and the patch being applied to every affected website.

For this reason, website security should be approached in layers.

Depending on the hosting environment and website configuration, additional security measures can include:

  • Server-level protection against brute-force login attempts
  • Blocking suspicious IP addresses
  • Website firewalls
  • Restricting access to administration areas
  • Monitoring server and website activity
  • Limiting unauthorised file uploads
  • Regular software updates
  • Regular backups
  • Monitoring for unexpected file changes

The ACSC's current advice also highlights the importance of monitoring file creation on internet-facing websites. I am currently investigating additional file monitoring systems that can provide an alert whenever new files are added or existing files are changed.

This type of monitoring can generate alerts during legitimate website maintenance, but it also provides another layer of protection by allowing unexpected changes to be identified and investigated quickly.

Backups are your safety net

Despite the best preventative measures, no website can be guaranteed to be immune from attack.

This is where reliable backups become extremely important.

If a website is compromised, a clean backup can allow it to be restored to a known-good state rather than attempting to manually identify and remove every malicious change.

The ACSC specifically recommends restoring a compromised website from a recent, known-good backup where there are indications that the website has been compromised.

However, a backup is only useful if:

  • It actually exists
  • It is recent enough to be useful
  • It can be restored successfully
  • It has not also been compromised

This is why I recommend storing backups separately from the live website and regularly checking that the backup process is working correctly.

I have previously written more about this in Why Website Backups Are Important.

The frequency of backups can also be adjusted depending on how often a website changes. Some websites may only require monthly backups, while others may benefit from fortnightly, weekly or daily backups.

Keeping your CMS current

Another important consideration is the age of the CMS itself.

Older versions of website software can eventually reach the end of their supported life, meaning they may no longer receive security updates.

For Joomla website owners, I have also written about updating to Joomla 6 and the importance of keeping your CMS current rather than allowing a website to remain on an unsupported version indefinitely.

The same principle applies to WordPress and other CMS platforms.

What should website owners do?

If you manage a website built using Joomla, WordPress or another CMS, you should:

  1. Check that the CMS is running a current supported version.
  2. Check that all plugins, components and extensions are up to date.
  3. Remove unused or unsupported software.
  4. Check for unexpected files or changes.
  5. Review administrator accounts and access.
  6. Check that regular backups are being completed.
  7. Confirm that backups can actually be restored if required.
  8. Review your website's security and monitoring arrangements.

If someone else manages your website, contact them ASAP and ask them to confirm that these checks have been completed.

There is no substitute for ongoing maintenance

A website is not something that can simply be built and then forgotten.

The software that powers it continues to change. New vulnerabilities are discovered, security patches are released and attackers continue to search for outdated websites and vulnerable plugins.

Regular maintenance, reliable backups and layered security measures cannot guarantee that a website will never be compromised—but they can significantly reduce the risk and, just as importantly, reduce the time and cost involved in recovering if something does go wrong.

The current ACSC alert is another reminder that website security is not a one-off task. It is an ongoing process.

If you are unsure whether your website is being regularly maintained, backed up and monitored, contact Rhye Media to discuss your current setup.

Next article: Who Decides What You Read? Next

Acknowledgement of Traditional Owners

Rhye Media operates on the lands of the Wadawurrung people and we wish to acknowledge them as Traditional Owners. We would also like to pay our respects to their Elders, past and present.

Upwork

 

DesignRush

Copyright © 2026 Rhye Media - Digital Design Specialists. All Rights Reserved. Designed by JoomlArt.com. Joomla! is Free Software released under the GNU General Public License.