If your hosting provider deleted a long-running Joomla site after an account lapse, a recent full backup can usually be used to restore the site. This guide walks beginners through the immediate steps to preserve recovery options, how to inspect a backup safely, how to test a restore locally, how to perform a manual restore on a new host (using cPanel/phpMyAdmin), how to fix common errors, temporary hardening for Joomla 3.x, and planning the move to Joomla 4.
Before making production changes, verify the platform and version details against the official Joomla documentation and your host's support resources.
Immediate steps to take right now (before attempting restore)
When you discover the live site is gone, act carefully to preserve data and recovery options.
Quick instant checklist
Do not panic and do not overwrite or upload anything to the original live server.
Download the backup archive to at least two safe locations (local disk + cloud storage).
Record backup details: filename, size, date stamp, and any visible version hints (for example, a file named with “joomla3” or date).
Take screenshots of any control-panel messages or account deletion notices from the host.
Contact the old host immediately and ask whether they can provide server snapshots, file archives and a database dump for the account (be specific about dates and filenames).
Change passwords for any control-panel or FTP accounts you still control and document what you have before opening archives.
Practical examples
Example: Save a copy of the backup to your desktop and to Google Drive before extracting. Then, email the host a short, specific request for server backups (see the sample request later in this article).
Warnings
Do not upload the backup archive to the live host before verifying its contents — doing so could overwrite data or trigger security filters.
Avoid running installers on a live server until you confirm compatibility with the backup contents.
How to inspect the backup file — what to look for
Before restoring anything, confirm the backup is complete and safe to import.
What files should be inside a typical Joomla full backup
configuration.php — critical (contains DB connection info and site settings).
SQL dump — file with .sql or .sql.gz extension (your database export).
Site folders: administrator, components, modules, plugins, templates, images, media, tmp, etc.
Optional: a README, list of installed extensions, or separate third-party installers.
How to list and inspect archive contents safely
On a computer you control, list the archive without extracting it: for example, unzip -l backup.zip or tar -tf backup.tar.gz will show contents.
On Windows, use 7-Zip or WinRAR to view contents before extraction.
Open the SQL dump in a text editor to check the header for table prefixes, database names, and any comments indicating Joomla version — but do not execute it yet.
Technical warnings
Do not import an SQL file into a live database until you have inspected it for DROP/DELETE commands or other suspicious content.
Backups from unknown sources can contain malicious code. Scan files locally with antivirus or malware scanners before uploading to any server.
Option A: Ask the old host for backups and recovery options
Hosts often retain snapshots or backups for a window after account deletion. Ask specifically and politely for what you need.
What to ask the host (sample requests)
Request a full file archive of /home/username/public_html (or the path they used) for a specific date.
Request a MySQL dump for the site database, compressed as a .gz file if possible.
Ask whether they can restore the site to a temporary location so you can copy files, or provide FTP/HTTP download links for provided snapshots.
Sample short request (use your own words):
"Hello—my account for example@your production domain was recently deleted. Could you provide any available server snapshots or backups for the domain your production domain dated around YYYY-MM-DD? Specifically, we need the public_html files and a MySQL database export. Please let me know what you can provide and how to download it. Thank you."
Warnings and notes
Hosts may charge for out-of-policy restores or may refuse; treat this as one recovery avenue and pursue local/manual restore options in parallel.
Don't rely solely on the host — keep your own off-site backups in the future.
Option B: Restore locally for testing (recommended first step)
Restoring the backup to a local environment helps you test and fix issues without affecting production systems.
Setting up a local server and restoring the backup
Install a local stack such as XAMPP (Windows/Mac), MAMP (Mac), Local by Flywheel, or use Docker with PHP and MariaDB containers.
Choose a PHP version close to the original environment (Joomla 3.10 commonly ran on PHP 7.x — verify this against official Joomla docs for exact compatibility before making production decisions).
Create a local database and user (via phpMyAdmin or CLI).
Extract the backup into your local webroot (for example, C:/xampp/htdocs/site).
Import the SQL dump into the local database (phpMyAdmin 'Import' or mysql -u user -p dbname < backup.sql).
Edit configuration.php to use the local DB credentials and local paths.
Visit the site at http://localhost/site to check for errors and missing assets.
Practical examples
XAMPP example: install XAMPP, start Apache and MySQL, open phpMyAdmin, create a database named 'site_db', import the SQL file, copy files to C:/xampp/htdocs/site, update configuration.php with local DB details, then open http://localhost/site.
Warnings
PHP extensions required by some third-party extensions might not be enabled locally — enable them before testing.
A local environment may not match production path, mail, or cron behavior; use it primarily for functional debugging.
Manual restore on a new hosting account (step-by-step)
This section shows a safe manual restore workflow using cPanel and phpMyAdmin for hosts that block older installer versions.
Create database and import SQL
In cPanel, open MySQL Databases and create a database (for example, site_db).
Create a database user and assign it to the database with All Privileges.
Open phpMyAdmin and import the SQL dump. For large files, use the host's large import tool, upload by SSH and import with the CLI, or split the file into smaller chunks.
Confirm the tables were imported and note the table prefix (for example, jos_ or custom prefixes).
Upload files and edit configuration.php
Upload the backup archive to the site's document root (often public_html) using cPanel File Manager or FTP and extract it there.
Open configuration.php and update the database fields (user, password, db, host) and any path variables such as $log_path and $tmp_path. Also check $live_site if present.
If configuration.php is missing, do not attempt to recreate it by guesswork — consider doing a clean Joomla install in a separate folder and carefully migrating settings, or ask a specialist.
Permissions, ownership and security settings
Start with directories set to 755 and files to 644. Do not set directories to 777 — this is insecure.
Ensure /logs and /tmp are writable by the web server; if you see permission errors, contact the host for correct ownership settings.
Remove any leftover /install directories and check your .htaccess file.
Test the site
Try the frontend and the admin login. If you encounter errors, proceed to the troubleshooting section below.
Warnings
Do not set permissions to 777. Incorrect permissions can expose your site to attacks.
Hosts use different ownership models (suPHP, FPM); if you experience permission problems, ask the host for their recommended ownership and permissions.
Common restore problems and how to fix them
These are frequent problems after a restore and practical ways to address them.
Database connection errors
Open configuration.php and verify $host, $user, $password, and $db match the database you created.
Check the table prefix in configuration.php ($dbprefix) and ensure it matches the imported tables in phpMyAdmin.
If the import failed, re-import and note errors in phpMyAdmin to guide fixes.
White Screen of Death (WSOD) or fatal PHP errors
Enable temporary error reporting for debugging (on a non-production environment) and check server error logs for PHP fatal errors.
Verify the PHP version and required extensions. Some old extensions may not work on newer PHP releases; if possible, switch to a compatible PHP version in cPanel temporarily.
If a third-party extension causes a fatal error, disable it by renaming its folder under /plugins or /modules to force Joomla to ignore it.
Missing media or broken links
Confirm /images and /media folders exist and contain files. Check permissions if images do not appear.
Search templates and extensions for hard-coded paths if links are broken and adjust paths or update configuration.
Admin login issues
Clear browser cookies and try logging in again.
If you must reset an admin password in the database, do not run SQL snippets copied from random sources — have a verified SQL snippet or use a tested recovery procedure. The exact SQL for resetting an admin password should be verified against Joomla 3.10 documentation and is listed in the article's verification checklist.
Technical warnings
Only enable verbose error reporting in a safe environment and revert it on a live site after debugging.
Always back up the database before running direct SQL statements. Editing the DB directly can break the site if done incorrectly.
Running an end-of-life Joomla 3.x site — risks and temporary mitigations
Joomla 3.10 and other 3.x releases may be at or near end-of-life. Running them carries increased security risk. Use these short-term mitigations while you plan an upgrade.
Short-term hardening checklist
Restrict access to /administrator by IP (use host IP restrictions or careful .htaccess rules). Be cautious: IP restrictions can lock you out if your IP changes.
Use strong, unique passwords for admin users and enable two-factor authentication (2FA) if available and compatible.
Install a Web Application Firewall (WAF) or enable host-provided WAF rules.
Remove unused extensions and templates, and update extensions that still receive updates.
Ensure HTTPS is enabled and force redirect to HTTPS site-wide.
Schedule frequent backups and monitor logs for suspicious activity.
Warnings
IP restriction rules in .htaccess can lock you out; always have an alternate access method or host console before enabling them.
Some hardening steps can interfere with necessary integrations (APIs, payment gateways). Test in staging if possible.
Upgrading strategy: move from Joomla 3.10 to Joomla 4 (high-level plan)
After your site is restored and stabilized, plan a careful migration to Joomla 4. Do not perform a production upgrade without testing in staging.
Compatibility checklist before upgrading
Create an inventory of installed extensions, plugins and templates and mark each as "compatible", "update available", or "no upgrade path".
Restore the Joomla 3.10 site to a staging environment and update all extensions to their latest 3.10-compatible versions before attempting the migration.
Check templates and custom code; many templates and custom overrides will require updates for Joomla 4.
Follow the official Joomla upgrade/migration guide and test the full site functionality in staging (forms, logins, payment flows, email, APIs).
Practical migration example (high level)
Restore backup to staging and verify the site works on a supported PHP version for Joomla 3.10.
Update extensions and fix issues discovered in staging.
Follow Joomla's documented upgrade path to move staging from 3.10 to 4.x and test carefully.
When staging is stable, schedule a production migration with full backups and a rollback plan.
Warnings
Upgrading major versions can break templates and custom code; ensure you have backups and a rollback plan.
Some third-party extensions may not have Joomla 4 versions; plan replacements where needed.
Checklist and next steps after a successful restore
After you restore the site, run these checks and start planning longer-term work.
30-minute, 24-hour, 7-day post-restore checklist
30 minutes: Verify homepage loads, login to admin, check server error logs for immediate fatal errors.
24 hours: Test forms, email delivery, payment flows (if applicable), and set up uptime monitoring.
7 days: Run security scans, review search indexing and analytics, and begin planning the Joomla 4 migration.
Key tasks
Install an SSL certificate and force HTTPS site-wide.
Set up automated backups (files + DB) with off-site storage and test restoring those backups periodically.
Enable logging and monitor logs for unusual activity for at least 72 hours after the restore.
Warnings
Don't declare the site fully restored until critical functionality (forms, payments, logins) is tested.
Monitor for performance regressions after a restore — caching and environment differences can affect speed.
Resources and where to get help
Use official documentation and trusted providers for technical procedures you are unsure about.
Recommended resources
Official Joomla documentation for system requirements, configuration.php reference, and migration guides — verify specific steps there before production changes.
cPanel and phpMyAdmin documentation for file and database operations on your host.
Reputable Joomla service providers or developers for complex recoveries, database corruption, or migrations.
When to hire a Joomla specialist
Hire a specialist if the database is corrupted, tables are missing, or the site shows signs of compromise.
If multiple extensions and the template require significant updates or rewrites for Joomla 4, a developer experienced in migrations can save time and reduce risk.
Safety tips when hiring
Vet contractors by asking for references and examples of prior Joomla restore/migration work.
Avoid giving full admin credentials to unvetted parties — use temporary accounts or supervise access where possible.
FAQ
Can I restore a Joomla 3.10 backup onto a site running Joomla 4?
No. Directly restoring a Joomla 3.10 backup into a Joomla 4 install is not advisable. Instead, restore the 3.10 backup into a separate Joomla 3 environment, test and update extensions and templates, and then follow the official Joomla 3.10 → 4 upgrade path on a staging copy before migrating production.
My host won't let me install older Joomla versions with Softaculous — what can I do?
Perform a manual restore: upload files, create a new database, import the SQL dump, and edit configuration.php. Alternatively, restore locally with XAMPP/Docker and then migrate to a new host. If the host refuses to cooperate, consider moving to a hosting provider that allows manual installs or ask the host to restore their snapshot for you.
How do I know if my backup is complete or missing important files?
Inspect the archive without extracting: look for configuration.php, an SQL dump, and Joomla folders such as /administrator, /components, and /templates. If critical items are missing, contact the host for a snapshot or search other backups (developer machines, older exports).
What should I do if the SQL import is too large for phpMyAdmin?
Split the SQL file or use the host's large-file import tool, import via SSH with the mysql CLI, or import locally using a higher-limit environment and then export a smaller, workable dump.
Is it safe to run Joomla 3.10 temporarily after restoring?
Running Joomla 3.10 temporarily can be acceptable with strict mitigations: restrict administrator access, apply all possible extension updates, install a WAF, use HTTPS, and monitor closely. Plan an upgrade to Joomla 4 as a longer-term solution.
Conclusion
A working Joomla 3.10 backup can usually be restored if you follow a cautious, step-by-step approach: preserve copies, inspect the archive, test locally, perform a manual restore on a new host (files + DB + configuration.php), resolve common errors, harden the site temporarily, and then plan the migration to Joomla 4. When in doubt, request snapshots from your host and consider engaging an experienced Joomla professional for complex or security-sensitive recoveries.
Always verify version and configuration details against official Joomla documentation before making production changes.
The Joomla message “Update not possible because the offered update has expired” can be alarming, but in many cases it is temporary and harmless. This guide explains what the message usually means, safe immediate checks you can perform, how to prepare backups and staging tests, and how to proceed if you need to update manually. Follow the step-by-step advice below and verify any technical commands or UI paths against official Joomla documentation for your Joomla version before making changes to production sites.
Quick summary: what this error means and the usual outcome
This is a short, practical summary so you know whether to act immediately or simply wait.
One-line explanation for beginners
The update system on your Joomla site received an "offer" from an update server that included an expiry indicator or validity window; when your site checks later that offer may no longer appear valid, so Joomla reports the offer as expired. Often this is a timing or caching issue rather than a local site failure.
What to do right now (in one sentence)
Take a backup, then either wait a short while for the offer to refresh or perform the low-risk checks below.
Practical example
If your site is non-critical (a personal blog), wait 1–2 hours and check the Update page again. If your site is business-critical (an online shop) take a full backup immediately and follow the low-risk checks; consider cloning to staging for any manual updates.
Warnings
Do not attempt file-based manual updates on production without a tested backup and, preferably, a staging environment.
Avoid applying unverified packages from third-party sources.
Why the 'offered update has expired' message appears (high-level)
Understanding the typical causes helps you decide whether to wait or act.
What 'offered update' refers to (update servers and packages)
An "offer" is metadata sent by an update server describing an available update: version number, package URL, and sometimes timestamps or digital signatures. If that metadata includes a limited validity window or if the metadata on the server is updated/rotated, a site may see the offer as expired until the update servers refresh or caches are cleared.
Temporary vs permanent causes
Temporary causes: timing windows, server maintenance, propagation delays, or cache staleness on Joomla, the host, or CDNs.
Permanent causes: a recalled update or removed package — this is rarer and usually accompanied by official notices.
Host-side and CDN caching effects
Host or CDN caching layers can serve stale update metadata to your site. Clearing the Joomla update cache may help, but host-level caches or firewalls might still block a fresh request — in that case contact your hosting provider.
Practical example
Joomla.org publishes update metadata; if the metadata is reissued or has a short validity timestamp, some sites might briefly report the offer as expired until servers and caches propagate the new metadata.
Technical caution
Details about update metadata, timestamps, and signatures can differ by Joomla version and update server configuration. Verify specifics against official Joomla documentation before assuming the exact mechanism for your version.
Immediate, safe checks for beginners
These non-destructive checks give you information without risking the site.
How to backup quickly (files + database)
Use a backup extension such as Akeeba Backup to create a full archive (recommended for beginners).
Alternatively, download site files via FTP or a control-panel file manager and export the database with phpMyAdmin.
Verify the backup by checking file sizes and that the database export completes without errors.
Clearing the Joomla Update Cache (admin steps)
Clearing the update cache is a low-risk action that often refreshes available update offers. The Extension Manager or Update component in Joomla has a cache-clearing option; the exact menu labels may vary by Joomla version—verify the path on your site before proceeding.
Log into Joomla administrator.
Open the Extensions or Update area (Extensions → Manage → Update is commonly used; verify for your version).
Find and run the option to clear the update cache, then use the 'Find Updates' or equivalent button to refresh the list.
Where to check release notes and announcements
Check official Joomla release pages and announcements to confirm whether an update was withdrawn or reissued. For critical sites, subscribe to official channels and release notes so you can act promptly when a security update is published.
Warnings
Backups are essential before any admin operations that touch core or extension files.
Clearing caches is usually safe but confirm the admin menu path for your version to avoid accidental changes.
Actions you can take right now (no-risk & low-risk)
Steps prioritized by risk so you can choose what to do next.
No-risk steps (recommended first)
Create a full backup (files and database).
Record the exact error message and timestamp.
Wait 1–2 hours and recheck the Update page—often the offer will reappear.
Check Joomla.org announcements and hosting status pages for known issues.
Low-risk steps (perform after backup)
Clear the Joomla update cache and re-run 'Find Updates' (verify the button labels on your Joomla version).
Use the Extension Manager's Discover or Find tools if an extension update is involved.
When to consider moving to a staging site
If your site is business-critical or the update is a security patch, clone the site to staging, perform the manual update there, and test thoroughly. Only apply the same process on production after successful staging tests.
Practical example
Decision example: For a hobby site, waiting is fine. For an ecommerce site with a security patch, take a backup immediately and perform an update on staging first, then schedule production downtime for the update.
Warnings
Do not skip staging tests for major version upgrades or when third-party extensions are involved.
Manual installs can overwrite files; confirm backup integrity first.
Manual update methods and when to use them
If waiting and low-risk checks don't resolve the issue and the update is urgent, the manual methods below are options. Always test on staging first.
Manual package install via Extension Installer (step-by-step)
Download the official update package from the Joomla release page on Joomla.org.
In Joomla admin go to the Extension Installer area (Extensions → Manage → Install or the equivalent on your version) and upload the package file.
Run the installer, then check the backend login, frontend pages, and system logs.
Clear site caches and verify third-party extensions are functioning.
If problems occur, restore from the backup (files + DB) made before the update.
Using the Joomla CLI to update (if available)
Some Joomla deployments support command-line tools for maintenance, which can be useful for large sites or scripted workflows. CLI update commands and availability depend on your Joomla version and server setup. Verify exact command syntax and support in official Joomla documentation before using CLI on production.
When not to use file-based replacements
Avoid copying core files manually unless directed by official guidance. Replacing files manually risks missing database updates or leaving mixed file sets that break the site.
Practical examples
Manual install example: Download the minor/patch zip from the official downloads page, install via Extension Installer, then verify the site.
CLI example (conceptual): If your Joomla version supports a documented 'update' CLI command, run it on staging with SSH access—do not run unverified CLI commands on production without confirmation.
Warnings
Manual package installs can fail if PHP upload limits or file permissions prevent installation—check hosting limits first.
Using CLI or Composer without experience can break dependency-managed sites.
How to monitor the update status and retry safely
A simple monitoring plan helps you avoid unnecessary or risky repeated actions.
Practical monitoring checklist
Record the original message, time observed, Joomla and extension versions, and server environment.
After clearing the update cache, note the action time and recheck the Update page at set intervals (for example: 15–30 minutes, 1 hour, then several hourly checks up to 48 hours depending on urgency).
Subscribe to Joomla.org announcement channels or RSS feeds if you manage critical sites.
When to retry manual steps
Retry cache clearing and 'Find Updates' once after 15–30 minutes and again after an hour. If, after repeated tries over 24–48 hours, the update still does not appear and the update is important, perform a manual update on a staging clone.
Practical example log
Sample log entry: 10:05 — saw expired offer message; 10:10 — created backup; 10:15 — cleared update cache; 10:45 — rechecked (no change); 12:30 — rechecked (no change); 24-hour check — no official notices; plan: clone to staging and test manual update.
Warnings
Avoid running frequent automated update attempts that could trigger rate-limiting on update servers.
Keep a clear record of actions to avoid repeating risky steps unnecessarily.
Troubleshooting common obstacles
If waiting and simple checks don't fix the problem, the following diagnostics can identify the cause.
Checking logs and error messages
Inspect Joomla System Logs (Logs or System → System Information depending on version) and your server's PHP error log for timestamps when the update check ran.
Look for HTTP errors (timeouts, 403, 404) when Joomla attempts to fetch update metadata.
Host and firewall checks
Confirm your host allows outbound HTTPS connections to Joomla update servers; provide timestamps and log excerpts to support staff.
Ask your host to check ModSecurity or WAF logs for blocks that could interfere with update discovery.
Extension compatibility checks
Third-party extensions that alter the Extension Manager or update flow can interfere. Test by disabling non-essential extensions on a staging clone to see if update discovery behaves differently.
Practical troubleshooting example
If logs show repeated HTTP 403 when contacting updates.joomla.org, contact your host with the exact timestamps and log lines so they can identify and resolve an outbound block.
Warnings
Do not disable security extensions on production—use staging to test disabling components.
When asking hosts for help, provide clear logs and timestamps to speed diagnosis.
Backup and rollback checklist before attempting updates
Use this copyable checklist before any update activity to ensure you can recover if things go wrong.
Backup steps (quick commands and tools)
Use Akeeba Backup: run a full backup from the Joomla admin and download the archive to your local machine.
Manual backup alternative: zip the webroot via control panel or FTP and export the database using phpMyAdmin or a command like mysqldump (verify command suitability for your hosting environment before use).
Store backups off-server when possible (local drive or external storage).
Rollback steps
Restore files and database from the backup (do both to avoid version mismatches).
Clear caches and verify the frontend and admin login work.
If only an extension update failed, consider reinstalling the previous extension package from your backups.
Warnings
Database and file restores must be performed together to prevent inconsistencies.
Confirm backups restore correctly on a staging clone before relying on them for production rollback.
When to wait, when to act, and when to get help
Decision guidance to choose the appropriate path based on site risk and urgency.
Decision factors to consider
Site traffic and business impact: higher impact sites require faster action.
Type of update: security updates need faster response than visual or minor fixes.
Availability of staging and recent backups: without them act more cautiously.
How to contact the right support
Host support: for server-level connectivity, permission, or firewall issues—provide logs and timestamps.
Joomla professionals or community: for code-level, CLI, or complex dependency problems—provide clear notes and backups.
Practical example
For a security patch affecting an online store: backup, clone to staging, apply and test the update on staging (including transactions), then schedule a short maintenance window to update production.
Warnings
Do not publicly post detailed error logs; share them only with trusted support staff.
If hiring support, share secure access details and backups through agreed secure channels.
Short checklist: safe steps to resolve the issue
Copyable checklist you can use immediately or paste into a support ticket.
Copyable checklist
1) Record the exact error message and timestamp.
2) Create a full backup (files + database) and store it off-server.
3) Clear Joomla update cache in the admin.
4) Re-run 'Find Updates' or the equivalent.
5) Check Joomla.org release notes/announcements.
6) If the update is urgent, clone the site to staging and perform a manual update there first.
7) If blocked by host-level issues (HTTP errors, firewall), contact your host with logs and timestamps; if the issue is beyond your comfort, contact a Joomla professional.
Warnings
Always ensure backups are verified before attempting manual installs or file-level changes.
FAQ
Why does Joomla say 'offered update has expired' and should I panic?
Typically, it is a temporary timing or cache issue with the update server and not an immediate emergency. Back up the site, check official Joomla announcements, and try the low-risk checks such as clearing the update cache and re-running update discovery.
How long should I wait for the update to become available again?
For most situations wait a few hours. Recheck hourly for the first 1–2 hours, then every few hours or daily depending on urgency. For critical security updates, escalate to staging/manual update after a short wait and a backup.
Can I safely force the update myself?
You can manually install an official update package via the Extension Installer after taking a full backup and testing on staging. Avoid file-level manual replacements unless you have experience and a tested rollback plan.
Does clearing the Joomla update cache always fix this?
Clearing the update cache often helps by removing stale offers, but it depends on the root cause. Host or CDN caches and server-side issues can still prevent the update from appearing.
Should I contact my host or Joomla.org support?
Contact your host if logs show blocked requests or host-level caching/firewalls may be interfering. Contact Joomla community channels after you have checked official announcements and collected logs and timestamps for troubleshooting.
What should I include when asking for help?
Include Joomla version, PHP and database versions, the exact error message and timestamp, steps already taken (backups, cache cleared), and relevant log snippets to help support diagnose the problem quickly.
Conclusion
The "offered update has expired" message is commonly temporary and resolved by servers and caches refreshing. Start with non-destructive checks: back up your site, clear the update cache, and monitor the Update screen. For urgent or security-related updates, clone to staging and perform manual updates after testing. If you see host-level errors or repeated failures, provide clear logs and timestamps to your hosting provider or a Joomla professional. Verify any Joomla-specific instructions against the official Joomla documentation before applying them to production systems.
Discovering a long-running Joomla site has been deleted by a host is stressful, but recovery is often possible. This guide gives a clear, step-by-step workflow for beginners: gather what you have, ask the host for server backups, inspect your archive, restore into a safe environment (local or staging), perform a manual or Akeeba-based restore, troubleshoot common issues, and plan an upgrade to Joomla 4. Read the warnings and checklists carefully — making changes without preparation can make recovery harder.
Overview: common scenario and recovery options
This section explains why hosts and auto-installers sometimes block older Joomla versions and summarizes your main recovery paths so you can choose the right approach.
Typical scenario and recovery choices
Host removed site files and database because the account expired or was not renewed.
Softaculous or similar installers may refuse to install older Joomla versions on new accounts (host policies vary).
Main recovery options:
Ask the host for server-side backups or a snapshot.
Manually restore files and database to a new hosting account or local environment.
Use Akeeba Backup (if your archive is an Akeeba package) and Kickstart to restore.
Hire a Joomla professional if the site is complex or recovery attempts are failing.
Why Softaculous or hosts may block older Joomla installs
Many hosts limit automated installation of end-of-life (EOL) CMS versions to reduce security exposure on their shared platforms. This is a policy decision by the host and not an absolute technical block to manual restoration.
Which recovery option fits your situation
Choose based on what you actually have:
If the host can provide a snapshot: ask them to restore to a staging area or give you downloadable files.
If you have a full backup (site files + SQL dump): manual restore or Akeeba restore are realistic.
If you have only files or only database: additional steps are required to recreate the missing part.
Trade-offs: restoring locally or on staging is safer and allows debugging. Restoring live is faster but riskier. When in doubt, test first on staging.
Verification note: confirm your host’s backup retention policy and whether installer blocking is policy-based before proceeding.
Step 1 — Stay calm and gather what you have
Before attempting any restore, collect every piece of data and every credential you can. Work from a checklist so you do not miss anything important.
What to gather
Backup archive file(s) (ZIP, TAR.GZ, .jpa/.jps for Akeeba).
Database dump (dump.sql, database.sql, .sql.gz) if present.
Any copy of configuration.php from the original site.
FTP/SFTP credentials, control panel (cPanel/Plesk) credentials, and domain/DNS access.
Joomla administrator username (or create a plan if lost).
Notes on original server: PHP versions available, MySQL/MariaDB versions, OS, web server type (Apache/nginx).
SQL file(s) — often named dump.sql or database.sql or compressed as .gz
Akeeba archives usually end with .jpa or .jps and may include kickstart.php or a notice that the archive was made by Akeeba.
Practical examples
Example file list for a full backup: configuration.php, index.php, administrator/index.php, components/com_content, templates/your-template, dump.sql.
Warning: do not modify the original backup archive. Work from a copy to avoid corrupting the only valid source.
Verification note: check whether the SQL dump uses any non-default collations or contains custom routines; document this for the DB restore step.
Step 2 — Ask the host: request server backups and details
Contact your hosting provider promptly and politely. The faster you ask, the better the chance a recent snapshot still exists.
What to request from the host
Do you have server backups for my account? If yes, what date ranges are available?
Can you provide files and MySQL dump from [specific date] as downloadable archives?
Can you restore to a staging subdomain or subdirectory temporarily so I can test?
What PHP versions are available and how do I switch PHP versions on this account?
What MySQL/MariaDB version is used and do backups include stored procedures/triggers?
Practical email template (short)
"My site [your production domain] was removed on [date]. Please check for backups from [date range] and provide a copy of site files and the MySQL dump. Could you also confirm which PHP and MySQL/MariaDB versions are available and whether you can restore to a staging area?"
Warning: do not assume the host will keep backups indefinitely. Document replies and record any temporary credentials safely.
Verification note: confirm whether any provided DB dump includes triggers and stored procedures and whether character set/collation needs preserving.
Step 3 — Inspect your backup archive
Before you restore anything, inspect the archive on your computer to understand what type of backup you have and whether it is complete.
Tools to inspect archives
Windows: 7-Zip to list contents without extracting.
macOS: Archive Utility or The Unarchiver to peek inside.
Linux: tar -tf backup.tar.gz to list contents or unzip -l file.zip.
Identify Akeeba vs files + SQL
Akeeba archives typically use .jpa/.jps or may be ZIP files with Akeeba metadata. A plain backup shows the Joomla folder structure and a SQL dump file.
Practical checks
Locate configuration.php — if missing, be prepared to recreate some settings manually.
Find any .sql or .sql.gz file — verify its filesize and whether import limits might affect restoration.
Note any vendor-supplied extension packages included in the archive.
Warning: do not extract the archive into a live webroot. Inspect on your workstation or in a non-production directory.
Verification note: verify whether the archive is password-protected or encrypted before attempting to extract or upload.
Step 4 — Choose a safe restore environment (local or staging)
Always restore first to a safe environment: a local machine (XAMPP/MAMP/Docker), a staging subdomain at your host, or a new temporary hosting account. This prevents accidental downtime for any existing production site.
Why local or staging?
Allows debugging without exposing errors to the public.
Gives you time to fix compatibility and permission issues.
Provides an environment to test an upgrade to Joomla 4 later.
Set up a local server (XAMPP/MAMP) or Docker
Install XAMPP or MAMP and create a folder for the restored site. Alternatively use Docker to replicate the PHP and MySQL versions of the original server.
Practical example (local)
Install XAMPP or MAMP.
Create a database using phpMyAdmin or CLI.
Copy files into htdocs/sitefolder and import SQL.
Edit your hosts file to point a test domain to localhost for realistic testing.
Warning: local environments may differ in PHP modules and file permissions. Expect to adjust settings such as memory_limit or required PHP extensions.
Verification note: confirm which PHP extensions (mbstring, json, xml, etc.) and PHP minor version are best for Joomla 3.10 before configuring the environment.
If your backup includes both files and an SQL dump, you can restore manually. Follow the ordered steps below and test each step before moving on.
Create a new MySQL database and user
In cPanel: use the MySQL Databases tool to create a database and a new database user, then assign the user to the database with all privileges.
Or via CLI: run CREATE DATABASE and CREATE USER statements and grant privileges (only if you are comfortable using the terminal).
Record these credentials securely for configuration.php editing.
Upload files and import the SQL dump
Upload your site archive via SFTP or the control panel file manager and extract into the target webroot.
Import the SQL file using phpMyAdmin (watch for upload limits) or use the mysql CLI for larger files: mysql -u dbuser -p dbname < dump.sql.
If the SQL file is compressed (.gz), either decompress locally or use a server-side command such as gunzip < dump.sql.gz | mysql -u dbuser -p dbname.
Edit configuration.php: database credentials and paths
Open configuration.php and update database host, database name, username and password to match the new DB. Also check $log_path and $tmp_path if the server path differs from the original environment.
Set file and folder permissions
Typical settings are folders = 755 and files = 644.
Ensure the web server user can write to tmp, logs and cache folders; avoid leaving folders or files with 777 permissions.
Search-and-replace old domain references
If restoring to a different domain or test URL, update absolute URLs in the database. Use a tool that understands serialized PHP data if your site stores serialized arrays in the DB.
Practical examples
Create DB via CLI example (illustrative): mysql -u root -p -e "CREATE DATABASE joomla3; CREATE USER 'joomlauser'@'localhost' IDENTIFIED BY 'YourPass123'; GRANT ALL PRIVILEGES ON joomla3.* TO 'joomlauser'@'localhost';"
Import via CLI: mysql -u joomlauser -p joomla3 < dump.sql
Editing configuration.php: replace DB credentials and verify paths for logs and tmp folders (verify exact variable names against Joomla docs before making production changes).
Warning: phpMyAdmin upload limits can block large SQL files — use CLI import when possible. Never publish configuration.php or credentials publicly.
Verification note: confirm the exact variable names and structure used in Joomla 3.10's configuration.php and recommended file permission practices for your hosting stack before making changes.
Step 6 — Fix common compatibility issues after restore
After restoring files and database, you may encounter errors. This section lists typical problems and practical fixes.
Common issues and how to approach them
Blank pages or 500 errors: usually PHP fatal errors or misconfigured .htaccess. Check PHP error logs or enable error reporting in a staging environment to see details.
Database connection errors: verify DB credentials and the DB prefix in configuration.php.
Missing extensions or template failures: disable problematic extensions or switch to a default template via the admin or directly in the database.
Resolving missing extensions and template errors
If the front-end fails due to a template or extension, switch to a core template (like Protostar for Joomla 3) to regain access, then re-install or update the broken extension.
Adjusting PHP settings
You may need to increase memory_limit, max_execution_time or upload_max_filesize during import and extraction. Also ensure required PHP extensions such as mbstring, json and xml are enabled (verify the exact list against Joomla documentation).
Practical troubleshooting tips
Enable development error reporting only in staging to view stack traces.
If admin panel is unreachable, use SQL to change the default template or enable admin module(s).
Reinstall missing language packs or extension packages from vendor sites if available.
Warning: Do not enable detailed error reporting on a public production site — this can reveal sensitive information. Remove or disable debugging settings before going live.
Verification note: confirm how to safely enable debugging and the exact list of PHP modules required by Joomla 3.10 before changing production server settings.
Step 7 — Upgrade planning: from Joomla 3.10 to Joomla 4
Joomla 3.10 is commonly used as a transition to Joomla 4. After restoring, plan an upgrade rather than staying long on an older release.
Why upgrade?
Security updates and modern features.
Long-term compatibility with newer PHP versions.
Compatibility checklist for third-party extensions
Inventory installed extensions and templates and check vendor statements about Joomla 4 compatibility.
Update all extensions to the latest Joomla 3.x releases before attempting the migration.
Plan replacements for any extensions that do not have Joomla 4-compatible releases.
Upgrade workflow (high level)
Make a fresh backup of the restored site.
Update all extension and template packages while on Joomla 3.10.
Use Joomla's Pre-Update Check on a staging copy to identify issues.
Perform the upgrade on staging, test thoroughly, then upgrade live when confident.
Warning: Upgrading major CMS versions can break custom templates and extensions. Always test on staging with rollback plans ready.
Verification note: confirm the current recommended upgrade path and tools from the official Joomla documentation before performing the upgrade.
Alternative options: Akeeba Backup, migration tools, or pro help
When manual restore is difficult, consider alternative approaches that may save time and reduce risk.
Using Akeeba Kickstart
If your backup is an Akeeba archive (.jpa/.jps/.zip) and Kickstart is available, upload the archive and kickstart.php to the target folder and run kickstart.php in a browser to extract and run the Akeeba installer. Akeeba automates much of the file and DB restoration process.
Migration tools and services
Specialized migration services can move a site between hosts, handle serialized data issues, and address compatibility problems. This is often the most reliable option for critical or complex sites.
When to hire a Joomla specialist
Custom code, complex integrations, or a broken DB structure.
If you lack time or confidence to perform careful restores and upgrades.
If the site is business-critical and downtime must be minimized.
Warning: If using a third-party service, provide credentials selectively and change passwords after work is completed. Use vetted providers where possible.
Verification note: check Akeeba's official documentation for Kickstart and restore prerequisites before relying on that workflow.
Checklist: what to verify before going live
Before switching DNS or replacing a live site, run through this pre-launch checklist on your staging copy.
Pre-launch checklist
Administrator login works and you can access Extensions > Manage.
Important frontend pages load (home, contact, key content).
Contact forms and email sending function correctly.
File and folder permissions are secure (no 777 left).
SSL certificate installed and active (Let's Encrypt or commercial TLS).
Sitemap regenerated and robots.txt reviewed.
Backups scheduled and tested, including an offsite copy.
All passwords changed after recovery: hosting, SFTP, DB, Joomla admin.
Warning: Do not change DNS to point the live domain to the restored site until you have verified the above items and have a rollback plan documented.
Verification note: confirm how to install a temporary SSL for a staging domain (self-signed or Let’s Encrypt) if needed.
Troubleshooting: common errors and quick fixes
This concise troubleshooting section helps you diagnose typical restore failures.
Database connection errors
Verify DB credentials in configuration.php (DB host, username, password, database name).
Confirm the table prefix in configuration.php matches the tables in the restored database.
Blank page or HTTP 500
Check server error logs and enable development error reporting in staging to reveal PHP fatal errors.
Review .htaccess rules — a rewrite or module mismatch can cause 500 errors.
Large SQL import failures
Use CLI import for large files or decompress the file on the server before import.
Consider chunking the SQL file with a tool designed for large imports, but verify the integrity of the import afterwards.
Practical examples
Import gzipped SQL via CLI: gunzip < dump.sql.gz | mysql -u joomlauser -p joomla3
Find the content table to check prefix: in SQL console run SHOW TABLES LIKE '%_content%'; then compare prefix with configuration.php.
Warning: Avoid running destructive SQL commands on live systems. Always test changes on a copy first.
Verification note: confirm recommended CLI commands and upload/import practices with your hosting control panel documentation.
Security and maintenance steps after recovery
After recovery, prioritize securing the site and setting up a maintenance routine to prevent future loss.
Immediate security actions
Change all passwords: control panel, FTP/SFTP, database user, Joomla admin accounts.
Enable two-factor authentication for Joomla admin where possible.
Review and remove unused administrator users and excessive permissions.
Backup strategy going forward
Maintain at least two backup copies: one offsite (cloud storage) and one local.
Schedule regular automated backups (daily DB, weekly full) and test restore processes periodically.
Consider Akeeba Backup with remote targets (S3, Dropbox) or host snapshot backups if available.
Monitoring and updates
Subscribe to Joomla security announcements and set a schedule for updates.
Move to a host offering staging sites and multiple PHP versions if your current host restricts options.
Warning: Never store all backups on the same server without an offsite copy. Rotate and test backups regularly.
Verification note: confirm backup retention recommendations and any legal/regulatory requirements for client data in your region.
FAQ
Can I restore a 2022 Joomla 3.10 backup to a new hosting account?
Yes — if your backup contains both site files and a database dump you can restore manually or with Akeeba on a new host. Ensure the new server supports compatible PHP and DB versions and test the restore on staging first.
What should I do if Softaculous or my host refuses to install older Joomla versions?
Ask the host for server backup snapshots or a temporary staging restore. Alternatively perform a manual restore from files + SQL or restore locally and then migrate the working copy to the new host.
How do I know what is inside my backup (full site vs database-only)?
Open the archive with 7-Zip or use tar -tf to list contents. Look for Joomla folders such as /administrator and a SQL dump file. Akeeba archives use .jpa/.jps extensions and include metadata identifying them.
What steps are required for a manual restore (files + database + configuration)?
Create a database and user, upload/extract files into webroot, import the SQL dump into the database (via phpMyAdmin or mysql CLI), edit configuration.php to match the new DB credentials and paths, set correct permissions, and test.
Which PHP and MySQL versions are required to run a Joomla 3.10 site safely?
Joomla 3.10 supports a range of PHP versions, but exact supported and recommended versions should be verified against the official Joomla system requirements before proceeding.
How do I test the restored site without affecting a live domain?
Use a local server (XAMPP/MAMP/Docker), create a staging subdomain, or modify your hosts file to point a test domain to the staging IP so that public DNS is unaffected.
How to handle extension, template or PHP incompatibilities after restore?
Disable or update problematic extensions, switch to a default Joomla template if needed, enable error reporting in staging to identify issues, and plan replacements for extensions that are not supported.
When and how should I upgrade the restored Joomla 3.10 site to Joomla 4?
Only after the restored site is stable and backed up. Update all extensions to their latest 3.x versions, run the Pre-Update Check on a staging copy, and perform the upgrade in staging before upgrading live.
When is it better to hire a professional?
Hire a Joomla specialist if the site has custom code, complex integrations, or if you are uncomfortable performing manual restores and upgrades yourself.
Conclusion
Restoring a Joomla 3.10 site from a 2022 backup is usually achievable even if automated installers are blocked. The safest path is to gather all available data, ask the host for backups and environment details, restore into a local or staging environment, and follow a careful manual or Akeeba-based restore workflow. After restoring, secure the site, schedule reliable offsite backups, and plan a tested upgrade to Joomla 4. If the site is business-critical or complex, engaging a Joomla professional is a sound investment.
Note: Verify PHP and database version requirements, configuration.php variable names, and any host-specific policies against the official Joomla documentation and your host’s support documentation before making production changes.
A recently reported vulnerability affecting SP Page Builder has been linked in some reports to attackers creating hidden Super Administrator accounts and planting PHP backdoors. This article gives Joomla site owners a practical, time‑prioritised checklist to assess risk, contain an incident, detect and remove rogue Super Users and backdoors, and harden sites afterward. Technical details that depend on vendor advisories are flagged for verification — always confirm version and patch information with JoomShaper or official security notices before acting in production.
Quick summary: what site owners need to know now
This is a concise action list for site owners who need to act fast.
What this means for non‑technical site owners
Reports indicate a vulnerability in SP Page Builder may let attackers create hidden Super Administrator accounts and upload PHP backdoors. Verify these details with the vendor advisory before assuming specifics.
Having SP Page Builder installed does not automatically mean compromise. Look up the installed version and compare it with the official advisory.
If your site is exploited, attackers can regain access even after password changes unless backdoors are removed.
Priority actions (one‑line checklist)
Update SP Page Builder if a patch exists (verify version).
Take a full backup snapshot (files + database) before making changes.
Put the site into Maintenance Mode and, if possible, apply an access block at the server level.
From a trusted device, rotate administrator and hosting credentials.
Check Users for suspicious Super Admin accounts and scan for unknown PHP files.
Practical example (one‑sentence workflow)
Switch the site to maintenance mode → take a full backup snapshot → change admin passwords from a clean machine → inspect Users and recent file changes → update extensions and Joomla core.
Warnings
Do not delete files or users before taking a verified backup; you may remove evidence needed for investigation.
Do not run unverified SQL or shell commands copied from the web; confirm commands for your environment first.
How this type of vulnerability works (high‑level explanation)
Understanding the attack pattern helps prioritise checks and cleanup steps.
Typical attack steps (non‑technical)
Exploit a vulnerability that permits file upload or an unauthenticated privileged action.
Create or promote a Joomla user to Super Administrator level so the attacker can access the admin panel.
Upload one or more PHP backdoors (web shells or file managers) to maintain access.
Use backdoors to install further malware, exfiltrate data, or pivot to other accounts or sites on the same server.
Why hidden Super Admins are dangerous
Super Admin accounts bypass Joomla ACL and can reinstall malware after partial cleanup.
An attacker with a Super Admin account can modify extensions, upload files, and change configuration.
Practical analogy: attackers often leave a spare key (hidden Super Admin) and a toolset (PHP backdoor) to get back in later.
Warnings
Unpublishing an extension may not remove existing backdoors or accounts; treat unpublishing as temporary containment only.
Backdoors are often obfuscated — filename searches alone may miss them.
A prioritized, time‑boxed list to limit damage while preserving evidence.
Protect and preserve
Take a full backup snapshot (files and database) immediately and store a copy offsite. Label it with the timestamp and a note that a compromise is suspected.
If your host provides server snapshots, use that in addition to a Joomla‑level backup (Akeeba or equivalent).
Contain traffic and access
Enable Joomla Maintenance Mode: Administration → System → Global Configuration → Site Offline = Yes.
If possible, add HTTP basic auth or an IP allowlist at the webserver level to block public access.
Rotate credentials safely
Change Joomla admin passwords from a trusted device. Also rotate hosting, FTP/SFTP, control panel and database passwords.
Remember: password changes are insufficient if backdoors remain active; they must be removed as well.
Collect logs and indicators
Save web server access and error logs, and any Joomla logs around the suspected timeframe. Preserve copies offserver for forensic review.
Warnings
Changing passwords without isolating the site may allow attackers to capture new credentials via an existing backdoor.
Blocking front‑end traffic can interfere with automated backups or monitoring; coordinate with your host if you use IP blocks.
How to check if your site is vulnerable or already exploited
Concrete checks you can do in Joomla admin, the database, and the server filesystem. Where commands or SQL are shown, they are examples and must be verified for your environment.
Check extension and Joomla versions
Open Extensions → Manage → Manage and search for "SP Page Builder" to note the installed version. Compare this with the official vendor advisory before assuming affected range.
Ensure Joomla core is up to date as part of general hardening.
Search the Joomla user list for suspicious accounts
In Users → Manage, sort or filter to show recently created users. Look for empty profiles, unfamiliar email domains, or accounts with Super User group membership.
If comfortable with the database, inspect the users table in phpMyAdmin. Example (VERIFY before use): SELECT id, username, email, registerDate FROM `#__users` ORDER BY registerDate DESC LIMIT 20; — replace the table prefix with your site's prefix.
Warning: Database queries can damage your site if misused; always back up first and confirm SQL syntax for your Joomla version.
File system and log checks (advanced)
Look for recently changed PHP files. Example Linux command (advanced users only): find /path/to/joomla -type f -name '*.php' -mtime -7 -ls — lists PHP files modified in the last 7 days. Run only if you have shell access and know the correct path.
Search for suspicious code patterns within PHP files (e.g., base64_decode, eval, gzinflate). These are indicators, not conclusive proof of maliciousness.
Review access logs for POST requests to SP Page Builder endpoints or other unusual upload attempts; save relevant log snippets.
Warning: Logs can be large; focusing on the last few days around suspected activity is usually most effective.
Verification needed
Exact database schema fields that indicate Super User membership differ between Joomla versions — verify with Joomla documentation before running queries.
Confirm specific SP Page Builder endpoints and parameters implicated in reports with vendor advisories or malware analysis.
Step‑by‑step cleanup: remove rogue admins and backdoors
Start by disabling suspicious Super User accounts rather than deleting immediately: Users → Manage → Edit user → set "Enabled" to No or change group membership to a lower privilege.
Record the user's details (username, email, ID, register date) for reporting and potential forensics before removing anything.
If you are uncertain, reset the password and set the account to disabled; monitor for login attempts before permanent deletion.
Finding and removing backdoor files
Inspect common locations: site root, templates/*, tmp/, components/com_sppagebuilder/, libraries/, cache/, and media or uploads folders.
Quarantine suspicious files by moving them out of the webroot to a safe location for analysis. Example (SSH): mv /home/user/public_html/suspicious.php /home/user/quarantine/suspicious_20240615.php — verify paths and permissions before running.
Prefer quarantine over immediate deletion to preserve evidence. Have a backup available in case legitimate files are moved by mistake.
Patch, update and verify
Update SP Page Builder to the vendor‑recommended patched version and update Joomla core and other extensions.
Clear Joomla and server caches, and inspect configuration.php for unauthorized changes.
After confirming the site is clean, re‑enable necessary admin accounts and enable two‑factor authentication for all administrators.
Warnings
Quarantining is safer than deletion for forensic needs.
If attackers added cron jobs or modified server tasks, removing PHP files alone may not stop re‑infection — check scheduled tasks and hosting user accounts.
If you are unsure about any step, consider restoring a verified clean backup into a staging environment and performing updates and tests there before returning to production.
Deciding between cleanup and full restore (when to use backups)
Use this decision guide to decide whether to clean the live site or restore from a verified clean backup.
When to restore from backup
You have a recent backup from before the compromise that you can verify as clean.
Compromise appears broad (many files modified) or persistence mechanisms cannot be identified.
You cannot safely determine how the attacker gained access.
When cleanup is reasonable
Compromise is limited to a few identifiable files and accounts, and you can patch the vulnerability immediately.
You have adequate logging to monitor for recurrence and can test changes in staging.
Practical recovery examples
Restore flow: snapshot current state → restore known clean backup into staging → update SP Page Builder and Joomla in staging → test and harden → deploy to production.
Restoring a backup without updating vulnerable extensions will reintroduce the same exposure — always patch before going live.
Backups on the same server may have been compromised; verify integrity before restoring to production.
Hardening and monitoring to reduce future risk
Longer‑term steps to reduce exposure and detect intrusions early.
User and access hardening
Limit the number of Super Users; use role‑based access for everyday administration.
Enable two‑factor authentication for all admin accounts and enforce strong password policies.
Use separate accounts for development and production and avoid shared credentials.
Server and file protections
Set secure file permissions appropriate to your hosting environment. Do not apply blanket chmod commands without verifying with your host or documentation.
Protect configuration.php with webserver rules and consider disabling PHP execution in upload directories where practical.
Remove unused extensions and templates to reduce the attack surface.
Monitoring and alerting
Implement file integrity monitoring and periodic malware scans (server tools or Joomla extensions).
Monitor admin logins and set alerts for new Super User creation or suspicious admin activity.
Rotate logs offserver for retention and incident analysis.
Warnings
File permission recommendations differ by hosting (Apache vs Nginx) — verify recommended values with Joomla documentation or your host.
WAF rules can cause false positives; test rules in staging before broad deployment.
When to get professional help and next steps
Know when to escalate to hosting, a security specialist, or law enforcement.
Contact hosting first when
You suspect server‑level compromise or need access to raw logs and snapshots.
You cannot isolate or block traffic without assistance from the host.
Engage a Joomla security specialist when
Multiple backdoors are present or the compromise persists after your cleanup attempts.
You require forensic preservation or legal evidence (data breach considerations).
What information to collect before contacting support
Timestamped copies of backups/snapshots, list of suspicious user accounts, identified malicious files, and relevant log excerpts.
A short timeline of actions you have taken (backups, password rotations, quarantines).
Warnings
Do not share full credentials over insecure channels. Use secure file transfer or support portals provided by your host or responder.
Coordinate public communications with your response team to avoid alerting attackers prematurely.
References and official advisories (verification sources)
Always verify technical claims with authoritative sources before making production changes.
SP Page Builder (JoomShaper) official security advisory and update notes — check the vendor site for the exact fixed version and patch instructions.
Joomla Project security advisories for guidance on core patches and general hardening.
CVE or NVD records if a CVE number has been published for the issue.
Reputable malware analysis writeups and WAF vendor guidance for mitigation strategies.
Practical verification flow: check the vendor advisory → confirm the fixed version → test update in a staging environment → update production and monitor.
Warning
Third‑party blog posts and forum reports are useful for indicators but should always be confirmed by vendor advisories or CVE entries before concluding specifics.
FAQ
Is my Joomla site definitely compromised if I have SP Page Builder installed?
No. Having the extension installed does not guarantee compromise. Check your extension version against the vendor advisory, take immediate containment steps (backup, maintenance mode, rotate credentials), and scan for indicators like unexpected Super Administrator accounts and unknown PHP files. Verify version and patch details with the vendor before concluding.
How do I find and remove a fake Super Administrator without breaking my site?
Take a full backup first. Then disable or lower the privileges of suspicious accounts via Users → Manage rather than deleting immediately. Record account details and quarantine any related files. Apply vendor patches, rotate credentials, and monitor logs for reappearance before permanent deletion.
Can I fix this by unpublishing SP Page Builder?
Unpublishing may help as temporary containment, but it does not remove existing backdoors or accounts. Treat it as one short‑term measure while you back up, scan, and patch. Verify the effect of unpublishing with vendor guidance.
When should I restore from backup instead of cleaning the site?
Restore when you have a verified clean backup from before the compromise, when many files or components are affected, or when you cannot identify persistence mechanisms. After restore, update the site and extensions before putting it back online.
What logs should I collect for incident response?
Collect web server access logs (Apache/Nginx), PHP error logs, Joomla logs (if enabled), and hosting or control panel logs. Preserve these logs offserver for forensic review and provide them to your host or a security responder upon request.
Who should I contact for help?
Start with your hosting provider for snapshots and raw logs. If the issue is complex or persists, engage a Joomla‑experienced security firm. Consider notifying authorities if sensitive personal data was exposed, according to local regulations.
Conclusion
Act quickly but carefully: preserve evidence with a backup snapshot, contain access (maintenance mode and host‑level blocks if possible), rotate credentials from a trusted device, and scan for suspicious Super Administrator accounts and PHP files. Verify vendor advisories for SP Page Builder and apply patches promptly. If the compromise appears wide or persistent, prefer restoring a verified clean backup or engaging a Joomla security specialist. Always verify technical details against official advisories before making production changes.
Joomla 6.1 module language associations: learn what Joomla 6.1 adds, how to upgrade safely, developer notes, system checks and roadmap guidance for site owners.
Swetrix self-hosted analytics for Joomla: learn what the latest Joomla release adds, how to upgrade safely, developer notes, system checks and roadmap guidance
N8n Joomla integration: learn what the latest Joomla release adds, how to upgrade safely, developer notes, system checks and roadmap guidance for site owners.
Comprehensive guide to Joomla 6.0.4 and 5.4.4: learn what's new, security and performance fixes, compatibility notes, and a step-by-step safe upgrade checklist with staging, backups, troubleshooting and rollback instructions.
The Joomla Content Editor (JCE) is a powerful extension designed to simplify and enhance content creation within the Joomla content management system. Joomla’s default editor options can be limiting, especially for users who need more control over formatting, multimedia management, and layout...
Automation tools streamline repetitive tasks, allowing users to save time and reduce manual errors. Popular no-code automation platforms include Zapier, Make.com (formerly Integromat), and IFTTT.
Joomla is a widely-used, open-source content management system (CMS) recognized globally for its flexibility, scalability, and ease of use. It powers millions of websites ranging from personal blogs to large-scale corporate portals and government websites. Joomla provides a robust framework that...
Admin Tools by Akeeba Ltd is one of the most respected and powerful administrative extensions available for Joomla. It serves as an all-in-one toolkit aimed at improving your site's security, performance, and day-to-day management.
one name consistently stands out when discussing Joomla website backups: Akeeba Backup. Developed by Akeeba Ltd.. Whether you are managing a personal blog or a commercial enterprise website, safeguarding your data is paramount, and Akeeba Backup rises to this challenge with robust features,...
Discover the truth behind Joomla!, the renowned content management system empowering countless websites globally. Unraveling prevalent misconceptions, this article delves into Joomla! 's functionality and user-friendliness to offer valuable insights. By debunking the top ten myths surrounding...
MigrateMe 4 is a commercial extension that can migrate Joomla websites from Joomla 3 to Joomla 4. It is a relatively easy-to-use extension that can migrate all files and data from a Joomla website, including the content, the modules, the plugins, and the settings.
Regular Labs - Advanced Module Manager is an extension designed to enhance the administration of Joomla modules. With its powerful features and user-friendly interface, it aims to give users more control over their modules and provide them with a better overall experience.
Articles Anywhere is a powerful Joomla plugin that allows you to insert articles anywhere on your site, including within modules, 3rd party components, and even inside other articles. You can place complete articles and only specific data (like Title, Readmore Link, Text, Images, Custom Fields,...
Regular Labs' DB Replacer is a Joomla extension that allows you to search and replace text in any table in your Joomla database. It even supports searching with case sensitivity and using regular expressions. DB Replacer is a great way to save time and effort when you need to change a large amount of...
Regular Labs' ReReplacer is a powerful tool that allows users to search and replace text in various contexts. With its advanced features, ReReplacer will enable users to efficiently manipulate content using regular expressions (regex).
Content will be of significant importance in 2024. Sometimes we often write the same code repeatedly, but with the Content templater Extension from Regular Labs, you can import a template just by clicking a button.
Icons have a significant visual effect to have on your website. Did you know that using an icon as a Custom Field is possible? - Creating an override for the Field layout is done in minutes.
Since Font Awesome is included in Joomla's Cassiopeia template, we will use a template override for the...