The Joomla! Extensions Directory ™

jHackGuard Plugin

Editor's Note
  • This extension requires registration to download.
jHackGuard is designed by SiteGround to protect Joomla websites from hacking attacks. Just add it to your Joomla and it will be safe against SQL Injections, Remote URL/File Inclusions, Remote Code Executions and XSS Based Attacks!

This plugin has been successfully used by SiteGround customers during the past few years. Now we make its latest version public, so that you can easily protect your Joomla site. All you need to do is to install jHackGuard and enable it – no additional configuration needed!

Report Extension



Reviews: 1
OK, maybe I'm too in a hurry and should take time to search... and search... and search. but there are plenty of extensions with documentation and support. This one seems not to be one of them.

I'm not skilled with Joomla but not a complete novice, that said, once installed jHackGuard has block any access on my website. Fortunately I kept the administration page open and could disable the plugin.

I asked for support on the SiteGround website, but it's quite impossibile to know how support works there. Is it free or not? You provide chat support and ticket based, but... how do I login? And where do I find some FAQ, in substitution?
Not the best support ever found.
Reviews: 1
I downloaded jHackGuard with enthusiastic high hopes and dreams that it would help protect my website from hackers. Evidently, it actually does the job TOO well. Although my website was never hacked, it actually caused a more frustrating issue - my registered users can no longer sign in to their blog accounts.
I tried to resolve this issue using many different methods (password resets, account re-creation, and disabling the jHackGuard functions one-by-one [turning each one back one as I proceeded to the next function]).
Simply, whenever a registered user, a blogger, attempts to sign in to their account (front-end) they're faced with an invalid token error. I had to turn off the jHackGuard plug-in so that it would re-enable their access. I want to secure my website from SQL injections and other malicious code, but not at the expense of my users. How can I fix this?? Thanks.
Reviews: 1
I used the non-commercial version of JHackGuard, but my website was hacked again and again.
I had to learn:
"If you pay peanuts, you get monkeys."
"If you buy cheaply you pay dearly."
Owner's reply

First, we’d like to say that jHackGuard doesn’t have a paid version. It’s a free plugin designed to improve your site’s security.

As to your site being hacked over and over again, we’d advise you to get it checked by a professional and make sure that there are no backdoors left from previous hacking attempt.

Having a secure website is a combination of following good practices, having the proper software and keeping it up-to-date. Unfortunately, you can’t have all hacking threads neutralised by using only a single plugin.

Reviews: 1
Installation: Simple
Compatibility: Both 1.5 and 2.5
and ofcourse good protection.
Reviews: 5
Simple to install and configure, no problems at all.

Installed it on several 1.5. and 2.5 sites, and I was amazed how many attemps there are when I look at the log files.

Thanks for a great plugin.
Reviews: 1
Tried this extension for a day, and decided not no use it, now i get all this spam from siteground.
The unsubscribe link in the emails does not work, the email siteground link does not work, to file a ticket you have to make an account, and the live chat is a bot.
Owner's reply


We are sorry that you decided not to use our plugin. We usually receive very positive feedback from people who have enabled it on their websites.

In regards to the promo emails that you have received from us - during the download of the extension we explicitly ask users for their permission to receive updates from us about our services and products. We have investigated the issue with the broken unsubscribe link and it turned out that during our recent website redesign, the unsubscribe form has stopped working. Our developers have fixed it immediately, and now it is working just fine. Thank you very much for reporting this! If you want, you can either try it again or send us an email at news'at' and we will remove your address from the list manually.

As to our Chat support I can assure you that there are no bots working for us at the moment :) However, note that the best place to get a jHackGuard support in case you're not our customer is via the support link above which will redirect you to our forum. It is monitored and questions answered by our Joomla experts (and jHackGuard developers personally). We will be glad to help you there, just drop us a line with your request.

Reviews: 4
Install it and it works fine no problem hope has given me hold my safe place ... thanks for the extension
Reviews: 1
Thanks for making a great plugin, my protection now against attacks is covered with this plugin, and I hope not to be hacked again. I can sleep well again. Thanks!
Reviews: 2
Used it for years for Joomla 1.5 ... and now using it for Joomla 1.7 to Joomla 2.5.

Earlier, I always got a lot of problems with my Joomla site. But since I am using this plugin, not a single attack more.

Thank you siteground team.
Reviews: 2
This extension really does protection for my site. Earlier my site was hacked again and again, but after installing this one, the problem gone. This extension also email me every attack, that make me know how dangerous my site is, very helpful info.

Thanks for the great extension!!!
Reviews: 5
It looks good, but after upgrading joomla and adding this plugin, my site was hacked - the index.php file was changed.
So it seems this isn't the best solution.
Owner's reply

Please post a thread in the jHackGuard support forum(you can access it via the Support button above). We will happy to investigate your case in details and make sure we add the necessary changes to protect Joomla sites against such attacks. If possible please make an archive of your hacked files and allow us access to it. All logs from that period you may have will be useful too.

We take our customers feedback seriously and look into every issue reported to us. We have just released a new plugin version based mostly on the feedback by our users.

Reviews: 10
After a recent hack 'defacement' of my site, I went on the hunt for a reliable anti-hack solution, this plugin seemed to fit the bill and was the right price FREE. So after careful study of other reviews and opinions I gave it a try. I have now installed it on 9 of my sites that were frequently attacked, and to date none of them have been defaced since. With regard to removing the backlink, just select disable on the 'Link back to SiteGround' option. Thanks for a great FREE plugin. Highly recommended.
Reviews: 1
First thanks for this good plugin.
But I cannot enable logging on my Sever.
Is there any possibility to change the storage to the folder named logs.
Because, if you host a server by 1&1Puretec, they are using "logs" as there folder. And the permittion can not be set to 755. So a error will show up with every login.
Owner's reply


In the current version, you can only specify the name of the log file but not the directory it is saved in. We have already reported this request to the plugin developers and we will do our best to have this new functionality included in the next plugin version.

Reviews: 1
I uninstall a previous version of jHackGuard Joomla plugin, but the link to SiteGround remains in the page bottom. If I install the last version of the plugin for Joomla 1.5.x and configure for disable the link in the bottom, the links still remains.

I ask for solution in SiteGround, but they told me I must create an account with them. I think the plugin is a hook.

In new versions the link to SiteGround is optional, but there is not a visible solution for the problem of oldest versions.

I know is free, but make a warning please. The new version perhaps have an Excellent rating for me, but my vote right now is for the attitude of SiteGround Team.

I see a lot of similars non happy comments in forums, but no real solutions, even when SiteGround's members participate. In best cases they answer is: "Go to and contact using chat"; I did it, and the solution of the operator was: "create an account with us". And if I don't want to? My site must have an eternal link to SiteGround, even when I uninstall your plugin? This is legal?

If some body have an effective solution let me know an for sure I change my words.
Owner's reply


It seems that you are experiencing issues with some 3rd party caching extension. Once the plugin is removed there are NO links or other information that remains on your website. As for receiving support with using this plugin, our website chat isdefinitely not the best place, as our main business is web hosting and the live chat is operated by our web hosting Sales team. However, any jHackGuard user can receive timely assistamce (no matter if s/he uses our hosting services) by posting its request on the special forum category we have created for this purpose. You can access it either from the "Support" button above or directly through this link:

Reviews: 47
Very well written plugin. I had issues removing the watermark (Link Back to SiteGround) in the previous version, however that has been taken care in the latest release. There is now an option under the configuration of the plugin "Link back to SiteGround" which can be set to On or Off which makes it easy to manage the link back shown in the home page without having the need to touch the code.

Thanks SiteGround. You Guys Rock.

Reviews: 7
Been using this on J1.5 and it was great, but now that i have moved over to 1.7 its a complete mess.

As brian mention, it filters out extremely common words, i have tried the latest 1.2.1 version and it has not sovlved the problem, we have a social network with public bloggers and no matter where you want to use the word union, front-end or back, user level irrespective it removes the work or that part of any word containing it.

Even tried posting it as my status in JomSocial and as a super admin it would not let the post succeed. They are completely delusional if they believe they have solved the problem.
Owner's reply


We have tested the plugin and we can confirm that the version for Joomla 1.7 no longer filters in any way content added by users that have access to the administrative area. To make sure that the latest version of jHackGuard is used please completely remove your current instance of jHackGuard, download it anew from our website and install it.

As to the JomSocial component, it allows users without access to the administrative area to create and publish content to your website. This behavior triggers the jHackGuard security checks and if anything suspicious is found it will be blocked. Our plugin utilizes the same logic in both Joomla 1.5 and Joomla 1.7 versions. This means that posting "union" through a JomSocial component will be filtered in all Joomla versions. Note that the majority of the MySQL injections work using precisely this command to execute unwanted queries to your database. For example, if someone posts 'and1=1 UNION select * from jos_users' and your comment extension is not written securely, this will return everything in your jos_users table. Through this command if an attacker find such security hole he/she can execute literally every query he/she wants.

We also plan to develop further the plugin and converting it to a component that utilizes the new Joomla ACL system. This will allow each user better control over the security checks to be applied on his/her website.

Reviews: 4
I've seen some bad extensions but this one really takes the biscuit.

The extension is so badly coded that it tests for things without checking without checking the context

For example it is impossible to write an article about a trade union as the extension removes the word union

Or to write the word concatenate as it removes the characters concat

Or to write a basic tutorial about joomla as it removes common terms such as jos_users.

Removing any of these from your content is just plain stupid!!!!
Owner's reply

Thank you for reporting these issues with jHackGuard in Twitter last week. We have tested and found that there was really a flaw in the jHackGuard version for Joomla 1.6 and 1.7, which was fixed and the new version of the plugin was uploaded yesterday.

Our plugin is originally designed to check whether the user submitting information to the site has admin privileges or not. By default only if the user has NO admin privileges we look for patterns for SQL injections and other hacking techniques and block posts containing such patterns in order to prevent the site from being hacked. Unfortunately, due to a slight modifications in the latest Joomla versions, the check whether an user has admin rights or not wasn't working correctly. This is why you were unable to post articles containing content that you've mentioned as your posts were block by mistake.

You can download the plugin again from our site and give it another try. I believe that you will find it useful and working as expecting to protect your site from hacking attempts. Of course any bug reporting or improvement suggestions are more than welcome!

Reviews: 1
I have made many Joomla website over the years. About 1 year ago some of the many sites I designed started getting hacked from the outside. I did some research and found the "jHackGuard" plug-in.

I have installed it now on 5 websites I have created and they are all secure. (or seem to be)

On my personal Joomla website I have tried several other Admin tools, so that in the future (If one of my clients get hacked) I have other things I can do to help them out. Thanks to all the programmers who make these Extensions for Joomla! (Non-Commercial)
Reviews: 1
I have installed this extension on site that requires great and full protection. Now, after 6 months after installation, I can make full review of this excellent extension. First, it WORKS. Second, it works PERFECTLY. It stops hackers completely. And logs are great help too, btw. Thank you. Thank you from the bottom of my heart. This is a MUST HAVE on every joomla installation.
Reviews: 1
this plug in makes my site out of reach even in joomla administrator!!!! so I could not uninstall it. so I was obligated to remove plug in from directory!!!
Page 1 of 3