Using my extensions on your site?

Consider making a donation to support ongoing development and long-term maintenance.

Please Donate

JO Security Scanner

JO Security Scanner

JO Security Scanner is a standalone emergency tool built for one specific, painful moment: your Joomla site has been hacked, and you need to find out how badly — fast, without waiting on a hosting support ticket or trusting a backend that might itself be compromised.

When a Joomla site gets compromised, the real damage is rarely a single file. Attackers typically:

  • Drop webshells disguised with double extensions, like photo.jpg.php or invoice.pdf.phtml, so they look harmless in a file listing.
  • Inject the same malicious snippet into hundreds or thousands of files at once, across core files, templates, and third-party extensions.
  • Plant a backdoor .htaccess file that quietly blocks security tools (and even legitimate admins) while leaving their own backdoor files reachable.
  • Leave stray WordPress-style files (wp-login.php, wp-admin.php) sitting in a Joomla installation — a classic sign that something doesn't belong.

Manually opening every PHP file on a site containing tens of thousands of files simply isn't practical. JO Security Scanner narrows that haystack down to a short, reviewable list of suspicious files, allowing you to focus your time and expertise where it matters most.

It is not a Joomla extension. It's a single standalone script that you upload to your site's root directory and access directly through your browser, completely independent of the Joomla administrator area.

 

🔎 Malware & Webshell Detection

  • Signature-based scanning for known webshell patterns, obfuscation, and dangerous PHP functions such as eval(), base64_decode(), shell_exec(), assert(), and more.
  • Detects disguised scripts using double file extensions (for example image.jpg.php), including a lower-noise pass for less common disguise techniques.
  • Flags WordPress-named files found inside Joomla installations.
  • Detects suspicious multilingual payloads and abnormal Base64 or encoded content.
  • Flags non-media files hidden inside the /images directory.
  • Instantly filter scan results by detection type, sorted by risk score.

🧬 Search Snippet (Mass-Injection Cleanup)

  • Paste a single malicious code snippet to instantly locate every infected file containing the same code.
  • Ideal for cleaning mass-injected malware affecting hundreds or thousands of files.
  • Review matching files, then use Delete All to remove them in one operation.
  • Uses the same report interface as the full scanner, with no additional workflow to learn.

📄 Built-in Code Viewer & Editor

  • View the source code of flagged files directly in your browser.
  • Edit and save changes, or delete files immediately from the same interface.
  • Browse the parent directory to inspect neighboring files.

🛠️ Joomla Core Restore

  • Automatically detects the installed Joomla version.
  • Downloads and restores official Joomla core files with a single click.
  • Optionally upload your own Joomla release package for restoration.
  • Quickly replaces compromised core files with clean originals.

🔒 Fix Insecure Permissions

  • Scans all files and folders for incorrect permissions.
  • Automatically resets files to 644 and folders to 755.
  • Works correctly on Linux hosting as well as Windows and macOS development environments.

🧹 Clean Temporary Files

  • Clears the following Joomla directories with one click:
    • /cache
    • /administrator/cache
    • /logs
    • /administrator/logs
    • /tmp
  • Automatically recreates Joomla's standard index.html placeholder in each directory.

🛡️ Security Hardened

  • Content Security Policy (CSP) with nonce-based protection.
  • Session-based authentication with CSRF protection for all state-changing actions.
  • Scan reports automatically clear after login and logout to prevent stale results.
  • No scan results are permanently stored beyond what you explicitly generate.

 

How to Use

JO Security Scanner is a standalone script, not a Joomla extension. Upload it to your website using FTP, SFTP, or your hosting file manager. Since it operates independently of the Joomla administrator area, it remains accessible even when the backend is unavailable.

After uploading, log in using your existing Joomla Super User credentials. You'll be taken directly to the scanner dashboard, where Malware Scan, Search Snippet, Joomla Core Restore, Fix Permissions, and Clean Temporary Files are all available from one interface.

 

Recommended Cleanup Workflow

  1. Create a complete backup before making any changes.
  2. Whenever possible, clean the website locally using Laragon or XAMPP. Cleaning a live website can result in reinfection during the process, and many hosting providers restrict the file operations required by the scanner.
  3. Restore Joomla core files to immediately replace any modified core files.
  4. Clean temporary files to remove cached content and log clutter.
  5. Run a full malware scan and review the report.
  6. Copy a malicious code snippet from an infected file.
  7. Use Search Snippet to locate every file containing that same code, then remove them all with Delete All.
  8. Run another scan and manually review the remaining suspicious files.
  9. Complete the cleanup using your own judgment and experience. The scanner dramatically reduces the number of files you need to inspect, but successful malware removal still depends on careful review.

 

Screenshot:

 

🛡️ Hacked Joomla Site? Find What's Actually Wrong—Fast.

Get JO Security Scanner

This website uses cookies. Some are essential for the site to function, while others help improve your experience. By clicking OK, you agree to the use of cookies. If you choose Decline, some features may not work properly.