Is your website using the latest secure version of Joomla?
The most fundamental task any owner of a Joomla! website must carry out is to keep the base Joomla! installation up to date. Like any software, bugs and security vulnerabilities are identified and fixed regularly, and a ‘patch’ will be released periodically to resolve these issues.
The Joomla! project has a Security Strike Team who are tasked with investigating and fixing security vulnerabilities, with patches for critical and high severity being released immediately, and other lower severity patches are released within the regular release cycle. Joomla! updates are generally widely publicised, on the Joomla! website, Facebook page, Twitter, and the Google+ Community.
There are two ways to find out what version of Joomla! you are using, both require you to log into the ‘back end’ of your Joomla! website (by visiting www.yoursite.com/administrator). If you can’t log in here (you will get a message saying you don’t have access) you don’t have an administrator level account, so you’ll need to speak to your developers.