Is unpublishing insecure extensions sufficient for protecting my Joomla?
If you unpublish an insecure extension from the backend of your Joomla, a security issue still remains because a potential attacker can bypass Joomla’s index.php file and target the files of the vulnerable extension directly.
Therefore we advise you to completely remove the files and the database tables of such components from your hosting account. Usually the Uninstall process will do that for you, but still we recommend that you check the components folder of your Joomla and see whether there are any left-over files from the vulnerable component.
You find this article useful? Click here to learn more about SiteGround web hosting experts and what else we can do for you!