If you unpublish an insecure extension from the backend of your Joomla, a security issue still remains because a potential attacker can bypass Joomla’s index.php file and target the files of the vulnerable extension directly.
Therefore we advise you to completely remove the files and the database tables of such components from your hosting account. Usually the Uninstall process will do that for you, but still we recommend that you check thecomponents folder of your Joomla and see whether there are any left-over files from the vulnerable component.
If so, then you should manually delete them using the File Manager in your cPanel or a regular FTP client.
Joomla is a powerful software that is easy to work with once you have the right host to support you. Before you lose any more time with the wrong host, check out the SiteGround Joomla hosting offer.
