How can website administrators determine if their Joomla site is vulnerable and what immediate steps should they take?

Administrators should first check if their Joomla version is between 3.4.4 and 3.6.3. They can also run a Python script (linked in the article) to test if user registration is enabled. The most critical step is to upgrade to Joomla 3.6.4 or later, which removes the vulnerable code. Additionally, ensure that user registration is disabled if not needed, and avoid enabling email SMTP unless required, as these settings raise the attack surface. The full test record is available in the Joomla 3.4.4-3.6.3 Account Creation & Privilege Escalation Test Record.