Tips & Tricks Secure Joomla
Secure Joomla
Joomla is safe!! - you can heard in every forums. Is indeed safe enough? Yes, the core Joomla, if properly configured and deployed is a reasonably secure environment. The difference can be made by several factors. and first of these factors is YOU, the webmaster. But there are others, like the hosting environment, the addons used, and couple of others. Watch your back! And keep your site safe!
black hatPissed off, eh? Me too! After you put together your site (small or big, hobbyist site or a large corporate one) and installed all the security gizmos available out there you began to receive all kind of alerts about hacking attempts. This is the good scenario - succesful hacking attempts usually aren't reported: you experience the sometimes devastating effects by visiting the site.
Anyway, you probably get frustrated over time, and you definitively will try to do something above just stopping these attacks.
In various blog posts, security bulletins, etc. you can read, that you need get rid of the default "admin" user with Super Administrator privileges (and with the default UserID of 62 or 42 - depending on Joomla version) to prebent hackers using the well known username and user ID to start dictionary attacks or carry out successful SQL injection attacks against your site, but how? If you go to Joomla user manager, and want to simply delete it, you can't. More, you can't even disable it! WTF...
Hey, it's not that complicated!
Let me show you how can you do it in a simple - and fool-proof way!
File and folder permissions are a key part of your Joomla site's security. It's highly recommended that you have set them properly. They should never be 777, but ideal is 644 for files and 755 folders.
Sometimes you need to block a certain IP address, a group of addresses or certain hosts from accessing your Joomla website. Reasons may include:
- It's a hacking attempt coming from that IP
- Someone is scraping content from your website
- A brute-force attack (in most cases a DoS - Denial of Service - attack is originated from that IP (there are too many requests coming from a particular IP
- Someone continuously spamming your website
- Some content from your site (images, media files) are hotlinked from your website.
The solution is simple, but is advised to apply first other tools to stop these bad guys - overuse of this tip can slow down your site considerably, use it ony if you don't have anything else - or you are in hurry to stop an ongoing attack.
One of often overlooked security (and not only) resource for any Joomla site is under your fingertips! With each Joomla install (even from the old Mambo days) you have a file named htaccess.txt in your site's root directory. In most cases is never touched, and left as is - most weekend webmasters don't even know what is for. A few are using it to help Joomla or the specialized SEF URL builders to make those pretty SEF URL's for their site. And that's pretty easy - in most cases it's enough to rename it to .htaccess, and you are set. But there is much more power hidden there...
You may think that updating your Joomla site to the latest version is not something worth doing every time a new version is released. The site works just fine, and you are not interested in the eventual new additions. You're wrong! There's always a major reason for update to the latest version of Joomla: Security!
More Articles...
- Moving the location of admin login
- Change the default Joomla database prefix
- Secure your standalone scripts used in a Joomla site
- Move your config file outside of webroot
- Move your /temp and /log folders outside of webroot
- Server Settings
- Vulnerable extensions list
- File and folder permissions
- Register Globals
... also in this category
Tags cloud
Maintained by:
Latest Tips
Site Statistics
- Current Active Users16
- Unique Visits Today293
- Unique Visits Yesterday199
- Visits This Week1090
- Visits Previous Week993
- Total Articles156
- New Articles This Week4
