Joomla, just like WordPress, Drupal and PHPbb is among the most popular content management systems (CMS) powering millions of websites on the internet.
Securing your Joomla website against security breaches and malicious cyber attacks should be among your primary priority as a webmaster and/or web developer.
Here are few tips to keep your Joomla website protected. They’ll help you secure your websites from cyber attacks.
First things first: check if your plugins are listed in the exploitable list athttp://docs.joomla.org/Vulnerable_Extensions_List. If positive, remove such extensions/modules. Else, proceed with these other solid tips for securing Joomla-powered websites.
Must Have Plugins
extensions/access-a-security/ site-security/site-protection/ 13233
extensions/access-a-security/ site-security/site-protection/ 14087
- Keep Joomla software up-to-date always: Keep Joomla up-to-date, particularly when a security release has just come out.
- Do not use the default jos_ prefix for your database table names: Many attacks on Joomla sites depend on your database tables starting with “jos_”. Hackers typically try to get access to the jos_users table so they can get your username and password to login to the admin side of your site. If you simply change the database prefix for your site to something else, like “mig_”, you would be protected from the kind of security exploit that relies on the default database prefix of “jos_”.
- Change the default super admin name from “admin” to something else: When you install Joomla 1.5, the default super administrator username is “admin.” If you don’t change this, you’ll give hackers 50% of what they need to login to the administration side of your site. To do this, when you first Login as Admin, immediately create another user with a completely different name. Assign this new user super administration rights to your Joomla website. Then immediately log out as Admin. Login as the new user that you just created. Delete the user Admin. You’re done!
- Joomla Files and Folder permissions: Using cPanel > File Manager or your FTP client, change the permissions of all Joomla folders to 755 and all wp-content to 600, no matter what.
- index.html in all Joomla folders: Ensure that –there’s a blank (empty) index.html within each folders of your Joomla website.
- Rogue Extensions: Additionally, there are rouge extensions available for free download and use. These extensions are actually developed for the explicit purpose of infecting a Joomla website, under the guise of doing something useful there. A really good idea is to scan the downloaded zip file of the Joomla extension, plugin, or module with the antivirus on your local computer. If there is a PHP trojan sitting quietly in the extension, your anti virus should be able to identify this.
- Uninstall unused extensions on your website: Remember there are definitely times when uninstalling Joomla extensions uisng Joomla Admin – Extensions > Install/Uninstall does not completely remove all of the associated directories and contents for a given extension, so you should manually remove the contents from the extension’s directory.