Steps to Secure your Joomla Website

 

There  are several actions you can and should take to avoid being hacked:

  • UPGRADE - UPGRADE - UPGRADE
    • We can't stress the importance of upgrading your Joomla installation to the latest stable version.  These incremental upgrades usually contain security patches.

  • Follow the Joomla Administrator's Security Checklist
    The developers at joomla.org have assembled a Joomla Administrator's Security Checklist- use it and secure your Joomla site as much as possible using the guidelines.
  • Install the jSecure Authentication plugin
    Every Joomla back-end has the same URL. If you install a security plugin, you can add a suffix to your back-end URL to make it look like this: http://www.yoursite.com/administrator?helloworld If the URL is not entered with a correct suffix, the site will redirect to a 404 (not found) page. Change the suffix regularly.   Download and purchase the jSecure Authentication plugin here
  • Don't use the jos_ prefix
    The standard prefix for Joomla tables are jos_. However, many security exploits rely on your database tables being called jos_XXXXXX.
    By simply using your own prefix you would have been protected from these exploits.  It should also be unique for every site.  You can easily perform this task using the free Admin Tools extension.
  • Change your admin user
    The default ID for the admin user in Joomla is always 62, and this may be used by a hacker. To avoid this, do the following:
    • Create a new super-administrator with another user name and a strong password
    • Log out and in again as this new user
    • Change the original admin user to a manager and save (you are not allowed to delete a super-administrator).
    • Now, delete the original admin user (user ID 62).

This task can also be acheived using Admin Tools.  Note Joomla version 2.5 automatically addresses this issue when manually installed.

  • Use a unique and strong password
    Create a unique passwords from a combination of upper- and lowercase letters, numbers and symbols. For example: WsHc3_#7

  • Change your username and password often
    At least every 3 months.
  • Don't use the root user in mySQL as the user of your database
    You should always create a new database user when installing a new site, and give rights to the new database only. This way, the user will only have access to the specific site. If not, you can have one site hacked and the rest are wide open as well...
  • Always update to the latest Joomla version

 

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

WHAT TO DO IF YOU GET A (JOOMLA) SUSPICIOUS FILE TICKET?

Because we scan your files daily for any suspicious or malicious files, it may be at some point...

RS Firewall

While we provice hardened security, we always recommend that you take extra precautions with your...