Top Five Joomla Security Issues

Continuing Top Ten Joomla Security Issues 5 to 1

#5 No Joomla Backup Rutine

I cannot tell you how many times we are contact by potential clients who have security issues, when asked if they have a recent clean backup they answer "my host does that for me, don't they?" No! unless you pay for an extra service backups are your responsibility.

A backup routine is essential for every website in the world, you must set one up now!

#4 Your Joomla Allows Uploads Without Any Restrictions

The worst hack we've ever seen came from a site that allowed users, once registered to upload whatever they wanted. This is absolute madness, their dedicated server 'got owned' and the clean up was a long and expensive process. If you have a forum or allow uploads for any other reason, please set restrictions on file types, file sizes and in your .htaccess file use clever coding to detect common exploit terms.

#3 Out Of Date Joomla Core Files

Joomla is built with a database and php files, these files get updated when a security vulnerability is known. The 1.5 branch of Joomla is now running on version 1.5.26 that means that 26 updates have been released in the four years 1.5 has been available. On average one release every two months and all are for security reasons.

Keeping core files up to date is one of the best ways you can avoid hacker activity on your site, there are now add-ons that inform you of an update in the administrator area and can update your Joomla website with a couple of clicks.

#2 Joomla Website Re-hacked - Missed Hacker Files

Oh dear - time and time again.

About 20% of our de-hacking jobs come from other developers or site owners who have cleaned out a hacking incident and very quickly been re-hacked. De-hacking a Joomla website is a skill, you can overlay a clean set of files to your current files but what about new files that have been added.

We've created our own script that we add to a client's site, we then search for anything that is not a part of the core Joomla files, we then investigate what these files are, some will be legit and others might be hacker files.

One thing is for sure, our clients never get re-hacked from the same incident.

#1 Weak Joomla Administrator Password

    admin - admin
    admin - nimda
    admin - password
    nimda - drowssap

Firstly rename the administrator account username from admin to something memorable, If admin is your username I'm 50% of the way to accessing your website. I know in the modern world we have so many passwords to remember, I use three words and swap out some letters for numbers, on different sites and services I swap the order of the words, there are only three possible passwords I can use and if I don't know them, they are going to be difficult for other people / hackers to guess. Software enables hackers to run millions of guesses a second, you can configure servers to block 'brute force password attempts', for the main just setting a strong password is enough but remember to change your username from 'admin'.

Giving Away Or Leaving Joomla Login Details Laying Around

You would not believe how many people on the Joomla forum post their login details for the world to see. Leaving machines on in the office with details in clear view.

Email Accounts Hacked

Email accounts getting hacked which contain your site and server details. This is not so common but does happen.

Professional Joomla Security Support

That concludes our list of the top ten Joomla security issues. If these affect you and you require professional Joomla security experts to help you with a one off package or long term ongoing help, click the box below to contact us.

Call our team now on 0800 756 6482Click hereto email us


© Copyright 2002-2016
Dean Marshall Consultancy Ltd - all rights reserved
Registered in England and Wales, Company number 6615299
A team of professional developers specialising in custom Joomla development

Dean Marshall Consultancy - a Member of W3C Sites XHTML valid website valid CSS website design WAI conformant website design

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. This site is not affiliated with, or endorsed by, Open Source Matters or the Joomla! Project.