Top Ten Joomla Security Tips

Secure Password - Change Username

Make your password personal but change letters for numbers or other characters. Don't use a term / word(s) that might appear on your website. Avoid using names, try things like your primary school or make and model of your first car. Do not leave the main super admin username as:- admin.

Good Hosting Is Essential For Joomla Security

Shared hosting is okay, but if one of the other sites on the same server gets hacked you are vulnerable. Smaller Joomla hosting companies offer the best hosting packages for Joomla websites. Servers set up for Joomla websites with far fewer sites on each server.

Joomla Security - Change Database Prefix

I strongly recommend everyone on every version of Joomla install Akeeba Admin Tools.

Admin Tools is free and enables you to change the database prefix of your Joomla database tables. It's a simple process that any beginner or novice Joomla user can do. Database hacks are the most serious Joomla related hacks, as from their the hacker can change anything they like in your site. They can add new pages with links to themselves or take control of your sites email function and send out thousands of spammy emails in your name.

Change Joomla's Super Administrator ID Number

Likewise Akeeba Admin Tools can be used to change the id number of the sites recognised super admin. This id number is used throughout Joomla to aid security, but in some versions of Joomla the super admin id is always the same number '62'. This needs to be changed as the id number can be used to hack your Joomla website.
Joomla Security Must Do

Keep Joomla And Extensions Up To Date

Joomla releases a new version on average every two months, these are always security updates and should be implemented within a week of release. Never update on the first day of a new release, let others update first and discover if there are any issues with the update version of Joomla. This will save time, money and major stress if something goes wrong. Always backup before updating.

Restrict Uploads To Keep Joomla Secure

If you have a forum on your site you probably want users to be able to upload images and other types of media. Allowing someone you don't know to upload files onto your server is not to be taken lightly, all possible measures must to taken to protect your website and server.

The administrator area of Joomla 1.5 has some settings to enable basic protection, make sure at the very least you have these configured for your requirements.

To control file permissions for uploads you have to use the .htaccess file found within the root of the Joomla folders/files. Blocks should be put in place that are tailored to your exact requirements.

Contact Joomla Security Experts

Call us today on 0800 756 6482 / 01524 63492, or use our contact form, for further information and to arrange a discussion about your Joomla security issues.

Correct File Permissions Essential For Joomla Security

Joomla is built with a MySQL database and a large amount of php files. Most Joomla hacks affect php files, the files are found in a series of folders that will also contain images, script files, pdfs, videos and other types of media. The folders within Joomla should have permissions of 755 and the files should have 644 permissions.

Basically Joomla's file permissions allow or deny servers, browsers and robots the ability to view content, write to files and database or run programs within the folders.

As you can imagine if the wrong people have the ability to write to your files, they've hacked your site and can start to do what they want.

Some folders and files can be locked down even more but this should not be necessary if everything else is properly looked after.

Remove Unused Joomla Extensions

There are people out there who spend their time trying to find weaknesses in software. The older the software the more likely that it is vulnerable to hacking as someone has found and published the weaknesses.

If you are running a version of Joomla that is older than 1.5.15, your site can be hacked in seconds. If your version is between 1.5.16 and 1.5.22 and you have one known setting disabled you site can be owned in just a few minutes.

The most vulnerable elements found in Joomla websites are old third party extensions, if you are using add-ons then you must keep them up to date but it's easy to forget about the ones you installed and never used. Remove all unused extensions and you will greatly reduce the chances of your site getting hacked.

Joomla Security - Use SEF URLs To Hide Extensions

If you have extensions that are known to have security issues then masking them within the URL bar can help keep you safe.

You might see things such as com_sobi2, com_cb or com_sh404sef, these show what add-ons you use and from there it's easy for hackers to lookup weaknesses and exploit them.

.htaccess To Block Common Joomla Security Exploits

As mentioned in the upload section, .htaccess can be used to block database and file exploits. This should be one of the first weaknesses blocked by any Joomla developer you hire to help with Joomla security issues. We go beyond the obvious and block search queries being run.

Hacker Beware

Dean Marshall Consultancy have developed our own custom programmed Joomla security add-on called 'Hacker Beware'. We only install this on contracted client's sites, with Hacker Beware a hacker gets one go at exploiting a website with known exploits, when detected the site bans their IP address from accessing any part of the website again.

Website security is an ongoing process but need not affect your life. If your website is a key part of your business and it needs to be accessible at all times, do not take the risk of "it won't happen to me".

Avoid the embarrassment of your site being used to link to porn sites or sending out thousands of spam emails with indecent messages.

Joomla Security Services

We can secure your Joomla website and we guarantee that.

Joomla Security Audit £350 - price includes fixing core Joomla issues

Joomla Security Audit + Full Site Fixes £500 - price includes core Joomla and all third party extensions

Hacked Joomla Website

If your Joomla website has already been hacked we offer three levels of service:

Scanning And Cleaning £450 - full scan of Joomla's folders for added and altered files, remove all hacker code.

Full Website Rebuild £950 - Keeping the database, install new core Joomla files, install latest versions of your add-ons, scan all your image folders and other media folders, add back only clean media files.

Joomla Database Hacked

Database rescue £???? - this services is very, very complicated and cannot be given a fixed price. If it is essential that after your database has been hacked you recover your users, sales, email addresses, etc. We can help, but it will cost in the thousands and all data probably will not be recoverable.


© Copyright 2002-2016
Dean Marshall Consultancy Ltd - all rights reserved
Registered in England and Wales, Company number 6615299
A team of professional developers specialising in custom Joomla development

Dean Marshall Consultancy - a Member of W3C Sites XHTML valid website valid CSS website design WAI conformant website design

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. This site is not affiliated with, or endorsed by, Open Source Matters or the Joomla! Project.