Search This Blog

Friday, June 1, 2012

HOW TO SECURE YOUR JOOMLA SITES BEFORE THEY ARE HACKED!


Ihave written a post earlier about why you should keep your Joomla sites updated for safety reasons. Phil Taylor published this Tweet today: A lot of people getting old versions of #joomla 1.5 hacked today - been fixing sites all day for customers...UPGRADE NOW to #Joomla (latest version) I couldn't say it better myself. It's crucial that you upgrade to the latest version of Joomla.
When you've done that, there are several other actions you can and should take to avoid being hacked:

  • Follow the Joomla Administrator's Security Checklist
    The guys at joomla.org have put together a Joomla Administrator's Security Checklist - use it and secure yourJoomla site as much as possible using the guidelines.
  • Install the jSecure Authentication pluginEvery Joomla back-end has the same URL. If you install a security plugin, you can add a suffix to your back-end URL to make it look like this: http://www.yoursite.com/administrator?helloworld
    If the URL is not entered with a correct suffix, the site will redirect to a 404 (not found) page. Change the suffix regularly. The plug-in is $4.99 and it's worth it!
    Buy and download the jSecure Authentication plugin here
  • Don't use the jos_ prefixThe standard prefix for Joomla tables are jos_. However, many security exploits rely onyour database tables being called jos_XXXXXX.
    By simply using your own prefix you would have been protected from these exploits.
    It should also be unique for every site.
    Read more about this over at the blog of Brian Teeman.
  • Change your admin userThe default ID for the admin user in Joomla is always 62, and this may be used by a hacker. To avoid this, do the following:
    • Create a new super-administrator with another user name and a strong password
    • Log out and in again as this new user
    • Change the original admin user to a manager and save (you are not allowed to delete a super-administrator).
    • Now, delete the original admin user (user ID 62).
      Thanks to Brian Teeman for this tip!
  • Use a unique and strong password
    Create a unique passwords from a combination of upper- and lowercase letters, numbers and symbols. For instance WsHc3_#7
    Use an Online Password Generator to make the process easier.
  • Change your username and password often
    At least every 3 months.
  • Don't use the root user in mySQL as the user of your databaseYou should always create a new database user when installing a new site, and give rights to the new database only. This way, the user will only have access to the specific site. If not, you can have one site hacked and the rest are wide open as well...
  • Always update to the latest Joomla versionCan not be said too often ;)
Have any other tips? Let me hear them in the comments field!


Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

0 comments:

Post a Comment