Our Blogs.
3 minutes reading time (595 words)

Loosing sleep over website security? Part 2

Joomla_Security

In this article, Part 2 on website security, we are going to see how to protect a Joomla based site. Joomla shares a lot of common security practices with Wordpress, with few exceptions. Again, nothing will give you a 100% guarantee that your site will not get hacked, but these security practices should offer a good level of protection, making an intruder's attempts more difficult.

1. Masked Admin Username

By default, Joomla creates a username for administration purpose called "admin". Always change it to a "hard to guess" username. If the administrator name is not standard, it is much harder for an intruder as they must guess both the username and password, therefore dramatically reducing or preventing login attempts.

2. Use of Secret Key to Login

This concept allows an administrator to log in through a very specific URL instead of the default. In this way, the login is protected from intruders. An extension program, like KSecure, adds a secret key which the administrator will have to enter the regular URL in order to log in. The following is an example: 

https://domain.com/administrator?ThisIsSecretKey

3. Joomla Backup

There is no substitute for making a regular backup when it comes to protecting digital data. If you have an up to date backup, you can always wipe and restore your hacked site. Use a reputable hosting provider who backs up your site regularly, such as Symmcom. Remember, your restored backup still contains the security vulnerabilities. 

4. Update Joomla Regularly

Security vulnerabilities are continually being discovered in code and Joomla is no exception. However, they are extremely proactive to patch any security holes that could ruin your day and publish new releases on a regular basis. It is very important to be alerted when new releases are coming and actively update your Joomla site. Some hosting providers do offer a free auto-update as soon as new releases come out. 

5. Use Search Engine Friendly (SEF)

Besides making your site more Search Engine Friendly, SEF also offers a level of protection. SEF masks some information which would have given an intruder clues about different components or extensions used in your site. You can enable SEF using the following steps:

  • Login into Joomla Control Panel.
  • Goto Site > Global Configuration.
  • Under tab Site, click Yes for SEF URLs.

6. Use Security Extensions/Firewalls

Like Wordpress, there are many 3rd party extensions for the security of Firewall options available for Joomla. This breed of the firewall is also known as Web Application Firewall (WAF). The WAFs provides multi-layer protection with just a few clicks of your mouse. The following are few protections these WAFs offers out of the box:

  • Protection against SQL Injection
  • Login Protection
  • Joomla Specific Vulnerabilities
  • Backdoor Protection
  • Bot Protection

7. File/Folder Permissions

Always check files and folders to ensure they do not have incorrect permissions that would allow a hacker to upload malicious code files. All folders on your site must have proper CHMOD configured properly. Here is some good rule of thumb settings for checking permissions:

 

8. Use Reputable Joomla Extensions

Always pay extra attention which extensions you are using on your site. Guard against always going for the free ones. Although some free Joomla extensions are really good, most are not coded properly and contain a lot of security vulnerabilities. You may have protected your Joomla core quite well, but one insecure extension can ruin it all and cause havoc. If your site is mission critical, try to find extensions from well-known developers that have support available.

Following these practices, your Joomla site will be better protected and you will be able to sleep well. 

Joomla Security
Loosing sleep over website security? Part 1

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 23 June 2018
If you'd like to register, please fill in the username, password and name fields.