Backup Of Website: As Joomla is dynamic content management software, it needs to store various data and thus needs a backup store for this. Now, when does the website needs a backup?
- When you are installing new extension of Joomla
- When you are upgrading the current Joomla version
- When you have a regular backup strategy monthly, weekly or daily///
Hosting and Servers: The hosting and servers are very crucial items that need to be selected with efficiency. Some open ports or shared hosting may lead to various server errors. So, ensure that you are using a secured host. Then you need to run PHP 5.2 by hosting your site on the server. The PHP scripts help to filter the user accounts specifically and thus resulting in efficient security.
Use Of htaccess file: You need to rename the htaccess file from htaccess.txt to .htaccess and then place the file in your root folder. You may edit or rewrite the files as required. This particular activity will surely protect the security of Joomla.
Permissions and Specific User Accounts: The default username ‘admin’ should be changed to something else so that the hackers find difficulty in revealing the details of the accounts. There is a default rule where you need to change all your files to 644 and folders to 755. There may be some exceptions to this rule, but these will definitely come up with exceptional security.
Incident Management and Backup: Backups are required in every stage so that you do not lose any important data from your site; and by ‘incident management’ I basically mean a proper planning before your site gets hacked. Thus a well planned system will surely help you to restore all your lost data very quickly.
Extension Management: You need to prepare a thorough checking system for all the third party extensions. You can go through the code review of the extension or run a test suite. Finally you need to update the codes as and when required.
Managing Version Numbers: The extension version numbers need to be removed if required. You can use the version names only by editing them with tools like Dreamweaver.
Unused Files: There may be various incidents when you have installed software but ended up by not using it at all. The unused files need to be identified soon and uninstalled as and when required. They seem to be very vulnerable during the Joomla process.
Protection by Password: The conventional method of protecting through the password always comes handy. Brute Force can be the common virus that generally attacks feeble passwords. Just create a unique password with upper and lowercase letters and numbers. You can change the password every 30 days to ensure its security. You also need to protect the administrative folder of Joomla through strong passwords. The administrators may need to sign in twice for entering into a single account, but this will protect the software very efficiently.
Try HTPASSWD: This activity will surely help in the authentication of the user which is the combination of the Unix and Linux based web servers. You can manually create the .HTPASSWD file and the .HTACCESS file.
Using the CPanel For Security : You have to operate the CPanel using some simple steps for the protection purpose. At first, just log in to the CPanel , then select the Password protect directories. After that just navigate through Home/Myaccount/public_html/administration folder. After that, you can choose the administrative folder and fill up the folder name with username and password.
Applying The Security Extensions : For using the security extension of the Joomla, you need to log into the administrator of Joomla. Then navigate through components/admin tool/password protect administrator. You will have to insert the username and password finally.
Updating Add-Ons : You are required to update the Joomla and its extensions. You just need to enter into the administration section and select ‘update’ from the “components” and your CMS will automatically be updated.
Updating Extensions : Just choose the extension from the extensions manager and then the update tab. The ‘purge cache’ and the ‘Find updates’ are to be selected and then finally the extensions that you need to update.
Changing Table Prefix : The default table prefix needs to be changed regularly as the hackers target the database tables to gain access to the usernames and passwords. If you are using Joomla 1.5, then the DB admin can be a beneficial component for you. But if you are using the Joomla 1.6 version, then it will be better if you run the security process during the installation itself.
SSL Certification : You can easily use the SSL mode for logging into Joomla. You just need to ensure that you are having SSL certification for your own domain. If you are using any shared version of the SSL certification then your purpose may not be successfully fulfilled.
FTP Layer Of Joomla : You may shut down the FTP layer of Joomla for the third party extensions to process the function in a proper manner. You need to check that the layer is not saving your login details and passwords. The SuExec can be applied by the servers instead of the FTP layer.
Register Globals : The register global is not necessary and can be turned off. This will help to disable few active PHP scripts. Thus, you can edit the php.ini file from your domain in the root directory.
URLs Must Be Search Engine Friendly : Not only to make your site rank better in the search engine results, but the search engine friendly URLs will surely protect your domain from the hackers.
You need to be always updated with latest security changes and likewise protect your domain. Just be on top from all your competitors if you keep up your guards efficiently.
Author Bio
Sarah Wilson is a well known professional Joomla expert who is sharing some useful tips and tricks for protecting your Joomla from the modern hackers. You can visit our blog and know more information about the Joomla security.
