cheap cigarettes

Frequently Asked Questions

Do you have a question, read this before sending us a support email...

How to Secure Joomla!?

Date added:
Friday, 21 November 2008
Last revised:
Tuesday, 14 July 2009
Hits:
1366
Rating:
 
Vote for this:
Good  -  Bad

Answer

Before taking extra steps to secure Joomla!, you should make sure its core code and any additional components / modules are up to date. Then you can take advantage of the next extra security measures:

1. Secure your administrator's area. This will prevent simple brute-force attacks. Along with that, all components and modules code inside this directory will be safe. For this purpose:

- Place an .htaccess inside Joomla!'s 'administrator' directory. It should contain:

Deny from all
Allow from YourIP*

* You can find your IP* by going to sites such as http://whatismyip.org

- In case your IP changes, you should try securing the directory with Password Protection.

2. Change the default database prefix jos_. This will trick all MySQL injection attempts.

You can set the database prefix when installing your Joomla! website. If you've already installed Joomla! and want to change your prefix, do the following:

  1. Log on to your Joomla! back-end.
  2. Go to your global configuration and search for the database.
  3. Change your database prefix (Example: fdasqw_) and press Save.
  4. Go to phpMyAdmin to access your database.
  5. Go to export, leave all default values and press Start. Exporting the database can take a while.
  6. When done, select all code and copy it to notepad (or any other text editor).
  7. In phpMyAdmin, select all tables and delete them.
  8. In Notepad, do a Search & replace (Ctrl + H). Set the searchterm to jos_ and change it into your new prefix (Example: fdasqw_). Press "Replace all".
  9. Select everything in your Notepad file and copy it. In phpMyAdmin, go to SQL, paste the queries and press Start.

3. Make sure your host does not allow remote code inclusion in PHP by default. For this purpose log in your Joomla! Administrator's panel and navigate to System, System info from the top panel. There go to the PHP Info tab.

- If you are using PHP 5.2, make sure that the directive 'allow_url_include' is set to off;

- If you are using PHP version below 5.2, make sure that the directive 'allow_url_fopen' is set to off.

Category

Joomla! Hosting Support

Tags for this item

joomla , website
Home / FAQ / Joomla! Hosting Support / How to Secure Joomla!?