11 Tips for Joomla! Security - GuardXT
- Date added:
- Monday, 19 January 2009
- Last revised:
- Tuesday, 14 July 2009
Answer
If you require Joomla! security support, please do not hesitate to contact us.
Mainly based on the Joomla Security FAQs we created a quick checklist to make your Joomla!-site less vulnerable for hacker attacks. These are probably not the top 11 tips, but at least those where GuardXT can help you. GuardXT is the Joomla! administrator component that helps to increase the security of your site, regarding these topics.
1.) Be informed about known Joomla! vulnerabilities.
Subscribe to the Joomla security news. Usually they provide fixes incredibly fast.
2.) Keep Joomla! and your components up to date.
The latest versions of Joomla! and 3rd party components usually are safer than older versions.
3.) Ensure proper permissions of files and folders.
File permissions 644 and folder permissions 755 are considered to be a good trade-off between security and functionality.
4.) Protect your configuration.php file.
configuration.php is probably the most critical file of any Joomla! installation. Make it at least unwriteable.
5.) Use a .htaccess files.
Even if you're not using SEO, the .htaccess file that comes with Joomla! blocks some common exploits.
6.) Rename the default admin user.
Everybody knows that your admin site most likely is accessible via /administrator, everybody knows the default admin user... makes getting admin access a lot easier.
7.) Protect your admin directory.
The most sensible part of your Joomla! site is the administration site. Make sure this well protected, e.g. by adding additional password protection.
8.) Make log and temp folders unaccessible.
Make sure your log and temp files are not in Public HTML folders.
9.) Clear the tmp folder.
Remainders of old - vulnerable components might be in there.
10.) Recognize when your site was hacked and act fast.
Often hacks are very obvious, because your site is de-faced. However the not as obvious hacks are much more dangerous. If files on you server were modified or added without good reason you should immediately act.
11.) Use secure PHP settings.
Make sure your PHP configuration meets some security standards. Try using local php.ini files if you don't have access to the global php.ini.
GuardXTGuardXT is an administrator application that tries to make your site safer against hackers attacks and helps you recognizing that your site has been hacked.
GuardXT performs various checks on your system and informs you if something is going wrong.