This article describes the basic and most commonly used methods to protect and enhance system security.
1. Protection of the administrative panel
First option: Restrict access to the administration panel only to certain IP addresses
If you want the administration to be accessed only by your IP address, it is necessary in a file called .htaccess, located in the directory administrator, to put the lines:
Deny from All
Allow from xxx.xxx.xxx.xxx
Note: You need to replace xxx.xxx.xxx.xxx with your IP address.
If you access administration from another IP address, you can activate and access to it by adding another line:
Allow from xxx.xxx.xxx.xxx
Second option: Protecting access with additional username and password
You can use the option in the control panel cPanel -> "Directory password protected Password Protect Directories"
Additional information about that how to set up can find in the article: Protecting a directory with a username and password
2. Change the password for access of the system
Regularly change your password for access of the administration. Use strong passwords that contain upper and lowercase letters, numbers and special characters.
1) Do not use consecutive numbers or letters.
Example: 123456, abcdef and others.
2) Do not use your personal name, last name, phone number, ID, nickname, and any other information that is or could become publicly available, due to which the password could be cracked by detractors.
3) Do not use common combinations.
Example: 13,579, asdasd, 1q2w3e4r, qwertyuiop, admin, password, administrator, etc.
4) When choosing a password, you can replace some of the characters in the selected word in accordance with the password pattern letters = numbers.
Example: I = 1, L = 1, A = 4, T = 7, E = 3, g = 9, v = 0, and so Under this scheme, for example the word 'hosting' can be written as 'Hos71n9'.
5) Use combination of numbers, uppercase and lowercase letters. Long passwords (over 7 or 8 characters) give greater security of your account.
Some tips how to choose a suitable password
3. Change user for the administration
The administrative user in the database of Joomla! has ID 62 by default. This could be used by ill-intentioned persons to experience abuse. It could be changed as follows:
• It is necessary to create a new user with rights of "Super administrator" and should have a new name and a strong password.
• Then go out and sign in with the new user.
• Since there is no option to delete a user with rights of "Super administrator", modify the original administrator to have rights of "Manager" and save the setting.
• Now you can delete the original user (with ID 62).
Important: Before you make any changes, it is recommended to back up the database. You can export the database from phpMyAdmin and keep a local copy for you.
4. Subscribe to news from the developers of the system
When the system has renewal / new version or repair of omission / security hole in the system, these updates will be posted at:
In versions of the system has a basic versions, for example 1.5, 2.5, 3.0, etc. and sub-versions, for example 1.5.27, 2.5.9, 3.0.3, etc. In sub-versions were made amendments to the code and gaps / holes in security, lost in the basic version.
It is strongly recommended as soon as possible after it came under a new version (eg 3.0.3) to perform system updates. Also when there is a new major version (eg 3.1) you can wait until it published its sub-version (eg 3.1.2, 3.1.3, etc.).
Thus you will effectively protect yourself from malicious attempts to access. It is important to perform an update of installed system plugins, modules and components, too.
It is necessary as soon as possible in presence of upgrade / update, to make updating any additional applications that use the system.
5. Reserved archive
It is advisable to regularly perform back ups of files and database. There are plugins that can help you perform back up - directly in administration of the system. If you do not use the plugin, you can make a back up of the site through the control panel of your hosting account.
Full back ups can generate through control cPanel menu "Back ups".
6. Additional protection
There are many extensions for additional protection of the system, such as changing the URL of the administration, adding to the number of failed access attempts, then blocked possibility of access to the administration site and others.
These could be found at:
Some of these extensions have included features on the above recommendations.
By using such extensions should be aware that a conflict may arise with a specific plug-in module, components or theme of your site. So before you install and activate the extension, it is recommended to back up the site.