Improving security of Joomla

The system Joomla! is free, it has open code and is one of the most used on the Internet and below-described methods can not guarantee 100% security and protection for your site. This is because a security breach could be achieved through newly discovered and previously unknown weakness in the code of the system - or the most commonly used method for malicious access - security weaknesses to install Joomla! plugin, components, module or theme.



This article describes the basic and most commonly used methods to protect and enhance system security.

1. Protection of the administrative panel

First option: Restrict access to the administration panel only to certain IP addresses

If you want the administration to be accessed only by your IP address, it is necessary in a file called .htaccess, located in the directory administrator, to put the lines:

Deny from All
Allow from xxx.xxx.xxx.xxx

Note: You need to replace xxx.xxx.xxx.xxx with your IP address.

If you access administration from another IP address, you can activate and access to it by adding another line:

Allow from xxx.xxx.xxx.xxx

Second option: Protecting access with additional username and password

You can use the option in the control panel cPanel -> "Directory password protected Password Protect Directories"

Additional information about that how to set up can find in the article: Protecting a directory with a username and password

2. Change the password for access of the system

Regularly change your password for access of the administration. Use strong passwords that contain upper and lowercase letters, numbers and special characters.

1) Do not use consecutive numbers or letters.
Example: 123456, abcdef and others.

2) Do not use your personal name, last name, phone number, ID, nickname, and any other information that is or could become publicly available, due to which the password could be cracked by detractors.

3) Do not use common combinations.
Example: 13,579, asdasd, 1q2w3e4r, qwertyuiop, admin, password, administrator, etc.

4) When choosing a password, you can replace some of the characters in the selected word in accordance with the password pattern letters = numbers.
Example: I = 1, L = 1, A = 4, T = 7, E = 3, g = 9, v = 0, and so Under this scheme, for example the word 'hosting' can be written as 'Hos71n9'.

5) Use combination of numbers, uppercase and lowercase letters. Long passwords (over 7 or 8 characters) give greater security of your account.
Some tips how to choose a suitable password

3. Change user for the administration

The administrative user in the database of Joomla! has ID 62 by default. This could be used by ill-intentioned persons to experience abuse. It could be changed as follows:

• It is necessary to create a new user with rights of "Super administrator" and should have a new name and a strong password.
• Then go out and sign in with the new user.
• Since there is no option to delete a user with rights of "Super administrator", modify the original administrator to have rights of "Manager" and save the setting.
• Now you can delete the original user (with ID 62).

Important: Before you make any changes, it is recommended to back up the database. You can export the database from phpMyAdmin and keep a local copy for you.

4. Subscribe to news from the developers of the system

When the system has renewal / new version or repair of omission / security hole in the system, these updates will be posted at:

http://www.joomla.org/announcements/release-news/

In versions of the system has a basic versions, for example 1.5, 2.5, 3.0, etc. and sub-versions, for example 1.5.27, 2.5.9, 3.0.3, etc. In sub-versions were made amendments to the code and gaps / holes in security, lost in the basic version.

It is strongly recommended as soon as possible after it came under a new version (eg 3.0.3) to perform system updates. Also when there is a new major version (eg 3.1) you can wait until it published its sub-version (eg 3.1.2, 3.1.3, etc.).

Thus you will effectively protect yourself from malicious attempts to access. It is important to perform an update of installed system plugins, modules and components, too.

It is necessary as soon as possible in presence of upgrade / update, to make updating any additional applications that use the system.

5. Reserved archive

It is advisable to regularly perform back ups of files and database. There are plugins that can help you perform back up - directly in administration of the system. If you do not use the plugin, you can make a back up of the site through the control panel of your hosting account.

Full back ups can generate through control cPanel menu "Back ups".

6. Additional protection

There are many extensions for additional protection of the system, such as changing the URL of the administration, adding to the number of failed access attempts, then blocked possibility of access to the administration site and others.

These could be found at:

http://extensions.joomla.org/category/access-a-security/site-security

Some of these extensions have included features on the above recommendations.

By using such extensions should be aware that a conflict may arise with a specific plug-in module, components or theme of your site. So before you install and activate the extension, it is recommended to back up the site.

  • 92 Users Found This Useful
Was this answer helpful?

Related Articles

reCapcha doesn't work on my WordPress site. How to fix it?

Question: I have some issues with my reCapcha on my WordPress site, how to fix it. It was just...

Is it possible to get a dedicated IP address for my webpage?

Question: Hello, Is it possible to get a dedicated IP address for my webpage? (I am planning to...

Problem with PHP WordPress memory

Question: I'm trying to increase the php memory limit to 128Mb in order to keep Woocommerce...

Ad banner module does not work in my host

Question: I installed an ad banner module, but gave me the following message:ForbiddenAccess to...

I can't access to my WP installation

Question: After copying the new site files to de main directory, I can not login into my...