Simple Points To Consider To Secure Joomla
Since the web 2.0 development has become the common way to present a website to users these days, the manual programming of websites has been now old school. Most websites use a Content Management System backend to manage the publishing of the website’s frontend. One such mainstream CMS is Joomla, which has slowly but surely become a mature program for users, but still imperfect.
Change default Joomla prefix right after initial roll-out
The Joomla database contains all the information, not only that of all users, including the administrators. That is why in order to avoid being vulnerable, it is recommended use a different prefix than the one that comes by default. It is important to bear in mind that this must be done at the time of installation, if Joomla is already running, this can still be done, but it is highly recommended to perform a full backup beforehand.
Install a Joomla security plugin
A basic and really important point, when it comes to improving the security of Joomla is to install a security plugin. While excessive installation of plugins is highly discouraged, there are some of them, such as security-specific plugins that are needed to be installed in order to prevent exploits as much as possible.
Use a unique complex passwords
There are many methods that allow us to decrypt passwords in a few minutes nowadays, that is why all users must take several things into account when creating a new password and even a user as well. Mix letters and numbers in lowercase and uppercase, also include special characters and make sure it is at least 8 characters long. On the other hand, users must always leave aside the use of “admin”, “administrator”, “administrator”, “pass”, “password”, etc. Using them as usernames or passwords is a very bad security practice, not only do they not comply with the points mentioned above but they are also well known and some of the easiest to decipher.
Never forget to change the password for Joomla administrator
Joomla administrator account needs to be hardened, please only use strong unique passwords for it.
Joomla is as secure as the local PC used for web development
Clean the development PC, Joomla can only be considered secure if the webmaster files in the local hard disk are encrypted. Now, keep in mind that in addition to those files, if the PC is infected uploading malware from it to the server subjects the visitors to unknown risks. It is very important to analyze the local computer every so often and eliminate any possible threats.
Make sure to apply correct file permissions to content files
Permissions are another of the most viewed reasons why sites end up hacked, the use of unnecessary permissions is seen every day and is something that should be avoided if the webmaster really wants to have their Joomla installation secured. They need to check and make sure the correct permissions on the files are applied, do not give ” 777 ” permissions to everything, especially when it’s more than enough to use ” 755 ” for folders and ” 644 ” for files.
Do not install excessive plugins
- First of all check the plugins that are really needed and eliminate those that are not extremely necessary or unused at the moment.
- Make sure not to install the plugins if it didn’t come from a reputable source.
- Keep them updated, web admins should always have all the components of the CMS, both production and development environments.
- Read reviews of the plugins before installing them, know what other users say about them, to have more or less an idea of what the plugin really is.
- It is also advisable to remove versions of these plugins in order to prevent hackers from knowing what vulnerabilities Joomla contains, through versions of extensions and plugins.
Julia Sowells882 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.