Uncategorized

Thanks to its ease-of-use and extensibility, Joomla is used all over the world to power websites of all shapes and sizes. Best of all, this award-winning CMS (Content Management System) is an open-source solution, which means it’s freely available to everyone. Great news for web developers that like to share ideas and code as freely as possible!

But for all its plus points, there are some drawbacks too. Because Joomla is so widely admired and accepted, it has become a popular target for hackers wanting to exploit security vulnerabilities and gain access to valuable data.

For this reason, you might want to heed the following advice on how to strengthen your Joomla site’s security.

Change your username and password

First of all, do not keep the default username ‘admin’, as you will give hackers a head start. You should also choose a strong password that contains letters and numbers as well as uppercase, lowercase, and special characters.

Keep everything updated

On average, Joomla developers will release a new version every two months, which you must download and install as soon as possible. This will protect you from cybercriminals who are constantly trying to find weaknesses and vulnerabilities in older versions.

Restrict user uploads

Think twice about letting users upload images or other types of media to your site. After all, do you really want to allow someone you don’t know to upload innocent-looking files onto your server that then turn out to be malicious pieces of software?

Change the super administrator ID number

Although this ID number features throughout Joomla to improve security, in some versions it is always set as ’62’. Once again, this makes life easy for potential threats, so change the ID number to frustrate and discourage.

Removed unused Joomla extensions

Even if you don’t use old extensions, components, or modules anymore, it is imperative you remove them. This is because they will remain a target for hackers, especially if you haven’t installed updates for a while.

Always use SSL certificates

To ensure your details are not transmitted over the Internet in plain sight, which cybercriminals could then easily intercept, always use SSL certificates on your installation.

Always use two-factor authentication

For an additional layer of login security, consider introducing two-factor authentication. This will create a temporary, time-based password that is unique to your username, which ensures no unauthorised personnel can gain access.

Use SEF URLs to hide extensions

By using a SEF (Search Engine Friendly) component, you not only make the URLs of your Joomla website more friendly, you can also markedly boost security. SEF URLs will mask the fact you use Joomla and any extension known to have security issues.

Change the default database prefix

Change this alias to something that hackers won’t be able to guess, such as a random 3 or 4 letter word, or install a security extension that can do this for you automatically. There are many freely available Joomla extensions that can help.

Perform a Joomla security audit

Enlist the services of Security Audit Systems and you can benefit from an extensive Joomla security audit that will check file and directory permissions, plugins and modules, as well as core and custom pages. You will be able to receive a full penetration testing report too, which could prove to be invaluable to you!

So there you have it, implementation of these ideas and advice should put you on the road to a more secure Joomla implementation.

WordPress has become the world’s most popular website platform for blogs and generic websites. This is partly due to its flexibility and ease of use but one thing that often gets overlooked with new WordPress sites is security!

Don’t leave securing your new WordPress website until the hackers come knocking! With the ever increasing attentions of cyber criminals and hackers, no website can really ever be said to be safe!

To help you to make your website as secure as possible, let’s take a look at the basic security steps that should be taken and the security related plug-ins that are available within the ecosphere of WordPress.

The major WordPress Security Vulnerabilities

As with any website platform, potential security vulnerabilities are potentially rife in WordPress! Secure hosting, variable login pages, strong passwords are just the start.

Here is a list of the major potential security issues:

• Website hosting Server security vulnerabilities
• Theme security within WordPress
• Plug-in security within WordPress
• Database security
• Incorrect File permissions
• Potential FTP vulnerabilities / Back doors
• Lack of secure Encryption

There is not a single plugin that covers all possible security holes with WordPress sites therefore effectively Managing WordPress Security is vital!

But what security plug-ins are available and which ones may suit your site? Let’s take a look:

Wordfence plug-in

Wordfence is a comprehensively powerful security plug-in. It also comes in both a free and paid for version. The paid versions cost ultimately depends on the number of licenses that you are purchasing and how long the licenses are active.

Wordfence is not just a standalone piece of software; it comes with support and monitoring from the company that developed it too. Basically, Wordfence servers scan your website for any recent file changes, code injections, malware, or any backdoor exploits. Website scans can be scheduled to run at whatever time you require.

Their ‘’threat defence feed’ arms your plug-in with the most up to date firewall rules, malware signatures and even supplies suspect and potentially malicious IP addresses!

Wordfence major elements:

• Two-factor authentication
• Threat Defense Feed
• Malware detection
• Country IP blocking
• Scans for recent file changes
• Scans for code injection
• Blocks IP addresses
• Customisable alerts can be setup

iThemes Security plug-in

iThemes Security provides users with either a free version with limited functionality or a paid version with more comprehensive functionality. This is what it covers:

• Monitors core files for changes
• Brute force login protection
• Two-Factor verification and identification.
• Logs user actions.
• Login and Admin pages can be hidden
• Locks out ‘too many attempts’
• Can be set to require secure passwords for specific user roles.
• Ticket logging system for support.

There is the chance that some changes could actually break your website. With iThemes Security be careful regarding database changes and file path changes! Always back-up your website before installing the iThemes Security plugin and prior to enabling any of its features, in case mistakes are made.

Sucuri Security plug-in

Sucuri Security is a free WordPress plugin. It is primarily good for quickly alerting you to any potential security problems with your WordPress installation.
It monitors and records all activity within your WordPress installation keeping a log of all activity that takes place.

Your installations files, such as WP Themes, plug-ins and the WP core are all monitored. When you activate this plug=in it first of all records all files present as an initial base point. Future changes to existing files and new files will then be notified to you directly when modification occur.

Lets look at Sucuri in a nutshell then:

• New/Modified File change alerts
• Protecting your upload directory from browsing and nefarious PHP execution
• Restricts access to wp-content and wp-include files
• Malware scans
• Blacklist monitoring
• Verifies your security keys
• Restricts access to the file editor in your WordPress dashboard.

All in One WP Security plug-in

All in One WP Security has a useful grading system, making identification of areas where your WordPress website security a doddle! There is a dashboard which ranks your existing levels of security on a scale according to security measures that have been enabled.

Basic, intermediate and advanced at the three levels included. Basic features are easy and safe to activate even for novice users. Intermediate and advanced features have the potential to break some of your website’s functionality so take care!

Sub-menus contain the main security features, together with detailed information regarding what you are changing!

Here is a quick reference list of features:

• Firewall protection
• Manual approve new user registrations
• Disable WP Meta information
• User account monitoring
• Prevents of Brute Force login attacks
• Database prefix management functionality
• Named file protection
• The ability to edit PHP files from within the dashboard
• Black-listing of users based on their IP or range of IP addresses
• Ability to change the login page URL
• Captchas and approved ‘whitelists’
• Cookie based login functionality
• Comment spam prevention
• Ability to detection file changes

WordPress Security Plug-ins are very powerful and care should be exercised in their implementation and usage.
If in any doubt the consider Managed WordPress security and secure hosting from the specialists!

Here we have a great looking and useful infographic from a blogging infographics website called Your Escape From 9 to 5 that is packed with information to help you with WordPress security. The infographic is broken down into sections including how do WordPress blogs get hacked, statistics, how to prevent WordPress security issues, website host, themes and plugins and your computer and network.

We hope that you enjoy this WordPress security piece and please share with your fellow bloggers on Facebook, Twitter, Google+ etc.

Ever wanted to know where cyber attacks are coming from when they hit your business? Take a look at Tripwire’s awesome infographic which has a nice breakdown of the most common origins of cyber attacks.

Popular website development platform WordPress is now used in over 25% of all of the world’s websites! This is an amazing feat for an open-source platform that was only born on May 27^th 2003, the blink of an eye in web technology circles!

It has now surpassed other favoured development platforms such as Joomla and Drupal but why is this? WordPress was initially created due to the need, at the time, for an elegant and well-architectured personal publishing system enabling bloggers to publish their own, or others guest blog content, for their own readership.

Freely available WordPress themes and plug-ins

So, the rise of the blogger was thus partly responsible for the initial creation and Launch of WordPress as a stable blogging platform! It also helped that it was based upon open source PHP and MySQL technology, licenced under GPL (GNU General Public License) back in the day, as it still is today.

This all meant that developers could get their hand on the core WordPress software for free, only needing to pay for specific add-ons (known as plug-ins) where none were available for free.

What’s more, many developers also pooled resources to provide not only free plug-ins but also free ‘WordPress Themes’, that enabled anyone, from beginner to those with just a modicum of website development knowledge, to develop their own site with a professional look and feel.

This all remains the case today, with many developers happily sharing plug-ins and themes free of charge within the happy WordPress ecosphere!

Secure online trading with WooCommerce

WordPress is now a stable mature and elegant solution, even for E-Commerce sites with the popular WooCommerce plug-in enabling rapid website software development for those needing to trade online. In fact, according to recent research WooCommerce now powers over 37% of online shops!

Ease of online marketing with WordPress and WooCommerce

It is fair to say then that WooCommerce is now, by far, the most popular E-Commerce platform for those that are serious about the online marketing of their products or services.

With additional WordPress plug-ins such as Yoast, Search Engine Optimisation (SEO) is now also a doddle for users of WooCommerce. Such plug-ins can now automate many previously onerous digital marketing tasks. This even includes adherence to the AMP (Accelerated Mobile Pages) concept, the new standard for mobile web pages that online search giant Google has recently started to endorse.

The ability to easily add new website pages and blogs also helps WooCommerce advocates to keep their content fresh and up to date, which is good for online visibility in the search engines such as Google, and for website visitors alike.

Securing your WordPress installation

Security has been one of the major issues that the WordPress platform, along with other platforms, has had to face, in part of course due to its success!

Nowadays there is a vast array of security plug-ins available for WordPress which makes the task of securing websites developed within its ecosphere far easier than before. In fact, some of the security plug-ins for WordPress are even free of charge, albeit often with somewhat limited functionality. Premium ‘paid for’ versions will generally provide more comprehensive features.

What security features should you look for in WordPress Security plug-ins?

For free plug-ins, and naturally for any paid for plug-ins, we think you should look for the following as the minimum in acceptable functionality:-

1. A variable Admin login URL page to help defeat hackers
2. The ability to hide your WordPress version from prying eyes
3. Real time logs of suspected nefarious hacking attempts
4. Firewall functionality
5. Malware detection
6. Instant Email or SMS notification of any identified hacking attack
7. Automatic plug-in updates
8. Ability to scan hosted files outside your own WordPress installation
9. Some level of technical support

You may be a novice web developer or organisation that does not have time to worry about your websites security. If so consider using specialists in WordPress website security and secure hosting by contacting the team at Security Audit Systems.

Never leave your website vulnerable to hackers. Take no risks when it comes to the security of your website and your user’s confidential financial or personal information

Some level of online security is better than none and with the vast number of security plug-ins for WordPress your website and its visitors will be safer from attack with a security plug-in installed. To help your decision making, here are just a few WordPress Security Plug-ins from all the available WP security plugins available, with no particular recommendation from us:-

• Sucuri Security
• Wordfence
• IThemes Security (Formerly Better WP Security)
• All in One WP Security & Firewall
• Acunetix WP SecurityScan

Other security plug-ins are available directly from the WordPress organisations own website, just browse the features of each, read the reviews available online and make your own mind up, based upon what we have discussed today!

Whatever you decide to do regarding your websites online security, remember that any protection is better than none. Whether you choose one of the above or something else, we wish you all the best online!