How to strengthen your Joomla site’s securityPosted by SecurityAuditTeam on Jul 7, 2016 in Security Blog • No comments
Thanks to its ease-of-use and extensibility, Joomla is used all over the world to power websites of all shapes and sizes. Best of all, this award-winning CMS (Content Management System) is an open-source solution, which means it’s freely available to everyone. Great news for web developers that like to share ideas and code as freely as possible!
But for all its plus points, there are some drawbacks too. Because Joomla is so widely admired and accepted, it has become a popular target for hackers wanting to exploit security vulnerabilities and gain access to valuable data.
For this reason, you might want to heed the following advice on how to strengthen your Joomla site’s security.
Change your username and password
First of all, do not keep the default username ‘admin’, as you will give hackers a head start. You should also choose a strong password that contains letters and numbers as well as uppercase, lowercase, and special characters.
Keep everything updated
On average, Joomla developers will release a new version every two months, which you must download and install as soon as possible. This will protect you from cybercriminals who are constantly trying to find weaknesses and vulnerabilities in older versions.
Restrict user uploads
Think twice about letting users upload images or other types of media to your site. After all, do you really want to allow someone you don’t know to upload innocent-looking files onto your server that then turn out to be malicious pieces of software?
Change the super administrator ID number
Although this ID number features throughout Joomla to improve security, in some versions it is always set as ’62’. Once again, this makes life easy for potential threats, so change the ID number to frustrate and discourage.
Removed unused Joomla extensions
Even if you don’t use old extensions, components, or modules anymore, it is imperative you remove them. This is because they will remain a target for hackers, especially if you haven’t installed updates for a while.
Always use SSL certificates
To ensure your details are not transmitted over the Internet in plain sight, which cybercriminals could then easily intercept, always use SSL certificates on your installation.
Always use two-factor authentication
For an additional layer of login security, consider introducing two-factor authentication. This will create a temporary, time-based password that is unique to your username, which ensures no unauthorised personnel can gain access.
Use SEF URLs to hide extensions
By using a SEF (Search Engine Friendly) component, you not only make the URLs of your Joomla website more friendly, you can also markedly boost security. SEF URLs will mask the fact you use Joomla and any extension known to have security issues.
Change the default database prefix
Change this alias to something that hackers won’t be able to guess, such as a random 3 or 4 letter word, or install a security extension that can do this for you automatically. There are many freely available Joomla extensions that can help.
Perform a Joomla security audit
Enlist the services of Security Audit Systems and you can benefit from an extensive Joomla security audit that will check file and directory permissions, plugins and modules, as well as core and custom pages. You will be able to receive a full penetration testing report too, which could prove to be invaluable to you!
So there you have it, implementation of these ideas and advice should put you on the road to a more secure Joomla implementation.