Call us:    +44 (0) 207 0439 349        Company      Contact us

How to strengthen your Joomla site’s security

Posted by on Jul 7, 2016 in Security BlogNo comments

Joomla Website Security Advice

Thanks to its ease-of-use and extensibility, Joomla is used all over the world to power websites of all shapes and sizes. Best of all, this award-winning CMS (Content Management System) is an open-source solution, which means it’s freely available to everyone. Great news for web developers that like to share ideas and code as freely as possible!

 

But for all its plus points, there are some drawbacks too. Because Joomla is so widely admired and accepted, it has become a popular target for hackers wanting to exploit security vulnerabilities and gain access to valuable data.

 

For this reason, you might want to heed the following advice on how to strengthen your Joomla site’s security.

 

Change your username and password

 

First of all, do not keep the default username ‘admin’, as you will give hackers a head start. You should also choose a strong password that contains letters and numbers as well as uppercase, lowercase, and special characters.

 

Keep everything updated

 

On average, Joomla developers will release a new version every two months, which you must download and install as soon as possible. This will protect you from cybercriminals who are constantly trying to find weaknesses and vulnerabilities in older versions.

 

Restrict user uploads

 

Think twice about letting users upload images or other types of media to your site. After all, do you really want to allow someone you don’t know to upload innocent-looking files onto your server that then turn out to be malicious pieces of software?

 

Change the super administrator ID number

 

Although this ID number features throughout Joomla to improve security, in some versions it is always set as ’62’. Once again, this makes life easy for potential threats, so change the ID number to frustrate and discourage.

 

Removed unused Joomla extensions

 

Even if you don’t use old extensions, components, or modules anymore, it is imperative you remove them. This is because they will remain a target for hackers, especially if you haven’t installed updates for a while.

 

Always use SSL certificates

 

To ensure your details are not transmitted over the Internet in plain sight, which cybercriminals could then easily intercept, always use SSL certificates on your installation.

 

Always use two-factor authentication

 

For an additional layer of login security, consider introducing two-factor authentication. This will create a temporary, time-based password that is unique to your username, which ensures no unauthorised personnel can gain access.

 

Use SEF URLs to hide extensions

 

By using a SEF (Search Engine Friendly) component, you not only make the URLs of your Joomla website more friendly, you can also markedly boost security. SEF URLs will mask the fact you use Joomla and any extension known to have security issues.

 

Change the default database prefix

 

Change this alias to something that hackers won’t be able to guess, such as a random 3 or 4 letter word, or install a security extension that can do this for you automatically. There are many freely available Joomla extensions that can help.

 

Perform a Joomla security audit

 

Enlist the services of Security Audit Systems and you can benefit from an extensive Joomla security audit that will check file and directory permissions, plugins and modules, as well as core and custom pages. You will be able to receive a full penetration testing report too, which could prove to be invaluable to you!

 

So there you have it, implementation of these ideas and advice should put you on the road to a more secure Joomla implementation.

Tags: ,

Registered Memberships and Partners:

OWASP - Open Web Applications Security Project
ISSA UK - Information Systems Security Association UK
NIST - Computer Security Division of NIST
UKITA - UK Information Technology Association
ISF - Information Security Forum
ISACA - Information Security Audit & Control Association

  • Latest Tweets

    • Britain's security has been threatened by 188 high-level cyber attacks in the last three months, according to a government security chief.

    • Libraries across the city of St Louis are gradually regaining control of their computer systems, following a malware attack on 17 Libraries.

This website uses cookies to improve user experience. By using our website you consent to all cookies issued by this website.
I agree Disagree