WeblinkIndia logo
+91-9811948545 Get a Call Back

How to Protect Your Joomla Sites

Web Development | Admin | Updated: 2011-11-14

How to Protect Your Joomla Sites

With the increasing usage of the Joomla sites, it has become important to secure them from different threats, which pose a potential danger to the security of the site. There are various types of attacks that can be faced by your Joomla site and here are ten tips on how you can avoid them:

Proper Hosting Environment

For a Joomla website, the server should always be properly configured. The server running PHP in CGI mode with su_php should be chosen so that the PHP is run under your personal account user rather than global Apache user and you are free from citing insecure permissions like CHMOD of 777.

  • Set register_globals OFF
  • Disable allow_url_fopen
  • Adjust the magic_quotes_gpc directive as required for your site. The suggested setting for Joomla! 1.0.x is ON to protect from poorly-written extensions. Joomla! 1.5 ignores this setting and functions properly both ways.
  • Dont use PHP safe_mode

Disable FTP Layer

While installation, don't enable the FTP layer as it opens up a potential security hole since your FTP details are stored in plain text under a Joomla! Configuration file FTP layer is not required if your hosting is protected and configured properly for Joomla.

Change the Default Database Prefix (jos_)

While installation, change the default database prefix to something arbitrary. As hackers try to recover super admin details from jos_users table, most of the SQL injection attacks will stop.

Enable SEF URLs

Google inurl: command is used by most of the hackers to exploit vulnerabilities. So, enable SEF URLs through site configuration if you use Joomla 1.5. You can also use extensions like SH404SEF for both Joomla 1.0 and Joomla 1.5. This would prevent hackers from finding exploits and benefit you from SEO perspective.

Upgrade to latest release of Joomla

Never forget to update to the latest release of the Joomla. The recent release is 1.5.11. Subscribe to http://feeds.joomla.org/JoomlaSecurityNews to get updates about the latest security releases. Use official sites to download Joomla! such as the Joomla! Forge, and check the MD5 hash

Strong Password

Keep your password strong for the administrator accounts. For example: E#M!$<9%k. Sites like www.strongpasswordgenerator.com can help to generate a strong password. You should protect your administrative folder with a password. In apache web server, you can do this in htaccess file or in cpanel, Password Protected Directory option helps to setup a password. This will add another layer of username/password before someone reaches your Joomla admin details. Keep this password different from Joomla admin password.

Third party extensions

There are more than 4000 extensions including non-commercial extensions that are available for Joomla. But don't install needless extensions on your website. Remember, vulnerability in these extensions results in most hacking attempts. So, always use popular extensions with strong community backing and development process.

Proper file/folder permissions

The proper file/folder permissions for your Joomla website are:

  • Config files: 666
  • PHP files: 644
  • Other folders: 755

You can use FTP client to CHMOD the files and folders.

Setup a Backup and Recovery Process

Always rely on a strong backup and recovery protocol for your live website. Apart from hacking, other factors such as hardware failure, hosting provider issues, faulty upgrade or extension install may also compromise your website. You can use a non-commercial component JoomlaPack, native for both Joomla 1.0 and 1.5 for backup. As hackers come up with novel ways of jeopardizing the security of websites, the developers should also stay a step ahead in ensuring proper security at all levels. This can be done by incorporating the tips mentioned here to secure the Joomla website.

12 thoughts on "How to Protect Your Joomla Sites"

  • Sakshi Infoway Pvt.Ltd
    19 June, 2017 at 11:20 am

    Great Post. Your blog will really help people. Thanks for it.


  • AcumenXP
    25 September, 2016 at 11:56 am

    Thanks for sharing the great information with us.


  • mondalbangalore
    08 February, 2012 at 11:31 am

    This post can help a lot for security and safety. Thanks to u for sharing. We must follow these points.


  • Projekty dom
    09 December, 2011 at 5:36 am

    Thank u so much for sharing these details. Valuable and also excellent.


  • Pandora Bracelets
    06 December, 2011 at 2:16 am

    There is obviously a lot to know about this. You made very good points in Features also.


  • Hank
    04 December, 2011 at 6:06 am

    Thanks for all this good information!


    30 November, 2011 at 10:19 am

    This website is very good. I very like it.


  • Backup Creator
    28 November, 2011 at 11:14 pm

    Thanks for the Great share of information, it was very helpful to me. I really like the way you have framed your particular ideas regarding this matter, keep up the great work. All the Best.


  • Tallahassee web design
    22 November, 2011 at 1:12 pm

    This is really nice. Thank you for sharing this post. This has been a big help.


  • raj
    21 November, 2011 at 12:58 am

    Hi, Excellent post, I like the way of your writing... Thanks WeblinkIndia for the sharing..


  • 356real
    17 November, 2011 at 2:12 am

    Thanks for the significant tips I have really learned through your blog.


  • SEO
    14 November, 2011 at 9:29 pm

    I really like this article, Thankyou for the information.


Add a Comment

Your email address will not be published. Required fields are marked *