The Joomla! Forum ™

Unfortunately, I have discovered, that the official Hungarian Joomla website has been hacked (http://www.joomla. org.hu/). It had been offline for a few weeks, a message said that they were updating the site, and yesterday, I saw that it had been hacked. Since then, I'm a bit worried about my Joomla site's security too (using the latest version, 3.0.2).
So I have searched around, read the security checklist, and all related docs. I have also installed the Admin Tools free component. With this component I have set a password to protect "administrator" (well, you can also do that in cPanel), and set up a unique super admin id. What other steps should I take (or components should I install) to make sure my site can't be easily hacked?
Also, I see that if you try to access http://www.joomla.org/administrator, it redirects you to the main page. How is that possible? Is it a safer method, than protecting it with a password?

Have you try Jsecure? If you broke, you can still use Admin Excile.

Oh, BTW, There's impossible to make our site 100% Hack free. So, Just take it easy and have a good preparation.

_________________
Mudah-mudahan bermanfaat
http://enigmawebinc.com >> Jasa Web Joomla Profesional

Thank you for your reply. I know it's impossible, I'm just trying to make my site a bit harder to hack. I'm going to check them out.

Also ensure you are with a Web Host that can offer secure hosting. Symlinking, weak FTP passwords on any account on some servers can compromise a whole server.

_________________
Web Hosting And Domains Provider In South Africa
http://www.hostking.co.za
Web Hosting - http://www.hostking.co.za/web-hosting/

Also put in a secure htaccess master file like this one from Nicholas https://akeeba.assembla.com/code/master ... access.txt

If you get that to work after some tweaking its more secure..

_________________
Success in the long run Its not about the code its about the people and community that's make it!
Its not what you say its what you do that matters!

Darb - aka ssnobben

Warning
The use of custom htaccess files such as the one in the Joomla documentation site:
http://docs.joomla.org/Htaccess_examples_%28security%29

and the one here
https://akeeba.assembla.com/code/master ... access.txt

is at a users own risk. These htaccess files are NOT plug and play and will cause your site to cease working until properly configured. The files also contain code that may be enabled by default that is not relevant for every site and will cause issues. If a site already contains an htaccess file, then replacing that file with a 'master' file may cause the site to stop working or stop working properly. Examples would be an existing htaccess that includes code to enable php 5.3 which Joomla 3.0.xx requires or a site with a permanent redirect in the htaccess file.

For most websites and purposes, the default included Joomla htaccess file is more than sufficient. The Joomla htaccess file file is not enabled by default as some sites already have a default htaccess file with specific commands set by their host or by the site developer. To enable the Joomla htaccess file rename the file htaccess.txt to .htaccess The file generally does not require any configuration. If there is an existing .htaccess file, then add the Joomla code to the existing file or if unsure ask us to help.

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

I highly recommend Incapsula plugin for both security issues as it provides you a real good protection from hacking and also makes the site fast. I use it for my clients and it works like a charm.
free download from jed. good luck

http://extensions.joomla.org/extensions ... tion/22609

Done with a directive in htaccess-file

Leo

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---

Step 1. Install the component and go to Components > DB Admin.

Step 2. Using the intuitive interface, change the default "jos_" prefix of your Joomla 1.5 tables to a different value.

Step 3. Modify the configuration.php file in your main Joomla folder. In it locate the following line:

var $dbprefix = 'jos_';

You will have to edit it to correspond to the new table prefix you have set. For example, if you have changed the table prefix to "smth_" the line in the configuration.php file should look like this:

var $dbprefix = 'smth_';

The default table prefix of your Joomla database is now changed. This should block the majority of attacks against your database.

Joomla 3.0+ randomizes the database prefix automatically upon site creation and no longer uses a default jos_ prefix. It is no longer necessary to manually change the prefix.

As Leo said it is easy by using a directive in the site htaccess file to redirect all but specific ip addresses to the home page when access to the the admin url is attempted.

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator