How to make a Joomla website more secure
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Apprentice
- Posts: 49
- Joined: Sun Nov 04, 2012 3:21 pm
How to make a Joomla website more secure
Unfortunately, I have discovered, that the official Hungarian Joomla website has been hacked (http://www.joomla. org.hu/). It had been offline for a few weeks, a message said that they were updating the site, and yesterday, I saw that it had been hacked. Since then, I'm a bit worried about my Joomla site's security too (using the latest version, 3.0.2).
So I have searched around, read the security checklist, and all related docs. I have also installed the Admin Tools free component. With this component I have set a password to protect "administrator" (well, you can also do that in cPanel), and set up a unique super admin id. What other steps should I take (or components should I install) to make sure my site can't be easily hacked?
Also, I see that if you try to access http://www.joomla.org/administrator, it redirects you to the main page. How is that possible? Is it a safer method, than protecting it with a password?
So I have searched around, read the security checklist, and all related docs. I have also installed the Admin Tools free component. With this component I have set a password to protect "administrator" (well, you can also do that in cPanel), and set up a unique super admin id. What other steps should I take (or components should I install) to make sure my site can't be easily hacked?
Also, I see that if you try to access http://www.joomla.org/administrator, it redirects you to the main page. How is that possible? Is it a safer method, than protecting it with a password?
Last edited by mandville on Sun Nov 25, 2012 4:52 pm, edited 1 time in total.
Reason: broke link
Reason: broke link
- mfauzirizal82
- Joomla! Enthusiast
- Posts: 186
- Joined: Mon Jan 11, 2010 9:23 am
- Location: Cibeureum Cibatok 2 Cibungbulang
- Contact:
Re: How to make a Joomla website more secure
Have you try Jsecure? If you broke, you can still use Admin Excile.N4ndee wrote:Unfortunately, I have discovered, that the official Hungarian Joomla website has been hacked (http://www.joomla. org.hu/). It had been offline for a few weeks, a message said that they were updating the site, and yesterday, I saw that it had been hacked. Since then, I'm a bit worried about my Joomla site's security too (using the latest version, 3.0.2).
So I have searched around, read the security checklist, and all related docs. I have also installed the Admin Tools free component. With this component I have set a password to protect "administrator" (well, you can also do that in cPanel), and set up a unique super admin id. What other steps should I take (or components should I install) to make sure my site can't be easily hacked?
Also, I see that if you try to access http://www.joomla.org/administrator, it redirects you to the main page. How is that possible? Is it a safer method, than protecting it with a password?
Oh, BTW, There's impossible to make our site 100% Hack free. So, Just take it easy and have a good preparation.
Mudah-mudahan bermanfaat
http://enigmawebinc.com >> Jasa Web Joomla Profesional
http://enigmawebinc.com >> Jasa Web Joomla Profesional
-
- Joomla! Apprentice
- Posts: 49
- Joined: Sun Nov 04, 2012 3:21 pm
Re: How to make a Joomla website more secure
Thank you for your reply. I know it's impossible, I'm just trying to make my site a bit harder to hack. I'm going to check them out.
-
- Joomla! Apprentice
- Posts: 29
- Joined: Sat Sep 01, 2012 7:02 pm
- Contact:
Re: How to make a Joomla website more secure
Also ensure you are with a Web Host that can offer secure hosting. Symlinking, weak FTP passwords on any account on some servers can compromise a whole server.
Top Joomla and CMS Hosting And Domains Provider In South Africa
https://www.hostking.co.za/web-hosting-south-africa
https://www.hostking.com.ng/web-hosting-nigeria
https://www.hostking.co.za/web-hosting-south-africa
https://www.hostking.com.ng/web-hosting-nigeria
- darb
- Joomla! Hero
- Posts: 2038
- Joined: Thu Jul 06, 2006 12:57 pm
- Location: Stockholm Sweden
Re: How to make a Joomla website more secure
Also put in a secure htaccess master file like this one from Nicholas https://akeeba.assembla.com/code/master ... access.txt
If you get that to work after some tweaking its more secure..
If you get that to work after some tweaking its more secure..
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: How to make a Joomla website more secure
Warning
The use of custom htaccess files such as the one in the Joomla documentation site:
http://docs.joomla.org/Htaccess_examples_%28security%29
and the one here
https://akeeba.assembla.com/code/master ... access.txt
is at a users own risk. These htaccess files are NOT plug and play and will cause your site to cease working until properly configured. The files also contain code that may be enabled by default that is not relevant for every site and will cause issues. If a site already contains an htaccess file, then replacing that file with a 'master' file may cause the site to stop working or stop working properly. Examples would be an existing htaccess that includes code to enable php 5.3 which Joomla 3.0.xx requires or a site with a permanent redirect in the htaccess file.
For most websites and purposes, the default included Joomla htaccess file is more than sufficient. The Joomla htaccess file file is not enabled by default as some sites already have a default htaccess file with specific commands set by their host or by the site developer. To enable the Joomla htaccess file rename the file htaccess.txt to .htaccess The file generally does not require any configuration. If there is an existing .htaccess file, then add the Joomla code to the existing file or if unsure ask us to help.
The use of custom htaccess files such as the one in the Joomla documentation site:
http://docs.joomla.org/Htaccess_examples_%28security%29
and the one here
https://akeeba.assembla.com/code/master ... access.txt
is at a users own risk. These htaccess files are NOT plug and play and will cause your site to cease working until properly configured. The files also contain code that may be enabled by default that is not relevant for every site and will cause issues. If a site already contains an htaccess file, then replacing that file with a 'master' file may cause the site to stop working or stop working properly. Examples would be an existing htaccess that includes code to enable php 5.3 which Joomla 3.0.xx requires or a site with a permanent redirect in the htaccess file.
For most websites and purposes, the default included Joomla htaccess file is more than sufficient. The Joomla htaccess file file is not enabled by default as some sites already have a default htaccess file with specific commands set by their host or by the site developer. To enable the Joomla htaccess file rename the file htaccess.txt to .htaccess The file generally does not require any configuration. If there is an existing .htaccess file, then add the Joomla code to the existing file or if unsure ask us to help.
PhilD
-
- Joomla! Fledgling
- Posts: 1
- Joined: Sun Dec 23, 2012 12:53 pm
Re: How to make a Joomla website more secure
I highly recommend Incapsula plugin for both security issues as it provides you a real good protection from hacking and also makes the site fast. I use it for my clients and it works like a charm.
free download from jed. good luck
http://extensions.joomla.org/extensions ... tion/22609
free download from jed. good luck
http://extensions.joomla.org/extensions ... tion/22609
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: How to make a Joomla website more secure
Done with a directive in htaccess-fileN4ndee wrote: Also, I see that if you try to access http://www.joomla.org/administrator, it redirects you to the main page. How is that possible?
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
-
- I've been banned!
- Posts: 12
- Joined: Thu Feb 21, 2013 6:37 am
- Location: USA
- Contact:
Re: How to make a Joomla website more secure
Step 1. Install the component and go to Components > DB Admin.
Step 2. Using the intuitive interface, change the default "jos_" prefix of your Joomla 1.5 tables to a different value.
Step 3. Modify the configuration.php file in your main Joomla folder. In it locate the following line:
var $dbprefix = 'jos_';
You will have to edit it to correspond to the new table prefix you have set. For example, if you have changed the table prefix to "smth_" the line in the configuration.php file should look like this:
var $dbprefix = 'smth_';
The default table prefix of your Joomla database is now changed. This should block the majority of attacks against your database.
Step 2. Using the intuitive interface, change the default "jos_" prefix of your Joomla 1.5 tables to a different value.
Step 3. Modify the configuration.php file in your main Joomla folder. In it locate the following line:
var $dbprefix = 'jos_';
You will have to edit it to correspond to the new table prefix you have set. For example, if you have changed the table prefix to "smth_" the line in the configuration.php file should look like this:
var $dbprefix = 'smth_';
The default table prefix of your Joomla database is now changed. This should block the majority of attacks against your database.
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: How to make a Joomla website more secure
Joomla 3.0+ randomizes the database prefix automatically upon site creation and no longer uses a default jos_ prefix. It is no longer necessary to manually change the prefix.
As Leo said it is easy by using a directive in the site htaccess file to redirect all but specific ip addresses to the home page when access to the the admin url is attempted.
As Leo said it is easy by using a directive in the site htaccess file to redirect all but specific ip addresses to the home page when access to the the admin url is attempted.
PhilD