dart-creations.com - Top Ten Joomla Security Problems

Home

... and how to avoid them

Joomla Security is a hot issue. Unfortunately there are some security problems which are done over and over again and which can easily be avoided. Here are the problems and what you should do to avoid them.

10. Cheap Hosting Providers - Never go for the cheapest hosting provider you can find. Typically cheap hosting providers use shared servers that hosts hundreds of other sites, some of which are high-traffic porn sites. Check the list of recommended and Joomla approved hosting providers.

9. No Backups - Make sure you have regular Joomla backups. In case your site gets hacked or something happens, you will be able to rebuild from scratch.

8.Skipping hardening (tweaking settings for security) of PHP and Joomla! settings - Forgetting or skipping the adjusting PHP and Joomla! settings for increased security is a huge no no. There are many small settings and tweaks you can do to make your PHP server and Joomla! more secure.

7. Weak Passwords or Same passwords - Using the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, is another mistake you should avoid like the plague. Always use strong passwords which are different from those for your other accounts. Remember also to change the name of the admin account.

6. Install and forget - After install your brand new beautiful Joomla!-powered site, check it regularly making sure nothing has gone wrong. Lots of things can go wrong if you don't maintain all the components of your Joomla installations.

5. Having no development server - All upgrades and extension installations should be first tried on a development server, before being done on the live site. If something goes wrong on the development server, you can avoid creating the same problem on the server, and you'll make sure your live site stays clean.

4. Trusting all 3rd party extensions - You should only install the barest minimum extensions you require. If you can avoid installing a 3rd party module, avoid it. Not all 3rd party extensions are free from trouble, and some are just plain horrible, buggy and contain vulnerabilites. Each 3rd party extension, is another component which might expose you to vulnerabilities and must be kept up to date. Be wary of the 3rd party extensions you install, preferably go for the professional components from reputable companies.

3. Forgetting to keep your Joomla! site updated - after install your brandnew beautiful Joomla!-powered site, keep yourself up to date with any stable releases, and update with each stable release. Most stable releases fix problems and vulnerabilites. Forgetting to upgrade will leave your site exposed toproblems. This also applies for any 3rd party extensions you install.

2. Lack of infomation when asking for help - If your site gets hacked / cracked, go to the Joomla forums, and before you start posting away like crazy, make sure you have all relevant information available, such as the version of Joomla you have installed, what version of 3rd party extensions you have installed. This information will help to identify what could have caused your hack, and how to fix and avoid it happening again.

1. Fix and cracked file and forget it - Once your site's been cracked, fixing the defaced file is not enough. Check your site's logs,change your old passwords, remove the entire directory and rebuild it from clean backups, and take all precautionary actions!

This is a revisited version of the Top Ten Stupidest Adminstrator Tricks , without the sarcasm and with recommendations instead