Useful Tips to Secure your Joomla Site

2010 was the year for the web hacker’s boom. A 600% increase in web hacking over the past year has got the attention of Joomla web security expert Tom Canavan. Tom is the author of “Joomla Web Security” a book published by Packt publishing that is dedicated to website security. Hacker issues affected a couple of our customers and that’s definitely something that keeps our team on their toes. The embarrassment surrounding hacking is more of a problem than anything but it does wreck havoc to brand identity, customer confidence and intellectual property. While we all know that no public web platform or CMS system escapes the affects of hacking, we are also confident in the Joomla community of expert developers and programmers, who offer one of the fastest response times and have the capability to leverage one of the largest global networks of expertise. We have pulled together some tips and links that should be considered when waging the battle to keep the bad guys out.

Tip One

When building or planning any Joomla site make sure that you keep up with a good maintenance plan and figure these costs into your ongoing budget. A dynamic web site requires regular attention and this means an ongoing investment of time and resources to keep this up. Hackers pound away on the core CMS framework and 3rd party extensions looking for vulnerabilities. If you continue to ensure your core Joomla CMS and extensions are running with the latest security patches you will save yourself a lot of headaches by preventing a big percentage of vulnerabilities. The longer a component is out there and not patched the more chances a hacker has to break into your infrastructure. Keep in mind, that for any moderate web site, you put a lot of time and treasure into making this your home on the web and if you do not invest in protecting it the whole place can be blown up in a puff of smoke.

Tip two

As a Joomla Website Designer I would suggest you to work with professional components when possible and be willing to contribute to those projects that are not. The reason is, behind the code are real people and economics plays into the success and longevity of these components. It is quite a commitment to sustain the security and evolution of these development projects. The healthier you can help them become the healthier your code options will be to evolve your own web platform over a period of time.

Tip three

“Keep a clean house” so to speak. Make sure you clean out any unused components and modules. This will not only help reduce the options for a hacker to get in but it will also improve the performance of your site. Make sure file permissions are set to allow you the flexibility you need to build out content but, button down everything else so you can further minimize threats.

Tip Four

As a Joomla Developer I think that P@ssw0rd does not everytime make a good password. One also can't rely on the passwords listed on DefaultPassword.com's list.. The guys dealing in the hacking business have terrific tools, commonly known as Brute Force Tools and password crackers with them. They have the dictionaries of common passwords, combination's and so forth which make them able to crack almost all the passwords. So one should make a password that is very hard to crack by using a combination of numbers, letters, and other different symbols with proper usage of upper and lower case.These must be changed every 30 days to avoid any kind of threat.

Tip Five

Look into the option of using a security monitoring service. Sometimes these services are available through your ISP. We have worked with the “Securelive” component built specifically for Joomla and so far this has been doing a great job. We had some performance issues while we were first getting this installed but now it works very well. Read about it at www.securelive.net

Tip six

Back up everything on a regular basis and don’t forget. This will give you a much better sense of security on a number of levels and protect you from more than hackers and guards against “human failures” as well. You may want to look at joomlaplug.com and akeebabackup.com for a couple Joomla component options that we have used for Joomla Website Development

Tip seven

Read up on what security vulnerabilities could affect you most. The more you know the better prepared you can be. Below are some blogs and postings we found that may further help you research options for preventing hackers from ruining your day and sending you and the rest of your team on “fire drills and rescue missions"

Comments

RSS

Only registered users can write comments!