Joomla Tools Suite - Part 1 (Health Installation and Security Audit)
This is a series of articles which focuses on how to use the Joomla Tools Suite to make sure your site is secured. The Joomla tools suite is a collection of tools which allows you to check for a number of issues which might exist in your installation which might make your site vulnerable to hacking.
The Joomla Tools Suite is made up of a number of tools. Each one has a different purpose, but each serve enhance to optimize your Joomla site.
This a tool for Joomla newbies. HISA is a single self-contained, all-in-one Audit facility, which will allow you to know whether your Joomla installation is going to be successful or not, by checking the host environment. To use this file you simply need to upload the file (via ftp) to host, and access the file from the browser.
This will give you a review of what changes you should do (if any are necessary) before you attempt to install Joomla. Below is a screenshot of some of the information provided by the HISA. Although the HISA is recommended to be run before installation, you should still run the file after installation to ensure that there are no configurations which might cause problems later on.
Initial Installation Audit
- Success Assessment scale - a visual indication of the success probability of your Joomla installation ( in the example above, all settings are 100% correct, and installation of Joomla should be 100% successful)
- Latest Joomla! v1.x release - warns you if you are not using the latest release
- Non "Stable" version notification - warns you if you are not using a stable release. A stable release is one where no known security are present. Nightly builds may still contain bugs / issues and should not be used on production sites. These should only be used by Joomla developers.
- High security risk notification - any high security risk advice
Standard Joomla! Pre-Installation Checks
Save Session Path status
The above extensions are all required for an successful installation.
Joomla! RG_EMULATION status - If RG_EMULATION is on, you have a critical security issue. Some old Joomla components do not run without this setting on. You should avoid using these components at all costs.
PHP register_globals status - If register_globals is also another setting which if left on, exposes your site to significant risk.
If any of the above two settings are on, the tool itself advises you on what steps should be taken to solve the issues. These steps vary according to the Joomla version you are using, and the host you are using, so they will not be listed here.
The next part in this series will focus on the Joomla Diagnostics tool.