Joomla Tools Suite - Part 3 (Permissions Audit)

Joomla Tools Suite - Part 3 (Permissions Audit)

A critical part of Joomla security is file and directory permissions. By default Joomla does not enforce strict permissions, and these may lead to having permissions which are too weak, make it easy for your site to be compromised.

Permissions in Joomla are a weird and (wonderful?) animal. This is because each hosting server usually have their own configurations and defining a set of permissions which work on all hosts is practically impossible. Having said this, there are recommendations that one should follow, and certain permissions which one should defintely avoid. There is a very good Joomla permissions overview , which is highly recommended.

Just a brief cutting from the above article:

 

Owner (User) relates to username
The Owner (User) is normally you, these permissions will be enforced on your hosting account name.

Group relates to usergroup
The Group permissions will be enforced on other people that are in the same group as you, within a hosting environment, there is very rarely other people in the same group as you. This protects your files and directories from being made available to anybody else who may also have a hosting account on the same server as you.

Other relates to everyone else
The Other permissions, these will be enforced on anybody else on the server that is either not you or not in your group. So in a Web Serving environment, remembering that no-one else is normally in your group, then this is everybody else accessing the server except for you.

Joomla Recommended Permissions 

Joomla default recommends the following generic settings   

Files = 644  and   Directories = 755

These permissions would allow, for files;
   
     644 =   rw- r-- r--   = Owner has Read and Write
                                             Group has Read only
                                             Other has Read only

and for directories;
   
     755 =  rwx r-x r-x    = Owner has Read, Write and Execute
                                               Group has Read and Execute only
                                               Other has Read and Execute only

If you have setup your permissions to work with these permissions and Joomla complains that some folders are unwriteable, then you may have configured your permissions incorrectly, or you might have encountered a Joomla unfriendly host.

Permissions one should avoid at all costs is giving Other group any write permission on any file / directory. The biggest security sin one can commit is to change files / folders to 777 (everyone can do anything), and forget them like this! 

Joomla Tools Suite - Permissions Audit

Permissions Audit

So how does the Permissions Audit work, and what can it do for you? The permissions audit tool, goes through all files and directories and checks for any for file or directory which does not conform to the recommended permissions and which may thus post a threat to your site. Many times you may have uploaded templates, components, forums, or any other files which might have not had the correct permissions setup, and these misconfigurations will be found by the Permissions Audit tool.

It is very easy to go through and determine that a particular file or folder does not have the recommended settings, because the tool highlights any potential risks. What you would need to do then is, browse to the file / folder using FTP software, and change the permissions to correct permissions.

Part 4 - Removing unecessary files/ components and how unused components and / or files can make your site vulnerable.

One more thing...

Do you have friends or a Facebook group who you think would find this useful? Share this with them and then let me know what they think.

Want to supercharge your website?

  Our website loads FAST ... just 1.29 seconds. We're hosted on FAST InMotion servers We want YOUR website to be fast too, so we've gotten you an exclusive deal - 47% OFF for DART Creations friends + FREE domain! Check it out NOW!

Translate

who are we?

DART Creations is run by David Attard - working in and around the web design niche for more than 12 years, we provide actionable tips for people who work with and on websites. We also run DronesBuy.net - a website for drone hobbyists

David attard

Follow us on Social

         

 

 

 

Popular Content

Joomla extensions to take your website to the NEXT level

Is your Joomla website reaching its full potential? We install many of these extensions on almost ALL of our Joomla sites - why don't you check them out our list of Joomla Extensions and see whether you can take your site to the next level?

Where are we hosted?

This site is proudly powered by FAST VPS InMotion Servers and given an insane speed thanks to MaxCDN!

Web Hosting MaxCDN - Speed up your website

 

InMotion Hosting Review - Recommended Web Hosting servers for business, Joomla, WordPress and ecommerce websites.

InMotion Hosting Review

Advertise on DART-Creations.com

DART Creations is interested in developing partnerships with mutual benefit. If you like the stuff we publish and would like to develop a relationship, we'd be happy to hear from you. Go on - drop us a line - we'd love to hear from you :-)

The Outstanding HunGRYJPEG Bundles

AWESOMENESS! Bundles of premium font + graphic packs at more than 96% OFF!  Get this bundle for just $29 - This month ONLY!

The Hungry JPEG Awesome font bundles

New! DIVI 3.0 WordPress TeMPLATE + PageBuilder - 10% OFF Limited Launch offer

You'll surely create a perfect website with Divi 3.0!

Divi 3