Joomla Tools Suite - Part 3 (Permissions Audit)
A critical part of Joomla security is file and directory permissions. By default Joomla does not enforce strict permissions, and these may lead to having permissions which are too weak, make it easy for your site to be compromised.
Permissions in Joomla are a weird and (wonderful?) animal. This is because each hosting server usually have their own configurations and defining a set of permissions which work on all hosts is practically impossible. Having said this, there are recommendations that one should follow, and certain permissions which one should defintely avoid. There is a very good Joomla permissions overview , which is highly recommended.
Just a brief cutting from the above article:
Owner (User) relates to username
The Owner (User) is normally you, these permissions will be enforced on your hosting account name.
Group relates to usergroup
The Group permissions will be enforced on other people that are in the same group as you, within a hosting environment, there is very rarely other people in the same group as you. This protects your files and directories from being made available to anybody else who may also have a hosting account on the same server as you.
Other relates to everyone else
The Other permissions, these will be enforced on anybody else on the server that is either not you or not in your group. So in a Web Serving environment, remembering that no-one else is normally in your group, then this is everybody else accessing the server except for you.
Joomla Recommended Permissions
Joomla default recommends the following generic settings
Files = 644 and Directories = 755
These permissions would allow, for files;
644 = rw- r-- r-- = Owner has Read and Write
Group has Read only
Other has Read only
and for directories;
755 = rwx r-x r-x = Owner has Read, Write and Execute
Group has Read and Execute only
Other has Read and Execute only
If you have setup your permissions to work with these permissions and Joomla complains that some folders are unwriteable, then you may have configured your permissions incorrectly, or you might have encountered a Joomla unfriendly host.
Permissions one should avoid at all costs is giving Other group any write permission on any file / directory. The biggest security sin one can commit is to change files / folders to 777 (everyone can do anything), and forget them like this!
Joomla Tools Suite - Permissions Audit
So how does the Permissions Audit work, and what can it do for you? The permissions audit tool, goes through all files and directories and checks for any for file or directory which does not conform to the recommended permissions and which may thus post a threat to your site. Many times you may have uploaded templates, components, forums, or any other files which might have not had the correct permissions setup, and these misconfigurations will be found by the Permissions Audit tool.
It is very easy to go through and determine that a particular file or folder does not have the recommended settings, because the tool highlights any potential risks. What you would need to do then is, browse to the file / folder using FTP software, and change the permissions to correct permissions.
Part 4 - Removing unecessary files/ components and how unused components and / or files can make your site vulnerable.
One more thing...Do you have friends or a Facebook group who you think would find this useful? Share this with them and then let me know what they think.
Want to supercharge your website?Our website loads FAST ... just 1.29 seconds. We're hosted on FAST InMotion servers We want YOUR website to be fast too, so we've gotten you an exclusive deal - 47% OFF for DART Creations friends + FREE domain! Check it out NOW!
who are we?
DART Creations is run by David Attard - working in and around the web design niche for more than 12 years, we provide actionable tips for people who work with and on websites. We also run DronesBuy.net - a website for drone hobbyists
Follow us on Social
Advertise on DART-Creations.com
DART Creations is interested in developing partnerships with mutual benefit. If you like the stuff we publish and would like to develop a relationship, we'd be happy to hear from you. Go on - drop us a line - we'd love to hear from you :-)
The Outstanding HunGRYJPEG Bundles
AWESOMENESS! Bundles of premium font + graphic packs at more than 96% OFF! Get this bundle for just $29 - This month ONLY!
New! DIVI 3.0 WordPress TeMPLATE + PageBuilder - 10% OFF Limited Launch offer
You'll surely create a perfect website with Divi 3.0!