Wednesday, 28 November 2012 19:23

Joomla! and Web Security! (part 1)

Written by Lilit Asatryan
Bang2Joom Blog: Joomla! and Web Security! Bang2Joom Blog: Joomla! and Web Security!
Secure Joomla!

Joomla! is an easy-to-use content management system which you can install on almost any host running Linux or Windows. Joomla! is a unique software, the use of which varies from such top secure websites as federal and governmental websites up to some modest use such as a travelling blog. When it comes to web security, all of them are on the same side. The danger that your website might get hacked and taken down is always present.

Before going online, make sure you have done all the security preparations with your Joomla! website so as to avoid problems, or better to say, have the least problems.

Let's Get Started!

Hosting - How to select

Choosing the appropriate hosting is the key element in web security. You may choose to have a shared hosting. It will definitely save you a lot of money. However if you wish to using the whole power of the server, you better have dedicated hosting. This is especially great if you know that you are going to have a large flow of traffic coming to your website.

Plan, plan, plan your Joomla! website!

Consider carefully before you act!

Be wise, learn on others' mistakes – do not make your own! Research and try to foresee all possible ups and downs of your Joomla! website. Protect your website by leaning on others' experiences.

Define the main purpose of your website! Does it need to be top-secret and highly- secured? Then you better consider getting SSL certificate. Get the needed hosting, define your website's functionality so as to get the correct, safe extensions. Make sure they are not on any vulnerability lists! Educate your customers and more importantly your employees to take all precautionary steps so as to have your Joomla! website running secure.


There are so many materials out on so you would have to be lazy not to take the free knowledge Joomla! offers. Get educated on Joomla! security, know what to expect and what to do! Better, PREsecure your website, do not wait to act when it is already hacked!

Check your permissions, check your php.ini, and your .htaccess file!

D o w n l o a d I n g . . .

Last but not the least, decide which version of Joomla! your website needs to use? Each one of them is powerful in its own way and offers a lot! They differ so check all the versions thoroughly! Download from a TRUSTED source, download from


Make sure you have the following recommended permissions on your files:

htaccess - 644

configuration.php - 644

Directories - 755

Files - 644

User Management

Joomla! gives you the ultimate advantage to have an easy yet useful multi user management website. Give your chosen users the permissions you consider best.

Protect your website data!

These simple steps will help you prevent your website even after it is hacked.

Back up! Have your website back up

Write down your authentication info in a safe place so as to easily access it when restoring your website.

Security metrics matters!

Security metrics apply to your website and to all the tools you use to work on your website.

Below are the lists for what and how to measure the security metrics for the Joomla! websites according to 'Joomla! Web Security' by Tom Canavan.


What to measure mostly depends on your Joomla! website. However, there are some general core things that should be measured irrespective of the kind of website. These are:

Number of attempted attacks

Type of attempted attacks

Geographical locations the attacks are coming from

Attempts to authorize credit cards multiple times

Attempts to "obtain" a lost password more than once from an IP


There are many tools out on the Internet, here are the trusted tools that will help you gather:

BSQ-Site Stats (GPL-GNU)

Joomla-Visits (GPL-GNU)

Entana Statistics 2.0.0 (commercial license)

Google Analytics Tracking Module (other Open Source/free)

Your host's logging tools through CPanel or some other method

Server Security Metrics

Security Metrics for Personal Computing

Joomla! security on your Joomla! website is a must! However, your Joomla! website can be set up from anywhere, up to your personal desktop. This is why you need to take the basic protection mechanisms. The clients will be using their desktop or notebook computer to browse your website. These devices, which are easily compromised if not protected, can become an attack point to break into your site.

So, make sure you have:

Anti-virus protection on your machines

Spam protection

Good (read strong) passwords


Check your employee's information "leak". Ensure you sweep your building for rough devices. If it's too late REPORT and again REPORT! Visit the Joomla! forum or contact your host about security-related issues and try to solve them ASAP.

Summing up

Understanding hosting companies and selection criteria, learning to construct your Joomla! website correctly, downloading your Joomla! version from a trusted source, securing your Joomla! website and servers , giving the right permissions and setting up all the security metrics are way too important and crucial for having a secure Joomla!-based website!

CAUTION: Every single website is in danger of being hacked, as no server is 100% secure, so if you just thought that all these security precautions with your Joomla! website are in vain, you better remove your power cord, then switch off the network cable and just wait and see when your website will be taken down. Or care for your Joomla! website security and start reading this blog post over again!


Cron Job Starts