Friday, 30 May 2014 01:30

Joomla Security - 9 Golden Rules of a Secure Website

Written by Ani Avdalyan
Joomla Security Rules Joomla Security Tips by Bang2Joom

We strongly believe that knowledge sharing and educating is the best way to help move the IT sector forward.

Just like everybody at Bang2Joom Team, Gev Balyan, our founder and CEO, always enjoys sharing his invaluable experience. Recently he gave a presentation on Joomla Security at ARMSec Alpha, Armenia’s 1st Conference on Security and Privacy.

Read below for the useful tips he shared:

1. Back Up Often

Set up an automatic backup! We recommend the Akeeba Backup extension.

2. Update Your Joomla Now

Make sure all the extensions are always up-to-date.

3. Be wary!

Don’t trust cheap hosting providers that promise unlimited domains and bandwidth. Don’t let cost determine which hosting provider you choose. Having a quality provider from the start can reduce any future headaches and additional expenses.

4. Secure Your Backend

Use strong passwords that include at least one capital letter and a symbol like ! or #.

5. Use Proper Permissions and Ownership

We strongly advise you NOT to use permission 777. The best practice is to use 644 for files and 755 for folders. And also set the permission for your configuration.php to 444

6. Secure the “Administration”

We recommend renaming to
You may use the following tools: JSecure , JHackGuard, AdminTools.

7. Change The Default Database Prefix

Rename (jos_) to more secure prefix, for example (w8px1_)

8. No Spam!

Always use SEF extensions like sh404SEF or HoneyPot to defend spam bots or attacks.

9. Last but Not Least

Restrict access of your phpadmin to your IP address using your cPanel tools or phpadmin.conf if you are running a managed Linux server.

For your convenience, we have included all the tips in the nice presentation below!

Have any other Joomla related questions? Visit Joomla Forum to see if it’s already been answered by Joomla Community. If not, be the first to ask!