Joomla Security - 9 Golden Rules of a Secure Website
Written by Ani Avdalyan
We strongly believe that knowledge sharing and educating is the best way to help move the IT sector forward.
Just like everybody at Bang2Joom Team, Gev Balyan, our founder and CEO, always enjoys sharing his invaluable experience. Recently he gave a presentation on Joomla Security at ARMSec Alpha, Armenia’s 1st Conference on Security and Privacy.
Read below for the useful tips he shared:
1. Back Up Often
Set up an automatic backup! We recommend the Akeeba Backup extension.
2. Update Your Joomla Now
Make sure all the extensions are always up-to-date.
3. Be wary!
Don’t trust cheap hosting providers that promise unlimited domains and bandwidth. Don’t let cost determine which hosting provider you choose. Having a quality provider from the start can reduce any future headaches and additional expenses.
4. Secure Your Backend
Use strong passwords that include at least one capital letter and a symbol like ! or #.
5. Use Proper Permissions and Ownership
We strongly advise you NOT to use permission 777. The best practice is to use 644 for files and 755 for folders. And also set the permission for your configuration.php to 444
6. Secure the “Administration”
7. Change The Default Database Prefix
Rename (jos_) to more secure prefix, for example (w8px1_)
8. No Spam!
Always use SEF extensions like sh404SEF or HoneyPot to defend spam bots or attacks.
9. Last but Not Least
Restrict access of your phpadmin to your IP address using your cPanel tools or phpadmin.conf if you are running a managed Linux server.
For your convenience, we have included all the tips in the nice presentation below!
Have any other Joomla related questions? Visit Joomla Forum to see if it’s already been answered by Joomla Community. If not, be the first to ask!