Asyraf.org :-)

Welcome to Asyraf.org

Welcome to www.asyraf.org that is my personal web blog. Want to know bout me? Find it your self...Hakss...Actually, asyraf.org was publish in May 2008 with motif of information sharing and just as my hobby develop a website.

Asyraf.org contain several categories such as review section, tutorial section, blogging section, picture and video sharing zone & download section.

Asyraf.org
Home Tutorial Joomla! & Webmater Tips 25 Joomla! Security Tips

22

Apr

2009

25 Joomla! Security Tips PDF Print E-mail
Written by Asyraf   
Joomla! CMS has been used widely in order to create a dynamic website. Joomla! is really easy to install and manage. It also has thousand of 3rd party components, module, plugins, tools, and many more. The support for the Joomla! also has been grown up rapidly as we can seen in the joomla.org forum. As the Joomla! CMS usage is increased and become more popular, of course the risk of your website will be deface also will be increased.

What you can do to increase your Joomla! website security? Ok, here I want to share some of the security tips to increase your Joomla! website.

  1. Always keep your Joomla! version up to date.
  2. Always keep your Joomla! extension up to date.
  3. Always check Joomla! security checklist at http://docs.joomla.org/Category:Security_Checklist
  4. Avoid use vulnerable components, modules and plugins.
  5. Avoid download 3rd party components, modules, plugins and templates from unknown sources.
  6. Avoid use components, modules, plugins and templates downloaded from warez website/forum.
  7. Remove installation folder or rename it to another name.
  8. Check folder (CHMOD) permission. Avoid “777” (global rewrite) permission.
  9. Don’t set or write the FTP username and password in the Joomla! configuration.php file.
  10. Move the configuration.php file and download directory or folder  (if any) outside from the website folder.
  11. CHMOD configuration file to unwriteable. CHMOD to 444
  12. Use .htaccess to banned IP address that attempt to hack.
  13. Use .htaccess to create password protected for crucial folder such as administrator folder.
  14. Modify the .htaccess file according to your needs. (Please refer to .htaccess tutorial)
  15. Use jSecure Authentication to protect your administrator access via URL. (Available at JED)
  16. Change the default Joomla! database prefix “jos_”  to another prefix.
  17. Don’t ever expose your Joomla! version to public.
  18. Don’t ever expose your extension version or extension name to public.
  19. Use Search Engine Friendly (SEF) to prevent hackers from finding exploits.
  20. Always delete components, modules, plugins or templates that you’ve install and you don’t want to use anymore. Unpublished it will not change anything, your website still vulnerable.
  21. Use secure username for admin account. Rename the “admin” name with others name because the admin name can easily be guess.
  22. Use strong password such as combination of alphabet and numeric and make it more than 6 characters.
  23. Use secure webhosting with php safe_mode off, using PHP 5 and others.
  24. Don’t ever expose your PHPinfo to public.
  25. Always BACKUP your site.

I’ll update this list based on the security issues of Joomla!
Comments (0)Add Comment

Write comment
You must be logged in to a comment. Please register if you do not have an account yet.

busy
 

Login Here

Who's Online

We have 10 guests online

Tag Cloud