Best Practices to Secure and Harden Joomla Web Site Tanzania

Protecting your website is essential to your online business availability and operations.

Internet security is a fast moving challenge, and one should always keep an eye on online threats found almost every week. You may not need to do this manually instead you can perform regular security scan to your website.

There is no perfect security, but you can do your best to secure them.

Joomla is second largest CMS downloaded over 68 million times and latest research by SUCURI reveals second infected website platform.

website-infected-platform

Most of the websites are hacked due to misconfiguration, or vulnerable code. The following practices would help to boost the Joomla security.

1. Secure Administrator login with Strong password

Dont leave default administrator account as œadmin and bad password; this is probably the biggest risk in Joomla. By keeping default œadmin and guessable password, you are helping Hacker in their job.

Solution:

Change default administrator login œadmin to something else, which is not easily guessable.

Use a password manager to generate long, complex password strings. Avoid keeping password with includes your name, site name. You may prefer to use Secure Password Generator.

2. Take Regular Joomla Backup

Backup is your friend and a life saver. When things go wrong, backup is probably one of the quickest ways to restore your online business operations.

Solution:

Host your website with a reliable hosting company, which provides good backup plan like SiteGround. SiteGround is one of the best hosting providers who take daily backup in free. Along with hosting backup, use an extension like Akeeba backup.

3. Use secret key to login into Joomla Admin

Hide your administrator backend from potential hackers and allows those that have secret URL to access the administration area.

Solution:

Use login protection extension like KSecure who helps you to add a secret key. This means whenever you need to access admin login page you need to enter the secret key after administrator?.

For ex: example.com/administrator?testing

testing is the secret key here. If you dont use this key, then you will be redirected to home page. Isnt cool?

4. Use the latest version of Joomla & Extensions

Most of the website owner dont upgrade to the latest version which is a big risk. Almost every release, you will notice some security fixes so not upgrading to the latest version means keeping your website vulnerable.

Solution:

Review vulnerable extension list provided by Joomla and update the outdated extension. Review the change log each time Joomla release and upgrade if you see any critical fixes.

5. Monitor your Joomla site

How do you know when your website goes down or defaced? Get notified by email, slack or SMS when your website is not reachable so you can take necessary actions immediately.

Solution:

Use a FREE tool like StatusCake which monitors your website and notifies you when it goes down. 

6. Enable Search Engine Friendly (SEF)

SEF make the URLs of your Joomla website more Search Engine Friendly. And good SEF component also gives security benefit. An SEF component masks that information and makes it harder for a hacker to find eventual security vulnerabilities.

Solution:

Enable Search Engine Friendly URLs into Joomla Administration area.

  • Login into Joomla Administration
  • Click on Site>>Global Configuration
  • On Site, tab selects œYes next to Search Engine Friendly URLs

7. Delete unwanted & avoid unidentified developers extension

Joomla is open source, and as an Administrator, you install many modules to try out new functionality. Its good to try and improve but bad without knowing developer you install a module. Delete extensions, which you are not going to use.

8. Use Security Extensions

Use extensions to fight with spam, brute force, two-factor authentication and known vulnerabilities. There are many, and Ive listed 12 extensions for Joomla security. If your website is not available on public Internet, then you may try Joomscan which you can install on your server and perform the security audit.

9. Keep file/folder permission appropriate

All files should have good CHMOD configuration. Preferably,

PHP files “ 644

Config Files “ 644

Other folders “ 755

10. Use Web Application Firewall

Web Application Firewall (WAF) is essential for any website to protect from top OWASP 10 security, known vulnerabilities & malware. If you are hosting your Joomla website on VPS, then you may use ModSecurity which is free. However, if you are on shared hosting or dont have time, then you may consider cloud-based web application firewall. Using WAF will help you from following.

  • Bot protection
  • Login protection
  • Backdoor protection
  • DDoS protection
  • SQL injection
  • XSS attack
  • Joomla specific vulnerabilities
  • Brute force attack
  • Layer 7 DDoS protection
  • and much more¦

If you follow these steps, the chances that your Joomla website is more secure and youll be able to recover from a hack quickly than ever. I hope this helps you.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to Password Protect a Directory Tanzania

This tutorial will teach how to password protect a directory. Password protecting a directory...

How To Use The IP Deny Manager Tanzania

This tutorial will teach you how to use the IP Deny Manager to block access to your web site from...

Using Hotlink Protection Tanzania

Hotlink Protection prevents other web sites from directly linking to certain files (typically...

CAPTCHA Telling Humans and Computers Apart Automatically Tanzania

This tutorial is to explain CAPTCHA, an acronym which stands for "Completely Automated Public...

Critical PHPMailer Flaw leaves Millions of Websites Vulnerable Tanzania

Dec 25 2016: A critical vulnerability has been discovered in PHPMailer, which is one of the most...

Powered by WHMCompleteSolution