As any open source application Joomla is subjected to all sorts of hacking attacks. This is why it is important to take all possible measures to protect your Joomla site and improve its security.
Security Tips – How to Secure Joomla Website ( How to Protect Joomla Website from Hackers)
- Hide your Joomla version: Telling the world about your Joomla version in your HTML code is like inviting malicious attacks to your own doorstep.
- Keep Joomla and its extensions up-to-date: Websites running the first version of Joomla! are becoming increasingly targeted by hackers, so we urge you to upgrade as soon as possible to avoid your website being compromised. In almost all version releases there are fixes for security issues.
- Follow the Joomla Administrator’s Security Checklist: Follow the guidelines – Joomla Administrator’s Security Checklist to secure your joomla website.
- Proper Hosting Environment A properly configured server is highly recommended for your joomla website. Host your site on a server that runs PHP in CGI mode with su_php.
- Change and use Use Strong Login Details: First, you should avoid using default user names like “admin” or “administrator”. Next, it is important to have a strong password for your website. Don’t use common words for passwords instead of using common words Use as many special characters numbers and capital letters in your password as possible. Change your username and password often at least every 3 months.
- Don’t use the root user in mySQL as the user of your database. You should always create a new database user when installing a new site, and give rights to the new database only.
- Use Proper File Permissions & Ownership : Another important part of having a secured Joomla 3 website is to set the right permissions for your Joomla files and folders. Never use 777(full access) permissions!. Instead of using 777 We suggest you to use these permission to your Joomla, Joomla folders to 755, Joomla files to 644 and configuration.php file to 444.
- Use password-protect extensions: Using security extensions is another easy way to improve your Joomla website security. Use trusted third party extensions
- Uninstall unused stuff : If you’re using a 3rd party template, then it’s time to uninstall unused templates!
- Always have a backup ready to restore your Joomla! site to its most current healthy state.
- Install the jSecure Authentication plugin
- Don’t use the jos_ prefix: The standard prefix for Joomla tables are jos_. However, many security exploits rely on your database tables being called jos_XXXXXX. By simply using your own prefix you would have been protected from these exploits. It should also be unique for every site.
- Disable FTP Layers.
Related keywords: How to Secure your joomla website, How to protect joomla website from hackers, secure your joomla site, Joomla Hack