You are invited to Log in or Register a free Frihost Account!

Joomla Security Tips

Some simple tips to secure your Joomla website:

1. Change the administrative username of your Joomla
By default your administrative username is admin. The majority of the attackers would expect the username to be admin. Changing it will protect you against many attacks.

2. Change the default table prefix of your Joomla database
Changing the default table prefix will stop the majority of attacks against your database.

3. Password protect your Joomla administrative area
Password protecting the "administrator" folder will add an additional layer of protection to your Joomla website. You should set username and password for your website different from the ones for your Joomla application. Once you do this, you will have to login twice. First to access the login page of Joomla and then to login in the application itself. That would make guessing your passwords a very difficult task for any attacker. In addition, even if there is a security breach within the Joomla script itself, a potential attacker won't be able to gain access to your administrative end even if s/he knows your login details.

4. Keep your Joomla up-to-date
You should always keep your Joomla application up-to-date. Subscribe to the Joomla newsletter in order to receive news about new versions. You can do this at Joomla's official download page. Once you receive a notification that a new version of Joomla is released, you should upgrade your website immediately.

5. Use the .htaccess file to additionally secure Joomla
You should make the following changes to the .htaccess file in the Joomla directory:
First, If you don't have a .htaccess file in your Joomla folder, you should rename the htaccess.txt file that comes with your Joomla installation package to .htaccess. To do this, you can use the File Manager tool in your cPanel. In addition, doing this will allow you to enable the SEF functionality of your Joomla application. The rules in it will block the majority of well-known attacks against your website. Make sure you are running your website on PHP 5.2 or newer. Block the access to all files except index.php and index2.php. Note, however, that you may have to allow the access to some additional files if your extensions require them. If certain parts of your website do not appear, you can check the files that they rely on. Then, you can add them to the access rules. Generally, if you add the following lines to your .htaccess file, everything should work just fine:

<Files *.php>
deny from all
<Files ~ "(^index.php|^index2.php)$">
allow from all

I agree with the tips.

I just want to add to have a back up always.

Happy sharing.
Related topics
How safe is Joomla?
.htaccess tutorial
Having the word "echo" in the url gives me an erro
Joomla question
Relatively Secure Session Management System for PHP
Who Here Uses Joomla?
Joomla is the best!
help about with security in joomla
Mambo Users
What about Joomla??
Joomla! 1.0.8
Register Globals change influences all mambo / joomla websit
New Security Measure - PIN Number
Critical Joomla Updates
Reply to topic    Frihost Forum Index -> Webmaster and Internet -> Design Tips

© 2005-2011 Frihost, forums powered by phpBB.