Written by kRemtronicz | 10 August 2009
Posted in Security and Safety

A few weeks ago I was contacted by lady (now a current client) with a website problem: her Joomla! site had been hacked. Not once but twice! When this is not a pretty experience for Joomla! (or any) website owners, it is fairly common. Hackers out there are targeting websites for a few reasons, and one of them is fun because they know a lot of websites are not following the basic rules of security. And when in our opinion any site cannot be 100% secure since there are new threats every day (just as an antivirus cannot make your computer 100% safe), there are of course ways to protect a Joomla! website as much as possible to prevent hackers to get access to it.

How to Protect Your Joomla! Site

You now know securing your Joomla! site is important, but now what? If you are brave enough to take charge of your database drive website's security, then you should follow a few guidelines in order to protect or enhance the security of your site (NOTE: We are just mentioning what you need to do to protect your Joomla! site. If you want to read the technical "whys" go to the documentation area): 1. Upgrade your Joomla! installation: Joomla! works hard for your site. Every 2 - 3 months or so they release security patches that are important for any Joomla! site. Once a patch has been released, download it and install it. To receive notofications of new patches sign up to their developer newsletter.

2. Enable .htaccess: Sometimes the easiest way to secure a Joomla! site (or any site) is to enable the htaccess.txt file on your installation by renaming it .htaccess - This simple step will enhance your site's security greatly. However, you might need to make a few modifications depending on your hosting company's server settings.

3. File Permissions: All the files in your installation have a permission depending on their use, and who is suppose to see, or edit them. Images, videos, Flash presentation, core files, and so on, have a default permission set. It is recommended that all folders are set to 755 (read and execute access for everyone and also write access for the owner of the file) and 644 for the rest of the files (read only for users, but owner has write access). Keep in mind that depending on server settings your permissions might have to change in order to work properly. But it is ALWAYS recommended to go back to the settings mentioned once you are done working on the files.

4. Database Prefix Change: Joomla! database tables have a the "jos_" prefix which is the default one and hackers know it. To protect your site even further, install your Joomla! site with a defferent prefix for your database (i.e. newdb_). If you r site is already running on the "jos_" prefix you might want to look at this post so you can get the table prefix changed.

5. Default Administrator User Name: Joomla! site's administrator default user name must be also changed from "admin" to something else you see fit. Again, hackers know about it, and it is one less thing they have to figure out--unless you change it.

6. Install Security Extentions: To further your security, look at the Joomla! security extensions. There are many that will help you enhance your site's overall security and make your nights more peaceful! Choose carefuly reading through the reviews and installing the ones that you think are the best candidates.

7. Backup Frequently: Another of the most overlooked aspects of protecting your site is to back up the entire site. When the site is up and running at its best, back it up so in case something happens you can always have a copy (or two) of your site. We recommend using JoomlaPack for Joomla! sites.

Site security should be on top of every website owner's list. It is, amazingly, overlooked by many and unfortunately many website owners don't realize how serious the problem is until their sites gets hacked. Don't be one of them!

*Photo courtesy of Freeimages.co.uk

---

Next >