Joomla Security in 3 Easy (ish) Steps | joomla-blog

Need a Joomla! 1.5 Host?
Get a turnkey Joomla 1.5 website with full service support and education.

Pro Joomla Templates
Get Joomla Templates and Themes for Joomla 1.0 and 1.5

Free Joomla Templates
Download Free Joomla Templates, Addons and Guides

Joomla Security in 3 Easy (ish) Steps

Monday, 05 July 2010 14:55

View Comments

Joomla security - one of the most frequent topics of conversation among Joomie's (usability is a close second) - is a complex area and the technicalities of it quickly get ahead of most Joomla users. Often, it's a conversation about the reputation Joomla has about security that starts "Is Joomla secure?" People are often concerned about the seeming high number of hacked Joomla sites, and people defending Joomla pointing at the need to update 3rd party extensions or use good hosts.

There are many specific things you can do to make your site secure. They range from the obvious to making sure folder permissions are correct on the server, to esoteric like changing the jos_ MySQL table prefix that Joomla uses. For 99% of sites, security boils down to:

1. Use a good host, that means paying more than $10 a month.

2. Backup lots. Be like Nike... Just DO it

3. Patch often. Joomla and all your extensions.

Of course, life isn't so simple. The reality of Joomla security is much more complex, as these are very generalized tasks. Other things to think about as you are securing your website.

If you have a website - someone needs to be keeping it safe.
If it's not you, make sure you know who it is (btw, its not your hosting company unless its a managed one like Simplweb). Unless you live in Vermont, you probably lock your house and car; do the same for your site!
You are being hacked all the time.
All sites are - check your logs! Hacker bots are continually scouring the web trying to find server weaknesses. The troubles start when they find one.
Just like insurance - Joomla security is only thought of *after* you have a problem.
You need to consider security a cost of goods. Would you drive with no car insurance? Time and resources for securing your site are an ongoing cost of running your website.
It's not Joomla security - its web security.
Your CMS is only the front facing part of your website. There are lots of ways to hack into your site... FTP, apache, or simply poor password management. Make sure you are looking at the big picture.
Yes, keep extensions up to date!
Joomla has probably the biggest universe of 3rd party plugins for any open source CMS. Along with that, the quality insurance is difficult. Use only trusted sources and make sure you have the latest version.
Keep Joomla up to date (duh)
Have a backup of your site.
You should be able to get back online from a dead server in 1 day or less. You might be backing up everything with tools provided by your host, using a Joomla-only backup tool like Akeeba, or maybe you are paying for managed hosting for them to it.
As your site grows, it paints a bigger target on itself for hackers.
If your site is doing well, then you need to make sure you are taking extra steps with security. This is most often non-Joomla steps like hardening the server, turning off FTP and installing Apache firewalls and security.

Joomla Security Resources

I have tried to gather a range of resources, from official news to useful 3rd party guides. Everything here is based on personal interaction rather than a quick untrusted search through Google.

Joomla Security Strike Team
http://developer.joomla.org/security.html

RSS Feed of Security issues (these appear to be the same feed)
Security RSS Feed - http://feeds.joomla.org/JoomlaSecurityNews
Vulnerability News - http://developer.joomla.org/security/news.html

Official Documentation on Joomla Security
http://docs.joomla.org/Category:Security_Checklist

Official Vulnerable Extensions List
http://docs.joomla.org/Vulnerable_Extensions_List

Useful 3rd Party Security Tutorials
http://www.howtojoomla.net/how-tos/security/joomla-security-primer
http://www.compassdesigns.net/joomla-blog/review-of-securelive-joomla-security-extension
http://www.joomlashack.com/university/intermediate-course/199-21-techniques-to-secure-a-joomla-website (requires subscription)

Security Consultants
Tom Canavan - http://www.joomlarescue.com
Phil Taylor - http://www.phil-taylor.com

Security Extensions
Secure Live - http://www.securelive.net

Fully Managed Joomla Hosting (all patches, backups and security monitored)
Simplweb - http://www.simplweb.com

Like this? Tweet it to your followers!

blog comments powered by Disqus

Joomlashack University!

If you want online classes delivered to the comfort of your own home, then you need to join Joomlashack University - an affordable online Joomla training course taught by the world's leading experts in Joomla education.

If you are struggling with Joomla and want expert help, then fill out the form below. We'll send you some more information and you'll be first in line join the easiest and fastest way to learn Joomla.

Get Joomla Tips by RSS or Email

Get the Joomla 1.5 Book

Get the #1 best-selling about Joomla 1.5 from Amazon and free access to the companion site, joomlabook.com.

Advertise on Compass

2009 Classic Blog Posts

Latest Blog Posts

Simplweb News

Joomla Book News

Compass Design - The blog about Joomla tips and news
A Professional Joomla Consultant offering Joomla Training across New England and turnkey Joomla Web Hosting
© 2005-2008 Compass Design. All rights reserved unless otherwise stated.
Joomla Template Design, inspired by Six Shooter Media.

The Joomla Book - A User's Guide to Joomla 1.5. The best selling book to learn how to use Joomla 1.5.
www.joomlabook.com is the companion website to the book

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries.
Compass Design is not affiliated with or endorsed by Open Source Matters or the Joomla! Project.

Compass Designs .net

Free Joomla!™ Templates, Joomla Tutorials and the #1 Joomla Blog