Joomla Security in 3 Easy (ish) Steps
Monday, 05 July 2010 14:55
View Comments

Joomla security - one of the most frequent topics of conversation among Joomie's (usability is a close second) - is a complex area and the technicalities of it quickly get ahead of most Joomla users. Often, it's a conversation about the reputation Joomla has about security that starts "Is Joomla secure?" People are often concerned about the seeming high number of hacked Joomla sites, and people defending Joomla pointing at the need to update 3rd party extensions or use good hosts.

There are many specific things you can do to make your site secure. They range from the obvious to making sure folder permissions are correct on the server, to esoteric like changing the jos_ MySQL table prefix that Joomla uses. For 99% of sites, security boils down to:

1. Use a good host, that means paying more than $10 a month.

2. Backup lots. Be like Nike... Just DO it

3. Patch often. Joomla and all your extensions.

Of course, life isn't so simple. The reality of Joomla security is much more complex, as these are very generalized tasks. Other things to think about as you are securing your website.

  • If you have a website - someone needs to be keeping it safe.
    If it's not you, make sure you know who it is (btw, its not your hosting company unless its a managed one like Simplweb). Unless you live in Vermont, you probably lock your house and car; do the same for your site!
  • You are being hacked all the time.
    All sites are - check your logs! Hacker bots are continually scouring the web trying to find server weaknesses. The troubles start when they find one.
  • Just like insurance - Joomla security is only thought of *after* you have a problem.
    You need to consider security a cost of goods. Would you drive with no car insurance? Time and resources for securing your site are an ongoing cost of running your website.
  • It's not Joomla security - its web security.
    Your CMS is only the front facing part of your website. There are lots of ways to hack into your site... FTP, apache, or simply poor password management. Make sure you are looking at the big picture.
  • Yes, keep extensions up to date!
    Joomla has probably the biggest universe of 3rd party plugins for any open source CMS. Along with that, the quality insurance is difficult. Use only trusted sources and make sure you have the latest version.
  • Keep Joomla up to date (duh)
  • Have a backup of your site.
    You should be able to get back online from a dead server in 1 day or less. You might be backing up everything with tools provided by your host, using a Joomla-only backup tool like Akeeba, or maybe you are paying for managed hosting for them to it.
  • As your site grows, it paints a bigger target on itself for hackers.
    If your site is doing well, then you need to make sure you are taking extra steps with security. This is most often non-Joomla steps like hardening the server, turning off FTP and installing Apache firewalls and security.

Joomla Security Resources

I have tried to gather a range of resources, from official news to useful 3rd party guides. Everything here is based on personal interaction rather than a quick untrusted search through Google.

Joomla Security Strike Team
http://developer.joomla.org/security.html

RSS Feed of Security issues (these appear to be the same feed)
Security RSS Feed - http://feeds.joomla.org/JoomlaSecurityNews
Vulnerability News - http://developer.joomla.org/security/news.html

Official Documentation on Joomla Security
http://docs.joomla.org/Category:Security_Checklist

Official Vulnerable Extensions List
http://docs.joomla.org/Vulnerable_Extensions_List

Useful 3rd Party Security Tutorials
http://www.howtojoomla.net/how-tos/security/joomla-security-primer
http://www.compassdesigns.net/joomla-blog/review-of-securelive-joomla-security-extension
http://www.joomlashack.com/university/intermediate-course/199-21-techniques-to-secure-a-joomla-website (requires subscription)

Security Consultants
Tom Canavan - http://www.joomlarescue.com
Phil Taylor - http://www.phil-taylor.com

Security Extensions
Secure Live - http://www.securelive.net

Fully Managed Joomla Hosting (all patches, backups and security monitored)
Simplweb - http://www.simplweb.com

blog comments powered by Disqus
back to top
 

Build a Successful Joomla Website Today

Want a Joomla website, but don't have an IT department?

Simplweb provides fully managed Joomla hosting on high performance cloud servers. Unlimited support on Joomla, managed backups, security and updates.

Find out more how Simplweb can make Joomla... "Simpl" and start building a successful Joomla webiste with our free month trial. We'll send you some more information and you'll be first in line join the easiest and fastest way to learn Joomla.



Get Joomla SaaS Hosting

Free Joomla Book

Sign up for Joomla Hosting at Simplweb and we'll send you a free signed copy of the best-selling Joomla - A User's Guide when your subscription starts!

Get Joomla Tips by RSS or Email

 

Joomla 1.6 Book

Get the NEW Joomla 1.6 Book

The new 3rd edition of the best selling Joomla 1.6 book is now available.

New and updated, its everything you need to know about Joomla 1.6!

Get it now from Amazon!

jenbookJoomla! Start to Finish Book

When you're ready to take your Joomla sites to the next level, try Joomla! Start to Finish: How to Plan, Maintain and Execute Your Website.

 

 

Teaching Sells

Advertise on Compass

Classic Blog Posts

Latest Blog Posts

Popular Tutorials

Simplweb News

Joomla Book News

Joomla Tutorial by CompassDesigns.net