How to secure a Joomla 3 site against hacker attacks
If your website is found hacked then what should you do to keep your website healthy and free from any kind of attacks that can damage the website? Here are some points that can be used to secure your website
In this article, you will find out that how to secure your Joomla website.
1. You don't use username like 'admin' and use password like as many special characters " *!@#)$ ", with numbers and capital letters.
2. You need to keep our Joomla directories and files with following permission
For Joomla folders to 755
For Joomla files to 644
For configuration.php file to 444
Never use 777(full access) permissions!
3. You can try to use 'jSecure' extension for two factor Joomla admin login authentication
4. You don't use default database prefix (jos_) during creating our new website.
5. The following Joomla extensions are to protect against the most popular hacking attacks like SQL Injections, Remote URL/File Inclusions, Remote Code Executions and XSS Based Attacks
Akeeba Admin Tools Pro
RSFirewall
6. Password protecting /administrator folder of each our can add an extra layer of security to our server - http://www.htaccesstools.com/htpasswd-generator/
For to do this, you will need to create a .htpasswds file using above site and putting it in administrator directory of our each directory
7. Turn on Search Engine Friendly URLs – this will hide typical Joomla URLs.
8. You need to disable "New User Registration" from our template sites or unused(not published live sites) websites.
9. Rename htaccess.txt to .htaccess – because it include some rewrite rules to block out some common exploits. For example you can add this code to your .htaccess file, paste it just after "RewriteEngine On"
RewriteCond %{REQUEST_URI} ^/images/ [NC,OR]
RewriteCond %{REQUEST_URI} ^/media/ [NC,OR]
RewriteCond %{REQUEST_URI} ^/logs/ [NC,OR]
RewriteCond %{REQUEST_URI} ^/tmp/
RewriteRule .*\.(phps?|sh|pl|cgi|py)$ - [F]
This code will block all attempts to run scripts outside the Joomla control.
10. You can use "Akeeba CMS Update tool" – which allows you define specific Super User accounts to be emailed when an update is available, Automatic updates and gives automatically backup your site before updating Joomla.
11. Outdated versions of the Joomla extension may contain a very serious security vulnerability that allows a hacker to upload files to a website.
12. If you have old templates, components, plugins that you are not using anymore – uninstall them, especially if they haven’t been updated.
Popular Posts Hits
How to secure a Joomla 3 site against hacker attacks
If your website is found hacked then what should you do to keep your website healthy and free from any kind of attacks that can damage the website? Here are some points that can be used to secure your website
In this article, you will find out that how to secure your Joomla website.
1. You don't use username like 'admin' and use password like as many special characters " *!@#)$ ", with numbers and capital letters.
2. You need to keep our Joomla directories and files with following permission
3. You can try to use 'jSecure' extension for two factor Joomla admin login authentication
4. You don't use default database prefix (jos_) during creating our new website.
5. The following Joomla extensions are to protect against the most popular hacking attacks like SQL Injections, Remote URL/File Inclusions, Remote Code Executions and XSS Based Attacks
6. Password protecting /administrator folder of each our can add an extra layer of security to our server - http://www.htaccesstools.com/htpasswd-generator/
7. Turn on Search Engine Friendly URLs – this will hide typical Joomla URLs.
8. You need to disable "New User Registration" from our template sites or unused(not published live sites) websites.
9. Rename htaccess.txt to .htaccess – because it include some rewrite rules to block out some common exploits. For example you can add this code to your .htaccess file, paste it just after "RewriteEngine On"
This code will block all attempts to run scripts outside the Joomla control.
10. You can use "Akeeba CMS Update tool" – which allows you define specific Super User accounts to be emailed when an update is available, Automatic updates and gives automatically backup your site before updating Joomla.
11. Outdated versions of the Joomla extension may contain a very serious security vulnerability that allows a hacker to upload files to a website.
12. If you have old templates, components, plugins that you are not using anymore – uninstall them, especially if they haven’t been updated.
Already have an account? Login into comment