Security Tips for Joomla
Over the past few weeks we've seen lots of activity online and in the media from hacking groups attacking the CIA, The Sun UK, Sony and many more Government websites around the world. A particular hosting and domain provider here in Australia also became under attack and over 4,300 websites in Australia disappeared never to be recovered again.
The result being many Australian businesses loosing web traffic, revenue and potential business and in the worse case scenarios, their website completely.
With this news spreading around, any of our clients have been a little concerned about their website security and fall backs.
We did a little bit of twittering and asked the Joomla community what their top security tips to avoid being hacked. We provided a list of the comments and the people who provided their best security tips.
Joomla Security Tips from the Twitter community
‚Äú@nternetinspired: @astroboysoup Admin Tools from @akeebackup http://bit.ly/kZEOwr is a one-stop shop for #Joomla #security, with geo and ip range blocking ;)‚Äù
‚Äú@nternetinspired: @astroboysoup Anti-hammer is worth a look: http://corz.org/serv/tools/anti-hammer/‚Äù
‚Äú@MarcosPeebles: @astroboysoup you can also put an .htaccess to your /administrator or use one of these http://t.co/HCkVDYO‚Äù
@BrianTeeman: @astroboysoup change db prefix, change admin name and id, block xml with htaccess, get a good server
@JoomlaWorks: @astroboysoup For a DDos attack, use a CDN (no brainer) and a firewall like CSF to cut off IPs with more than 200-300 concurrent connections
@astroboysoup On a serious note: latest Joomla version of each "series", server on Linux+FastCGI/suPHP, CSF/APF firewall, right permissions
Joomla Security Tips from PB Web Development
Our personal security tips would be to get a copy of RSFirewall from RSJoomla. Since using the component we've been successful in protecting a lot of the websites that we manage for common Joomla attacks.
We also recommend highly recommend Admin Tools and Akeeba Backup to make sure common security checks are done and to make sure you have up to date backups ready for redeployment on a new server.
Pick a high quality web server that is up to date with security and allows you to modify the configuration in order to lock down potential security holes. It may also help to talk to a hosting security expert for their recommendations as to what to lock down.
Make sure your domain name details are up to date incase you need to recover it.
Lastly make sure you back up your website often! It doesn't take long and isn't hard to do. At anytime you should be able to redeply your website on a new server.