10 tips to secure your joomla website from hackers
Post on 24-May-2015
Embed Size (px)
DESCRIPTIONJoomla is an open-source CMS, it is supported and maintained by millions of Joomla users around the world. Though it is not easy to hack a Joomla website, because of its robust security features, but at times due to the negligence on part of developers the website becomes vulnerable to hacking.
- 1. 10 Tips to secure your Joomla websiteBy convergence IT Services https://support.convergenceservices.in/
2. What are we going to see here? Why your Joomla website got hacked? 10 ways to prevent Joomla website hacking Who are we? Contact us 3. Why your Joomla website got Hacked? Joomla is an open-source CMS, it issupported and maintained by millions of Joomla users around the world. Though it is not easy to hack a Joomla website, because of its robust security features, but at times due to the negligence on part of developers the website becomes vulnerable to hacking. 4. 10 ways to prevent Joomla website hacking Keeping hackers at a distance is not a rocket science but at the same time it should not be overlooked. Next 10 slides shows some of the common yet least understood reasons to why hackers sometimes become successful to hack Joomla websites. 5. 1. Change the default database prefix (jos_) Hackers are different breed they do all they can to hack websites and one of the most common way is to write code that will try to retrieve data from the jos_users table. This helps them to retrieve all the username and password from the super administrator of the website. To safeguard your website from such attack it is highly recommended to change the default prefix to random prefix. 6. 2. Keep your Joomla version updated Joomla CMS regularly releases its updated version by removing the existing bugs, and adding enhanced security features. Keeping your website up-to-date with the latest version can fix many of the vulnerability and keep your website safe. Though it is quite a task to keep on updating to the latest version when you have plenty of extensions like components, plugins, templates, modules and languages to upload but all the effort is worth to ensure the security of your website. 7. 3. Change your .htaccess file Joomla CMS by default has write permissions to .htaccess file since joomla has to constantly update it when you are using SEF or Search Engine Friendly url. Due to this your website becomes vulnerable for attacks so it is advisable for you to set your .htaccess permission to somewhat 444(r-r-r-) or maybe 440(r-r--) or something similar. 8. 4. Get away with old extensions and Remove leftover filesKeep your extensions up-to-date, remove the old and unsupported extensions and find a suitable alternative to it. Many times it happens that you have installed an extension but due to some reason you dont like it or it does not serve your purpose, what you do? Keep it unpublished, or let it be there forever? This is very close you can come in compromising your website. All you need to do is use a simple and harmless uninstall feature, get rid of those unwanted extensions and heave a sigh of relief. 9. 5. Remove version number and name of extensions You are a developer and you must know the ABC of Joomla security yet how many times you have slapped your hand to your head in dismay to know that you forgot to remove the version number and name of extension giving easy entry to hackers. Its better late than never. If you have not done this do it right away. 10. 6. Do not give write permission on your *.php files This is another reason why hackers exploit your website. Giving write permission on your Joomla *.php files can be a very reason why Mr.Hacker visit your website and hack it effortlessly. You should always take an effort to set the permission of all you *.php to 444. 11. 7. Do not give execute permission on public directories We become so much engrossed with our creation that we forget something very basic and important to keep hackers at bay. One of these is giving execute permission on Public directories. These directories let users to upload their files and if the directories allow scripts to run and if that script turns out to a malicious then it becomes easier for hacker to get the website infected. Just give a permission of 766 on all public directories and reduce the chances of hacking your website. 12. 8. Do not give all possible permission to the database users After setting up the Joomla website it is important that a database user should not be given all the possible permissions like INSERT rows, UPDATE rows, DELETE rows, CREATE tables etc. Joomla database user should be given only necessary permission to keep the risk of hacking through vulnerable exploit to minimum. 13. 9. Hacking through your vulnerable web-server Most of the time developers go by rule book of Joomla website hacking, which does not mention that sometime going for cheap and unreliable web-hosting can be the reason. Just to save few dollars users sometimes opt for cheap webhosting service provider and compromise on their website security. When all is said and done, this is very easy to solve all you need to do is change your web-hosting services provider and cheer up. 14. 10. Thinking you are invincibleWhether you are a small business or a large multi-billion dollar conglomerate you are never safe unless and until you make these measures as your routine exercise. Hackers are lurking everywhere finding vulnerability to the websites to hack it. Your crucial data, financial details and private information will be in peril if we dont give heed to the wisdom of Joomla website security. As the age old proverb goes, Prevention is always better than cure still hold true today. 15. Who are we? We are Convergence IT Services, software and web development company our exclusive website maintenance services Convergence support Desk offers you various Joomla and other website maintenance service plans. Loaded with tons of features and backed with expert team members this service allows your business to scale and flourish. 16. Contact us Call: 022-2513 6632 Mail: email@example.com website: support.convergenceservices.in