Joomla is fast becoming the ‘CMS of choice’ for many website owners and developers today, which just goes to show how far it has come from playing second fiddle to WordPress. That said; security is still a matter of concern, not just on Joomla but on all major CMS today. Many people forget that as these technologies are evolving and ‘upgrading’ over time, so is the threat landscape. As a practice, use the following tips to protect your Joomla sites from any potential threats in the future.
If you have the Joomla website, then you know as a fact that the server is always configured. Choose the server that runs PHP in CGI mode with su_php. This allows you to run the PHO on your personal account instead of the global Apache and also eliminates any citing insecure permissions, for instance CHMOD of 777. To do so, follow these steps: 1. Set the register_globals to OFF 2. Disable the allow_url_fopen function 3. Modify magic_quotes_gpc directive as desired for your website. The recommended settings for Joomla 1.0.x is ON and protects you from poorly implemented extensions. Joomla 1.5 eliminates this setting as it can function normally either way. 4. Stop using PHP safe_mode
Disabling the FTP Layer
When installing, do not enable FTP layer since it can open potentially dangerous security holes. This is because the FTP details stored are in plain text under the Joomla Configuration file. Provided that hosting is configured and protected property, there is no need for the FTP layer.
Change Default Database Prefix (jos_)
When installing, don’t forget to change default database prefix into something arbitrary. This is because hackers today can recover the super administrator details from the jos_users table. This can result in major SQL injection attacks.
Enabling the SEF URL
Hackers can use the Google inurl: command and exploit vulnerabilities in your Joomla site. However, by enabling the SEF URLs (if you are using Joomla 1.5) from site configuration, you can protect your site from such threats. Alternatively, you may use third party extensions like SH404SEF for Joomla 1.0 and Joomla 1.5. This can prevent cyber criminals from determining loop holes and will also allow you to benefit on the SEO end.
Always remember to update your Joomla to the latest available versions to take advantage of improved CMS experience and security features. You can also subscribe to Joomla feed to receive the latest news and updates security releases. On another note, always use official sites to download Joomla!
Third Party Extensions
Joomla features over 4000 extensions which include non-commercial extensions as well. That said; never download any extensions that offer little to no value. This is because most extensions have vulnerabilities and can leave your sites at risk of cyber threats. Hence, always use the popular and reliable extensions from the top developers. Last but not the least, remember to set up a strong backup and recovery protocol for all your live websites. Hackers will continue to jeopardize our security but the least we can do is be proactive about it.