As a website owner or manager there is probably nothing more frustrating than finding that your website has been hacked! The impact of the attack can vary from simple defacement through to damage to the site’s software and content. Once the attack has been discovered you then have the time consuming task of investigating the cause and rebuilding the site. As a leading content management system (CMS), Joomla!™ installations, like all the other leading CMS installations, are regularly targeted by hackers. This is the first of a series of articles focusing on how you can secure your Joomla installation.
There are a number of relatively simple steps you can take to increase the security of your Joomla installation:
(a) ensure you regularly upgrade your installation so that it is running the latest version of Joomla!
(b) review the Joomla! Administrator’s Security Checklist and follow the advice on measures you can take to make it more difficult to breach your site’s security,
(c) ensure that all administrator and site manager accounts use secure passwords,
(d) adopt a regular site backup policy,
(e) use appropriate security extensions to further strengthen your website’s defences.
We will now look at the first two of these recommendations in more detail.
Why do you need to run the latest version of Joomla
Some web site owners and managers seem to think that updating their Joomla site to the latest version is a lot of hassle and not simply a waste of effort every time a new version becomes available. They couldn’t be more wrong!There is one major reason for you to always update to the latest version of Joomla – it is Security!.
Periodically, like all publicly available software, a security hole discovered. When holes are discovered in the Joomla core, they are normally fixed by the Joomla Security Strike Team in a matter of hours, or at least within 24 hours of it being addressed as a serious threat. By failing to upgrade your site to the latest version, you will be exposing your site to known threats. This increases the risk that your will be hacked by someone exploiting one or more of the holes. In addition to security fixes, most releases contain either other bug fixes or new functionality.
Using Joomla Administrator’s Security Checklist
The checklist contains the distilled advice from the Joomla Security Strike Team (JSST). This small team of knowledgeable developers and Joomla users has produce some quite detailed advice on steps you can take to protect and secure your site. The advice ranges from choice of hosting provider through installation and operational issues. The checklist represents best practice advice for people running Joomla-based websites, ignoring the advice will significantly increase the risk your site is successfully attacked.
Pingback: Securing Directories and Files on a Joomla! website | Bodvoc's Blog
Appreciate the artlices. The last checklist link has 404 error.