Security tips to protect joomla website from hackers
October 27, 2016 Comments 0 316 Views

Security tips to protect joomla website from hackers

Protect joomla website from various hacking attempts which results because of various reasons like using of default database prefix jos__ , weak passwords or username, external plugin / components / modules vulnerabilities. As joomla is open source the hackers know your code easily and can try different tricks to break down the rules and enter in your code to insert malware.

Keep your website secure and protect joomla website by following proactive techniques.

If any hacker try to hack your website then they generally use the automate software which fire brute force techniques to attack on website and execute thousands of unauthorized admin login to enter the website admin. Also they try to execute the joomla URL directly using which hacker can insert code or upload files to joomla system. Other then this the spammer put comment / registration / contact form section in automate software to send the 1000 of spam which reach to admin or users.

1. Use htaccess file by adding it in joomla root folder.

Joomla comes with default htaccess file which is available in root with name “htaccess.txt” you can rename it to .htaccess to enable it. You can enable SEF setting from Joomla System -> Configuration. This will activate your rewrite URL and make hard for any external parties to understand the URL query string and parameter passed in URL. Also it block common exploits.

You can protect joomla website directories and administrator access by adding IP restriction. For example you can add .htaccess file with below code in your administrator folder. Where you will enter IP address from which your admin can be accessed. But please note that for this restriction you must of static IP address. You can check your IP address by adding in google search as “My IP” and search.

Above method of blocking admin with IP is very effective method and recommended to use it for all Joomla Website. All other people trying to access the admin directory will get “Access Forbidden”.

2. Add admin access security plugin to secure administrator directory.

If you do not have static IP address then you will not be able to block your administrator directory from htaccess file. So instead you can restrict administrator director using the secure key. For this you can use the plugin like jSecure Lite which provide facility in admin to enable the security key for accessing admin.

Once you add key and enable this plugin then the admin access will only be allowed using the unique key. For example if you have added key as “secureaccess” then admin can only be access by administrator/?secureaccess else the user will be taken to home page and external users will not get access to the joomla admin. This is also very essential step to protect joomla website.

3. User Accounts Security.

Joomla provide default advance user management functionality where users can register in different group like Super Admin / Admin / Manager / Registered user etc.

For the admin / manager users who have access to administrator area avoid using simple username like admin, administrator, owner, website name etc. Also keep your password very secure and which cannot be guess easily. Because with brute force hacker try all common username and password to get the login details OR try SQL injection to get the details and access.

4. Files and Folder Security.

Keep your files and folder permission correct and secure. They should be set to 644 for files and 755 for folders. This will keep your files and folders secure and disallow external users to access them.

For some folders where you need to put 777 chmod permission because of allowing uploads then you can check if that folders only have the media files like image, video, documents etc. Then you can make that folder secure by adding htaccess file with below code which will prevent execution of php files from that folders. In case of joomla such folders can be media, images etc.

5. Keep Joomla FTP settings disable.

Joomla have the FTP settings which should be disable and you should not add the FTP details. Because the hackers can access this details and connect to FTP. Also any third party plugin installed in your joomla can access this details easily so keeping it enable with FTP details can open a door for hacker to take an advantage from this details.

Previous Easy steps on how to Install Joomla on your server
Next PHP Quiz for Beginner having basic awareness

About author

Rio 37 posts

Expert web developer working in PHP, Wordpress, Joomla, Magento, Javascript etc.

You might also like

Joomla 1Comments

Virtuemart 3 code to track order transaction in Google Analytic

Virtuemart 3 is used to create eCommerce store using Joomla CMS. While working with eCommerce site there is always a requirement of tracking. The most used third party tracking is

Joomla 0 Comments

Tips to Speed Up Your Joomla Website Performance

Know how you can increase the joomla website performance by speeding up the load time with the help of various tips and techniques. Speed of website has become important topic

Joomla 0 Comments

Easy steps on how to Install Joomla on your server

Flexible and well coded content management system (CMS), which enables you to create Web sites and strong online applications. We will show you with step by step flow on how