The sixth major revision of my security introduction presentation,

1. Joomla! Security 101
version 6.0

2. Mission: Impossible
Talking in-depth about Joomla! security in 30 minutes
or less... but I’ll try!

3. Put your pens away
Sit back and enjoy

4. Updated server software
PHP, MySQL, Apache, FTP Server...

5. Permissions & ownership
Who can do what and where

6. Sane ownership &
permissions
All files and folders owned by the FTP user
Use Joomla!’s FTP mode on shared hosts
Folders 0755 permissions • Files 0644 permissions
If you “must” use 0777 (don’t!), protect with .htaccess
order deny, allow
deny from all
allow from none
Better yet, use suPHP or FastCGI

7. Too much to remember?
Akeeba Backup User’s Guide, Security
Information
https://www.akeebabackup.com/documentation/
akeeba-backup-documentation/security-info.html
777: The number of the beast
http://www.dionysopoulos.me/blog/777-the-number-
of-the-beast

8. Update, yesterday
Joomla! & extensions

9. Think before installing
Don’t be the mouse in the trap!

10. Length matters

11. Your Password’s length matters

12. A terrifying thought
Password hacking super-computer: 2,700 USD
(back in 2010; much cheaper now)

13. How safe is your password?
Password Bits Iterations Time to crack
15082005
admin
ortrtaortftaaidbt
0rtrTA0rtfTa&idbT
horse correct battery stapler
13,6 12416 0.00038 msec
15,9 61147 0.00185 msec
67,7 2,39e+20 228.95 years
88,2 3,55e+26 340 million years
107,2 1,86e+32 178179 billion years

14. Derive from a sentence

15. Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog

16. Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog
t
q
b
f
j
o
t
l
d

17. Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog
t
q
b
f
j
o
t
l
d
t
q
b
F
j
o
t
l
D

18. Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog
t
q
b
f
j
o
t
l
d
t
q
b
F
j
o
t
l
D
+
q
b
F
j
o
+
l
D

19. Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog
t
q
b
f
j
o
t
l
d
t
q
b
F
j
o
t
l
D
+
q
b
F
j
o
+
l
D
+
q
b
F
j
0
+
1
D

20. Derive from a sentence
+qbFj0+1D

21. Still unsure? Write it down
And keep it ON YOUR PERSON!
+qbFj0+1D

22. Use a password manager
And keep it on your person (mobile device)

23. Lock it down
Nothing on my site runs unless I say so

24. .htaccess Rules
My Master .htaccess - FREE
http://akeeba.assembla.com/code/master-htaccess/
git/nodes/htaccess.txt
Admin Tools Professional
https://www.akeebabackup.com/products/46-
software/855-admintools.html

25. Armor up
Protect your site

26. Backups
Frequent, automated, off-site backups

27. Use myJoomla.com
Dead easy site auditing – and fixing!

28. In spite of it all…

29. Dammit!
You got hacked, now what?

30. DON’T
PANIC

31. We’ve got instructions
Unhacking your site
https://www.akeebabackup.com/documentation/
walkthroughs/item/1124-unhacking-your-site.html
You do have backups, right?
You did use myJoomla.com, right?
Make sure you read the instructions before getting
hacked.

32. Questions?

33. Download this presentation
http://akeeba.info/asjd13bih

34. Thank you for listening!
Image credits for copyrighted images: sxc.hu; istockphoto.com
Coprights of the logos and screenshots of software displayed in this presentaiton is owned by their respective companies