The recent spike of hack attempts on various Joomla sites has made it more urgent than ever to take actions and secure your Joomla in the best possible way. In this webinar the SiteGround Joomla Performance Guru Daniel Kanchev shows the best practices and shares insightful tricks how to protect your Joomla from getting hacked:
- Joomla administrator security settings
- Bullet-proof password tips
- Vulnerable extensions to avoid
- Web application firewall configurations
- Recommended server settings
- Intrusion detection and protection tools
- Disaster recovery plans
2. SiteGround.com - Expert Joomla Hosting
BEFORE WE BEGIN...
• 7+ years of Joomla!
experience
• 4 years with SiteGround
• Love traveling the world
• Addicted to extreme
and not secure sports
2 SiteGround.com - Expert Joomla Hosting
3. SiteGround.com - Expert Joomla Hosting
WHO SHOULD CARE
ABOUT SECURITY?
• Application/Extension developers
• Hosting providers/system administrators
• YOU (end Joomla users)
3
4. SiteGround.com - Expert Joomla Hosting
WHO SHOULD CARE
ABOUT SECURITY?
• Application/Extension developers
• Hosting providers/system administrators
• YOU (end Joomla users)
4
EVERYONE
5. SiteGround.com - Expert Joomla Hosting
Why shouldYOU care?
• Be trustworthy by protecting your clients’
data
• Have a healthy site - avoid substantial data
loss/downtime
5
15. SiteGround.com - Expert Joomla Hosting
#2: Do The Basics
• Never user admin as username
• Use a secure password
15
16. SiteGround.com - Expert Joomla Hosting
Use Bullet-proof Passwords
• Avoid password
generators
• Don’t use common
words - love,pass, admin
• Avoid personal info,
names, significant dates -
daniel123
16
17. SiteGround.com - Expert Joomla Hosting
The Perfect Password
• Choose a favorite (not famous) movie quote/
large phrase from a book:
We all go a little mad sometimes
• Add punctuation symbols ( ? ! . : ) and capital
letters, remove whitespaces
Result:We.all?Go!Alittle1Mad2sometimes
17
19. SiteGround.com - Expert Joomla Hosting
#4: Restrict The Admin Area Access
By IP
• Step1: Check your IP -> whatismyip.com
• Step2: Add this rule in the administrator
folder .htaccess file
deny from all
allow fromYOUR_IP_ADDRESS
19
20. SiteGround.com - Expert Joomla Hosting
#5: Fix your permissions &
ownership
• Folders: 0755
• Files: 0644
• Configuration.php: 444
• NEVER EVER USE 777 permissions
20
22. SiteGround.com - Expert Joomla Hosting
#6: Keep PHP Scripts In The Right
Folders
In media, libraries, logs, language folders:
<Files *.php>
deny from all
</Files>
22
26. SiteGround.com - Expert Joomla Hosting
Stay On Top Of Security
Updates
• Subscribe to the Joomla feeds:
✓http://feeds.joomla.org/JoomlaSecurityNews
✓http://feeds.joomla.org/
JoomlaSecurityVulnerableExtensions
26
27. SiteGround.com - Expert Joomla Hosting
Build a Joomla security RSS feed
How to do it: http://is.gd/Vze1Zo
28. SiteGround.com - Expert Joomla Hosting
#9:Additional protection
through .htaccess rules
• Remove PHP sensitive information
• AvoidVisual Fingerprinting
• Block some popular tools used by hackers
How to do it: http://is.gd/pGfVXQ
28
35. SiteGround.com - Expert Joomla Hosting
DISASTER RECOVERY PLAN
1. Create a copy of the hacked site + all logs
2. Restore from a clean backup
3. Quarantine your site - enable maintenance mode
4. Check the logs for the malicious code
5. Resolve the security issues/Clean malicious code
6. Unquarantine* your site - disable maintenance
mode
35
36. SiteGround.com - Expert Joomla Hosting
FEW THINGS TO TAKE AWAY
• Security is about making it harder to
infiltrate - not making it impossible
• Security is an ongoing process
• Everyone is involved
36