A list of tips to secure a Joomla installation
Tips to prevent your Joomla website from being hacked.
Each new Joomla update come with several security patches, not updating means getting into troubles sooner or later, as new vulnerabilities are discovered from time to time.
Avoid old extensions
You should always keep your extensions updated, if you are using an old extension without support, find an alternative or deactivate it.
Adjust files and directories permissions
Files owner should be your user so you can edit them, while your group (with lesser rights) should be the web server.
$ chown -R user:www-data /var/www/joomla-dir
configuration.phpshouldn’t have write permissions, it would leave them vulnerable to attacks.
- PHP files
- All the PHP files shouldn’t have write permissions.
Fix images folder allowed files
The images folder should only contains images, it should block users from trying to upload every other type of file, specially scripts.
Not try new extensions until they are well tested or popular in the Joomla community.
Administrator area with HTTP basic auth
Protect the Administrator area, usually the
HTTP Basic Authentication.
Useful to prevent dictionary attacks in the Joomla Administrator area.
After having a secure website it is worth reading How to find Malware and hacked files on a Joomla Site.