Joomla Security
Tips to Secure Your Joomla Website
We are responsible for server administration and the security of its network. As a customer of ours, you are responsible for the administration and security of your website. Outdated versions of Joomla installations, themes & plugins could result in your website being attacked.
Joomla’s wide availability makes it an appealing target for intruders. We’d like to provide you with security tips so that you can secure your Joomla website against vulnerabilities.
Vulnerabilities are what makes your website susceptible to intrusions from outsiders with malicious intent.
1. Keep your site updated
All Joomla sites and extensions should be checked regularly for issues and updates. Older versions of Joomla are not maintained with security updates.
- Apply core Joomla updates as soon as they’re released.
- Use the latest Joomla security update.
2. Carefully choose which themes and plugins you download
It only takes one plugin or template to make you vulnerable.
- Keep them updated and don’t use pirated plugins.
- Delete the Joomla templates you aren’t using.
3. Use a very strong password
A strong password protects your website content and prevents intruders from gaining access to your admin account, where they can install malicious scripts that can potentially compromise your entire website. Many potential vulnerabilities can be avoided with a strong password.
- Make sure you use a strong password for FTP passwords, Joomla login passwords and database passwords.
- Should your domain be compromised, it’s advisable you change all passwords relating to that domain.
4. Install security-related plugins
Carefully choose a Joomla security plugin that will protect your website. For example, plugins that block incorrect logins, notify you of new edits and warn you when your site is vulnerable to attack.
- Install a trusted security plugin. Use the plugin user ratings as a guide.
5. Avoid using default configurations
Changing your default settings adds another thin layer of protection against intruders. In Joomla the default name for the Super Administrator is “admin” and most intruders know this.
- Delete the default admin and create a new custom login.
6. Make backups
Before you delete anything, make a full backup of your site. Our backups are only intended for disaster recovery purposes.
- We recommend that you regularly perform your own backups.
- Backup your data on read-only media, to ensure your data has not been tampered with.
Should your website be compromised, Joomla developers recommend setting a safe route to the recovery of your website. Note, this process could take your site offline for about 15 minutes.
For further information see:
- Latest security update: joomlasecurity.org
- Security Checklist: joomla.org