Securing a Joomla website
Joomla is probably the most common Content Management System (CMS) out there – each day newer and newer users start using Joomla to create their websites. Joomla is also included in most script installation tools. Among them is our proprietary Elefante 1-click Free Script Installer solution for clients under the Free Reseller Program, as well as the Fantastico Script Installer tool, which is available to the web hosting customers under our cPanel Reseller Program. While the Joomla team works hard to make their software secure, there are always certain things the users can do to add extra security to their websites. Today, I will share with you some of the best practices for securing a Joomla website.
- Keep your Joomla installation up to date. With each next version of the software the Joomla developers fix security holes found in the previous version. A timely update can save you a lot of trouble.
- Change your administrator username and password. Use a good combination of letters and numbers. However, be sure not to forget the password and the username you have set.
- Make your configuration file non-writable. You can do that both from the Joomla Admin menu or via the File Manager tool provided with each web hosting account. Simply change the file permissions to 644 via the File Manager. If you are using the Joomla Admin menu, go to Site > Global Configuration and check the Make Non-Writable box.
- Always make sure you are using PHP 5. You can change the PHP version from the PHP Settings menu of the Web Hosting Control Panel.
- Make sure your files are protected. You should set file permissions to 644 and folder permissions to 755. You can modify them via any FTP client or, again, via the File Manager.
- Be careful with 3rd party extensions. A lot of problems can be caused by Joomla modules, which are not secure enough. Make sure that you always check carefully each module before installing it on your site. A quick check with Google can save you a lot of future problems.