How to secure a joomla site
How to secure a joomla site.
There are literally millions of joomla sites out on the web and many are hacked, the common cause is carelessness where installers have not secured the installed after they have been completed.
Here is a checklist of items that will help you to make hacking less likely. It will not prevent it from ever happening but it will lessen the chances.
- never store passwords on ftp clients
- change ftp passwords on a monthly basis at least
- always remove the default admin user and create a new admin user with a login id of anything other than admin
- make your templates folder read only and all the files therein
- make all files with permissions on the site to be 644.
- make images cache and tmp writable They should be should never be 777, but ideal is 644 for files and 755 folders.
- backup your site weekly all files and database ( use sitevault )
- extensions often carry security vunerabilities
- always update your joomla installation with latest security updates
- never let your joomla installation become obsolete
- never let joomla store your FTP details
- never let your browser store your passwords
- a full up to date checklist is located here
- never substitute convience for security
Remember your site is only as secure as the last security patch applied.
Joomla is a stable and secure CMS the issues are with careless installations.
