HOW TO SECURE YOUR JOOMLA WEBSITE ?

1
HOW TO SECURE YOUR JOOMLA WEBSITE ?

• www.HostingRaja.in

2

• There is no CMS on earth which is 100 secure and
  hacker proof. It is in the hands of website
  administrator. However, you can follow these
  simple steps which will increase the security of
  your joomla website significantly.
• Step1 Always try to use the latest version of
  Joomla. You can follow the below URL for
  upgrading the existing website
• http//docs.joomla.org/Upgrade_Instructions
• Step2 Avoid using vulnerable third party
  extensions. You can check the 3rd party/non
  Joomla! Extensions at below URL.
• http//docs.joomla.org/Vulnerable_Extensions_List
• Step3 Change the default admin username to
  something safe and unique and choose a strong
  password. Password should contain minimum 8
  letters with special characters, numbers and
  alphabets.

3

• Step 4 Always use correct hosting settings such
  as safe_mode should be ON, Joomla's Register
  Globals Emulation OFF (for Joomla 1.0.x) , use
  PHP5 rather than PHP4.
• Step 5 write-protect your Joomla configuration
  file. You can set 044 permission to the
  configuration.php file. (PHP.INI settings)
• disable_functions "show_source, system,
  shell_exec, passthru, exec, popen, proc_open,
  allow_url_fopen"
• file_uploads Off (If you dont want file
  upload, then make it off)
• safe_mode On
• Step6 Delete unused templates and unwanted
  files/folders from your root directory
• Step7 It is a common practice to give 777
  permission to the folder in joomla pack, which is
  a security threat. Correct permission of folders
  in Linux environment is 755.
• You can use this in Linux
• find /home/i/public_html -perm 777 -type f -exec
  chmod 644 \
• find /home/i/public_html -perm 777 -type d -exec
  chmod 755 \
• Step8 Change the default database prefix from
  jos_ to some other string

4

• Step 9 You need to make sue that your local
  machine from which you make changes in live
  website is virus free. This is very important.
  You can scan your computer with any updated
  antivirus available in market
• Step 10 Use SEF companent. The SEF component
  includes a security feature that sends you a
  warning whenever your site has been exposed to an
  attack. It also gives you the option to remove
  the generator tag from your site.
• Step 11 Delete the version number of installed
  extensions by editing the config files.
• Step 12 Install jsecure authentication plugin,
  this helps you in adding a suffix to your admin
  URL to make it look like this http//www.yoursite
  .com/administrator?sometext If the URL is not
  entered with a correct suffix, the site will
  redirect to a 404 (not found) page. You can also
  change the suffix regularly. This plugin is not
  free, you need to pay for it but its worth it.

5

• If you follow these steps, you can make it
  considerably difficult for a hacker to hack into
  your website.
• Hosting Raja provides security malware
  detection services free of cost to its valuable
  customers. To know more, Please visit
  http//www.hostingraja.in/joomla-security-tips