|
Joomla has established itself as one of the best Content Management Services in the industry. When sites around the globe start using a specific technology, naturally the security threats pivoting that technology also arises. To tackle the increasing security hassles Joomla developers keep tweaking the site and the service in different ways to ensure the optimal configuration is obtained which can withstand any level of threats to the security. The following are some tips to the users and other Joomla developers for ensuring that the site they are developing or using is secure. Proper Hosting Environment For all site the platform in which the site is built is the basic foundation and it is always important to check if it is properly configured. There are numerous kinds of attacks that happen to sites hosted in a platform which has no tweaked its security and the arrangements are not done efficiently. Host your site on a server that runs PHP in CGI mode with su_php. This means that PHP runs under your own account user instead of the global Apache user and you don’t need to set insecure global permissions like CHMOD of 777. a. Set register_globals OFF b. Disable allow_url_fopen c. Adjust the magic_quotes_gpc directive as needed for your site. The recommended setting for Joomla! 1.0. X is ON to protect against poorly-written extensions. Joomla! 1.5 ignores this setting and works fine either way. d. Don’t use PHP safe_mode Change the Default Database Prefix (jos_) Every database is named in a default way and the names and extensions they are given are rather common. Due to this bots and other automated entities find it simple to attack the database by random ruling. To avoid this the during installation the default database prefix could be altered to something random rather than using the same default name of jos_users table which will prevent most of the SQL injection attacks as hackers try to retrieve superadmin details. Disable FTP Layer FTP details are stored in the form of plain text under a Joomla configuration file. This becomes a potential security hole. To avoid this glitch it is recommended to all users, Joomla developers and Joomla programmers to disable the FTP layer. Change Superadministrator Username Bots and other hazards which try to attack a site are programmed in such a way that if the superadministrator’s username assigned by the Joomla developers has not been changed and remains to be “Admin”, it will easily get access to the site. To avoid this it is always wise to change the username and password of the superadministrator to something inconspicuous like “ted_123” etc. Setup a backup and recovery process Joomla developers are notified to rely on a strong backup and recovery protocol for your live website. It’s not just hacking that may compromise your website but other factors like a faulty upgrade or extension install, hardware failure, hosting provider issues. You can use JoomlaPack, a non-commercial component native for both Joomla 1.0 and 1.5 for backup. Use Strong Password For administrator accounts it is advisable to use a strong password which cannot be deciphered by automated bots. Characteristics of a strong password that Joomla developers have to keep in mind are as follows: • has at least 15 characters; • has uppercase letters; • has lowercase letters; • has numbers; • has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # \ < , > . ? / • is not like your previous passwords; • is not your name; • is not your login; • is not your friend’s name; • is not your family member’s name; • is not a dictionary word; • is not a common name. A good addition is to password protect the administrator folder. In apache web server, you can do this htaccess file or in cpanel, you can use Password Protected Directory option to setup a password. This will add another layer of username/password before someone reaches your Joomla admin details. Needless to say, have this password different from Joomla admin password. DCKAP can build robust and reliable applications on the Joomla framework with experienced Joomla developers, Joomla programmer, Joomla programmers, Joomla developer, Joomla development services, Joomla integration, migration, maintenance and support.
Related Articles -
Joomla developer, Joomla developers, Joomla programmer, Joomla programmers,
| 
