 | I've been using Joomla for a long time now right back to the days of Mambo and have learn't a couple of times the hard way about securing Joomla. While I don't confess to being a security expert here's my top-ten list that I've picked up over the years that should help if you are looking to secure your site and all the work you've put into it. - Make sure your server is patched with the latest bug and security fixes.
- Check your file and directory permissions (Chmod 644 for files and 755 for folders), Joomla provides a facility to set file permissions to the required setting in the configuration panel. Don't forget that some files and folders need to be writable by Joomla.
- Make sure your Administrator password is strong (Upper and Lower case characters and difficult to remember are best).
- Create separate accounts for each Super Administrator.
- Always add a default .htaccess in the root of your site and a really good idea is a .htaccess and .htpasswd files in the administrator folder on your site. More info on .htaccess/.htpasswd protection can be found here: http://www.panix.com/web/faq/htaccess.html
- Read the Joomla Administrators Security Checklist http://docs.joomla.org/Joomla_Administrators_Security_Checklist
- Don't give out access to people that don't need it.
- Look at the JUGA for Joomla http://www.dioscouri.com/ this is a great extension for more granular access permissions in Joomla.
|
