How To Secure Your Joomla Site

Using an open source Content Management System (CMS) sometimes can be a pain in the ass. An open source CMS is very easy to get hacked if you don’t know how to use and take care of them.

I often heard many people crying because their Joomlasite was hacked by some nerd. Although the server was secure unfortunately their Joomla site was not because they didn’t patch their Joomla site regularly.

Here are some tips to make your Joomla site more secure.

  1. Always, and i mean always make sure that you use the latest Joomla version. Joomla regularly release an update to their CMS if the developer found some security issue. To get the latest infos about Joomla security issue, register to their forum and subscribeon the Security Announcements forum.
  2. Although you use the latest Joomla version, but did you also use the latest Joomla 3rd Party component, modules and mambots? Always update them when ever the developer release a new version.
  3. Turn register_global to OFF, if you don’t know how to do it just ask your hosting provider.
  4. Don’t forget to change RG_EMULATION setting from ON to OFF in globals.php file.
  5. CHMOD your configuration.php file so it other people can’t write to this file.
  6. Although Joomla’s administrator login is secure enough, but why don’t you add extra security to Joomla’s administrator directory by creating password protected directory using a .htpaswd file .
  7. admin is the default administrator username for Joomla. Create a new user with administrator level priveledge and then deactivate “admin” username.

Leave a Reply