Compassdesigns.net

Teaching - Web - Sailing

  • Home
  • Services

Joomla Security in 3 Easy (ish) Steps

July 5, 2010 By barrie@compassdesigns.net Leave a Comment

Of course, life isn’t so simple. The reality of Joomla security is much more complex, as these are very generalized tasks. Other things to think about as you are securing your website.

  • If you have a website – someone needs to be keeping it safe.
    If it’s not you, make sure you know who it is (btw, its not your hosting company unless its a managed one like Simplweb). Unless you live in Vermont, you probably lock your house and car; do the same for your site!
  • You are being hacked all the time.
    All sites are – check your logs! Hacker bots are continually scouring the web trying to find server weaknesses. The troubles start when they find one.
  • Just like insurance – Joomla security is only thought of *after* you have a problem.
    You need to consider security a cost of goods. Would you drive with no car insurance? Time and resources for securing your site are an ongoing cost of running your website.
  • It’s not Joomla security – its web security.
    Your CMS is only the front facing part of your website. There are lots of ways to hack into your site… FTP, apache, or simply poor password management. Make sure you are looking at the big picture.
  • Yes, keep extensions up to date!
    Joomla has probably the biggest universe of 3rd party plugins for any open source CMS. Along with that, the quality insurance is difficult. Use only trusted sources and make sure you have the latest version.
  • Keep Joomla up to date (duh)
  • Have a backup of your site.
    You should be able to get back online from a dead server in 1 day or less. You might be backing up everything with tools provided by your host, using a Joomla-only backup tool like Akeeba, or maybe you are paying for managed hosting for them to it.
  • As your site grows, it paints a bigger target on itself for hackers.
    If your site is doing well, then you need to make sure you are taking extra steps with security. This is most often non-Joomla steps like hardening the server, turning off FTP and installing Apache firewalls and security.

Joomla Security Resources

I have tried to gather a range of resources, from official news to useful 3rd party guides. Everything here is based on personal interaction rather than a quick untrusted search through Google.

Joomla Security Strike Team
http://developer.joomla.org/security.html

RSS Feed of Security issues (these appear to be the same feed)
Security RSS Feed – http://feeds.joomla.org/JoomlaSecurityNews
Vulnerability News – http://developer.joomla.org/security/news.html

Official Documentation on Joomla Security
http://docs.joomla.org/Category:Security_Checklist

Official Vulnerable Extensions List
http://docs.joomla.org/Vulnerable_Extensions_List

Useful 3rd Party Security Tutorials
http://www.howtojoomla.net/how-tos/security/joomla-security-primer
http://www.compassdesigns.net/joomla-blog/review-of-securelive-joomla-security-extension
http://www.joomlashack.com/university/intermediate-course/199-21-techniques-to-secure-a-joomla-website (requires subscription)

Security Consultants
Tom Canavan – http://www.joomlarescue.com
Phil Taylor – http://www.phil-taylor.com

Security Extensions
Secure Live – http://www.securelive.net

Fully Managed Joomla Hosting (all patches, backups and security monitored)
Simplweb – http://www.simplweb.com

Filed Under: Uncategorized

The Skinny

I am an entrepreneur, web consultant, author and educator.

I have been involved in starting a K-12 School District, a Private High School, and three web tech companies. I also wrote one of the original and best selling books on Joomla.

And I like sailing with kids.

Recent Posts

  • Teenager Invents New Type of Hunting Camo Suit
  • A Parent’s Guide to Proficiency Based Learning
  • Proficiency/Competency Based Learning in NGSS Classrooms
  • Hunting Camouflage Website Launched
  • Get More Email Newsletter Signups With These Easy Tips
  • Proficiency Based Learning Resources
  • Social Media Redux
  • How to turn off WordPress Comments if you use Disqus
  • The API was Yesterday. The Tomorrow is iPaaS
  • Left Hook Digital Named Zapier’s First Integration Developer Partner

Top Posts

  • What Exactly is Standards-Based Teaching and Learning
  • USCG vs SOLAS Flares for Offshore Sailing

Blogroll

See3D Camo

Blaze Orange Camo

Vermont CPR

Copyright © 2023 Compass Designs ยท Musings on Education, Life, Joomla and the Web by Barrie North