Get The Official The BloggerPreneur Roadmap With Success Enroute By Subscribing To My Free Newsletters.For a web developer and designer Joomla is a great platform to deploy content managed and interactive web sites, as well as the standard business web site. With templates and template creators it makes a fast, efficient high quality publishing platform in a highly competitive industry. But security can be an issue for those unaware of the problems.
With my first use of Joomla I installed the files but as I wasn’t sure I was going to stay using it I took the quick and easy route of setting user names and passwords to one of the usual defaults that we all use. A big mistake! After a couple of months I suddenly found my business web site being reported as dangerous in Google Chrome, with various medical ‘products’ being shown in the search results. Then a colleague informed me that Avast had reported viruses when he browsed the website.
On checking the site I found code inserted into template files, and a whole new directory containing virus filled folders and links to a range of dubious product sellers. To repair it I had to delete the whole site and reinstall using a database backup.
Since then I’ve learnt a lot about Joomla security and all my sites are no fully secure. The following will help you avoid the basic mistakes:
1. Make sure to set strong passwords on the admin log in and database right from the start.
2. Avoid setting any file or directory permissions to 777 (r/w/x) – that’s writable to everyone. Keep folders as 755, files as 644 and config files as 666. If you don’t understand file permissions search for some information and learn.
3. Change the default database table name from jos_ to something else at the time of install.
4. Only use the minimum of extensions. For the ones you do use search online to check that they don’t have any security issues.
5. If you don’t want to use an extension that you’ve tried out make sure to remove it rather than just set it inactive. This way all the files will be deleted from the server. You can easily reinstall extensions when needed.
6. Check and apply upgrades and patches as they appear, especially if they include security updates.
7. Check the site regularly for any unauthorised changes. Use info:domain in Google to see the results of indexing.
8. As a last point make sure you backup the database, templates, images and other media, and anything else that has been uploaded to the site or customized. Your web host may provide a facility to backup the MySQL database, but if not then learn to use phpMyAdmin, it should be provided by the web host.
Joomla is a great piece of software and most issues of security are down to server config and user error. You can remove both issues by taking a little time to understand how to maintain a secure Joomla site.
Well-written. Thanks. I have been learning a lot about content management lately. I have also been experimenting with setting up an e-commerce site using WordPress. Have you ever done that? Any suggestions for me? It’s pretty fun learning it. If you’d like to see my blog it’s here. Thanks again for this blog – it is really educational.
Love this post! Thanks for this. I’ll be sure to come back again. P.S: I’ve bookmark your site as well.