How to secure Joomla websites
Listed below are simple, yet powerful methods and practices to secure and protect a Joomla based website running on a Linux VPS from being compromised:
- Keep the Joomla installation including all installed components, modules and third-party extensions up to date by upgrading them whenever a new version comes out. This is probably the most important part of securing Joomla based websites. Many hackers exploit security vulnerabilities that have been identified in outdated versions of Joomla core files and extensions, that for example allows a hacker to upload files to a Joomla website, so keeping your install up to date is an easy way to prevent most hacking attempts. Install and use only extensions from trusted sites that have a good reputation. Delete all themes, modules and extensions which you are not going to use.
- Another simple step that hardens a Joomla website significantly is to choose a username other than ‘administrator’ or ‘admin’ for the administration account, as brute force attacks will often try to break in by using these usernames. Also, ensure the administration account has a very strong password. If you do not need new users added from Joomla front-end, disable new user registration.
- Set the appropriate permissions on Joomla files and directories. Never use 777 permissions for a file or directory because having directories and files with 777 privileges is a huge security risk! All files should be set to 644 and directories should be set to 755.
- The security of any Joomla website can be greatly improved if the access to the administrator back-end area is restricted. It can be done by password protecting the ‘administrator’ directory of the Joomla based web site. To do this, follow the instructions in our tutorials on how to password protect directories with nginx or password protect a directory using htaccess on a virtual server with Apache running on it. DirectAdmin and cPanel control panels provide an easy way of password protecting a directory. More information on how to use the cPanel password protection tool to password protect directories is available here. More information on directory password protection using DirectAdmin is available here.
Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to do this for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.