Joomlasupport: Joomla tutorials, knowledge base, downloads for the Joomla CMS

Main Menu

Latest News
Joomladesigns Joomla Templates February 2008 Joomla! 1.0.14 Joomla 1.5 Virtuemart Templates For Joomla Joomla 1.0.13

Syndicate

Joomla Security

Security is becoming an important factor when running a Joomla web site due to the increase in hacker activity targeting the Joomla community. Many site owners focus on the design, content and achieving a good search engine position but loose sight of putting in place the basic security for there Joomla content management system CMS until its too late.

The following tutorial may help you to secure you Joomla web site and reduce the risk of getting hacked.

1) Backup your site

The first and most important step is to backup your Joomla web site which includes taking a backup of all the core files plus the MYSQL database. Make a note in your diary to do this at least once a month because it can be a life saver when if your site gets hacked you can always recover the database and core files in a matter of hours.

2) Upgrade to the latest stable Joomla release

The core development team have released a number of updates which include both security and performance fixes and it is vital that you are running the latest version of Joomla which incorporates the new security updates.

3) 3rd party components and modules

A number of sites have being hacked due to security vulnerabilities in the 3rd party components or modules. Make sure do a complete review of all the components and modules you have installed and upgrade to the latest component or module releases. Also if you decide to remove a component or module always ensure the files associated with the components / modules are removed from your server plus the MYSQL database.

4) Directory Permissions

Once your site is ready to go and you are happy with the components / modules / templates you have installed you must set the permissions on ALL your directories and sub directories to CHMOD 744.

5) File Permissions

Set the file permissions on ALL your files to CHMOD 644

6) Configuration.php permissions

This one is important make sure you set the file permissions on the configuration.php file to CHMOD 644

7) .htaccess security

The latest Joomla release includes an updated version of the .htaccess file may reduce the risk of your Joomla site getting hacked . Make sure you transfer the .htaccess file to your server and set the CHMOD permissions to 644

8) Joomla! Register Globals Emulation

You need to ensure the register global emulation is set to OFF. To do this open the global.php file and change the following line define( 'RG_EMULATION', 1 ); and change it to
define( 'RG_EMULATION', 0 );

9) Register Globals

From the Joomla administrator area make sure the Register Globals is set to off. If the Register Globals is set to on then contact your web host who can change this for you or open the .htaccess file and add the following line of code which will change the register Globals to off.

php_flag register_globals off

Joomla security Forum

For more information about security visit the security section at the Joomla forum

< Prev		Next >

[ Back ]

Joomla Support