Useful Tips to Secure Your Joomla Site from Hackers in 2020

A Joomla website running the latest version on a server that has been configured to best practice is inherently secure.

Vulnerabilities can be created by not having the latest core version, outdated extensions, or an incorrect server configuration.

A Security Audit of your Joomla! website will identify any vulnerabilities and how to fix them.

The Joomla Security Audit will:

• Check you are running the latest version of the Joomla core.
• Scan and locate any hacker files and malicious or suspicious code within core files
• Identify if any core Joomla files have been altered
• Check that your .htaccess file is enabled
• Check folder and file permissions
• Check if username 'Admin' or ID's of 42/62 are in use.
• Run a Server environment check
• Check Database prefix is not jos_ and user is not 'root'

Then the following actions required to be performed as:

• Update to the core to the latest version within the same release series
• Install a leading Joomla Security extension with firewall
• Remove any malicious files or code
• Change any default usernames or ID numbers
• Fix any folder/file permissions
• Create a custom .htaccess file for increased security
• Enable SEF Url's and mod_rewrite
• Configure firewall extension to block common exploits
• Add Administrator secret URL parameter
• Purge the temporary directory
• Repair and optimize all of your site's database tables
• Change your database table name prefix

Then test your website for the report of the Audit results.

Keep an eye on any third-party extensions that have updates available.

Take a full backup of your site before commencing the Audit.

Have you been hacked before?

You may have been hacked in the past and had the site restored from a backup - the problem is there may be some malicious files still on your site that allow the hackers to come back at a later stage.

Password Strength

• Should be 10-12 characters long
• Include punctuation marks and/or numbers
• Mix capital and lowercase letters
• Include substitutions, such as zero for the letter 'O'
• Use a random password generator
• Don't use names or any common phrase
• Don't use keyboard patterns or sequential numbers

Why was my site hacked?

If your site has been hacked - don't take it personally. The bad guys do it because they have been allowed to do so. Having an insecure website is a bit like leaving a window open at home. A burglar may just be in the neighborhood.