Useful Tips to Secure Your Joomla Site from Hackers in 2020

by Jany Punk PHP Development Company

A Joomla website running the latest version on a server that has been configured to best practice is inherently secure.

Vulnerabilities can be created by not having the latest core version, outdated extensions, or an incorrect server configuration.

A Security Audit of your Joomla! website will identify any vulnerabilities and how to fix them.

The Joomla Security Audit will:

  • Check you are running the latest version of the Joomla core.
  • Scan and locate any hacker files and malicious or suspicious code within core files
  • Identify if any core Joomla files have been altered
  • Check that your .htaccess file is enabled
  • Check folder and file permissions
  • Check if username 'Admin' or ID's of 42/62 are in use.
  • Run a Server environment check
  • Check Database prefix is not jos_ and user is not 'root'

Then the following actions required to be performed as:

  • Update to the core to the latest version within the same release series
  • Install a leading Joomla Security extension with firewall
  • Remove any malicious files or code
  • Change any default usernames or ID numbers
  • Fix any folder/file permissions
  • Create a custom .htaccess file for increased security
  • Enable SEF Url's and mod_rewrite
  • Configure firewall extension to block common exploits
  • Add Administrator secret URL parameter
  • Purge the temporary directory
  • Repair and optimize all of your site's database tables
  • Change your database table name prefix

Then test your website for the report of the Audit results.

Keep an eye on any third-party extensions that have updates available.

Take a full backup of your site before commencing the Audit.

Have you been hacked before?

You may have been hacked in the past and had the site restored from a backup - the problem is there may be some malicious files still on your site that allow the hackers to come back at a later stage.

Password Strength

  • Should be 10-12 characters long
  • Include punctuation marks and/or numbers
  • Mix capital and lowercase letters
  • Include substitutions, such as zero for the letter 'O'
  • Use a random password generator
  • Don't use names or any common phrase
  • Don't use keyboard patterns or sequential numbers

Why was my site hacked?

If your site has been hacked - don't take it personally. The bad guys do it because they have been allowed to do so. Having an insecure website is a bit like leaving a window open at home. A burglar may just be in the neighborhood.

Sponsor Ads

About Jany Punk Advanced   PHP Development Company

39 connections, 0 recommendations, 180 honor points.
Joined APSense since, June 24th, 2017, From New York, United States.

Created on Jan 20th 2020 05:58. Viewed 368 times.


No comment, be the first to comment.
Please sign in before you comment.