Joomla Security Optimize Joomla Security
| Optimize Joomla Security |
|
Change the default database prefix (jos_) Most SQL injections that are written to hack a Joomla! website, try to retrieve data from the jos_users table. This way, they can retrieve the username and password from the super administrator of the website. Changing the default prefix into something random, will prevent (most / all) SQL injections. Remove version number / name of extensions Most vulnerabilities only occur in a specific release of a specific extension. Showing MyExtension version 2.14 is a really bad thing. Use a SEF component Most hackers use the Google inurl: command to search for a vulnerable exploit. Re-write your URL's and prevent hackers from finding the exploits. Additionally, you'll get a higher rank in Google when using search engine friendly URL's. Keep Joomla! and extensions up to date This one is pretty obvious. Always check for the latest versions of Joomla! and the extensions you're using. Many vulnerabilities are resolved most of the times in later versions. Use the correct CHMOD for each folder and file Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:
Delete leftover files When you installed an extension that you didn't like, don't set the extension to unbublished. If you do, the vulnerable files will still be on your website. So simply use the un-install function to totally get rid of the extension. Change your .htaccess file Add the following lines to your .htaccess file to block out some common exploits. # Block out any script trying to set a mosConfig value through the URL |