Joomla has become one of the most popular content management systems and widely used by thousands of websites around the world. The rapid growth of Joomla makes it become good target for hackers attacks. For that reason,there are some tips you should notice to prevent attacks and improve your Joomla! sites security


1) Choose good server & Host

For a website, selecting appropriate server and host is extremely important. If you're using a bad host, think about changing your host supplier or using a completely seperate server avoid shared security issues.

2) Activate and use .htaccess file

Make sure that you change htaccess.txt to .htaccess then put it in your site's root folder. You can also add some rules to rewrite for it to prevent the possibility of unaccepted exploitation.

3) Change your site's permission & default admin account.

Carefully set permission for files CHMOD (Note that nothing must be set to 777 which gives full rights to an account). Also change Joomla default accounts name.

4) Have a backup & troubleshoot plan

Remember to backup your site regularly in case your site being attack. (prevent is better than cure). If you dont have time to backup. you can use Codeguard as your code protector which is backup your web daily and you can undo it anytimes.


5) Manage your extension well

Please make sure all extensions you install is up to date. You might want to consider some added protection plugin such as RSFirewall.

6) Remove unused files

If you installed many extension that not being used. Please uninstall them.

7) Change prefix of default database

Use another random name instead of deafault prefix jos_users.

8) Use SSL certificate

Use ssl on your website. When you subscribe shared hosting with MTA Solutions, a FREE SSL will be installed in your website.

9) Protect your password

Do not use common password or easy password like admin123. It make easy for hackers to login. Always change your pass regularly.

10) Turn off FTP layer

Disable FTP layer of Joomla ensure that it wont save your login informations

11) Turn off Register_globals

Its strongly recomended to turn it off. If you dont know about it ask your server provider.

12) Use SEF Urls

It wil improves you rank in Google search results.

13) Buy additional firewall.

Its always good to have more layer of security. Your website is your business. You dont want to take security breach chances. You can use Sitelock.

at 02/03/2018, 03:36am

Updated: at 02/03/2018, 03:40am

Been read 6153 times

Similar Articles

What People wrote...