According to a recent post by Royal Pingdom that compiles some intriguing Internet stats, there are roughly 634M websites in the world and around 51M are taking birth every passing year. But let’s face it: When it comes to the Web, we’re often careless. We don’t update our website regularly, skip taking its backup and rely blindly on poor hosting and third-party plugins, too. Then there are other cases as well when in spite of taking care of the basic precautions, our website gets compromised. Enough is enough: We all need to care more, give more attention to our website and make things way too difficult for hackers or automated scripts, so that neither our data nor our server gets misused in any manner.
This is not another WordPress security article – we know the Web is flooded with them. This is rather about securing the CMS that powers 2.7% of all Web and that is second to WordPress in terms of usage and popularity. You’re right, it’s Joomla.
What we must understand before starting
- There’s no short-cut to make your Joomla site secure – and there can never be one, because Joomla, like WordPress and Drupal, is an ever-evolving CMS and always will be.
- This how-to guide can only show you the way – you’re the one who has to go all through it.
- You can do it! But, of course, if you get over that make-it-and-leave-it myth.
Never let your Joomla site be a low-hanging fruit
Yes, you can unintentionally make your Joomla site a low-hanging fruit for hackers. Confused how?
- By not updating your site to the latest version of Joomla
- By talking about your problem at length in the Joomla community
- By installing third-party extensions
- By using your username as your password
- By choosing poor a host and server
So what should be done
- Update as soon as Joomla releases an update, because Joomla discloses the security bugs with its each update, making your website very much vulnerable. And it’s not only about updating your website but also your operating system and your antivirus, too.
- If there’s a security bug that Joomla Security Strike Team (JSST) hasn’t yet addressed, you don’t want to leak it to the world. Rely on JSST (firstname.lastname@example.org) more than the community.
- All that looks good ain’t good – remember this mantra. You should never install a third-party extension if it isn’t from a trusted source. Use the Joomla extensions directory for tested, bug-free extensions.
- Well, keeping the same username and password is the stupidest mistake ever.
- Thanks to Joomla as it gives a list of reliable hosts, so that you don’t fall for those snake oil merchants. Yes, the list doesn’t have a single sponsored entry, too. Also, never go for a shared server unless your budget doesn’t allow you any other option.
What other security measures are important
- Backup your website, very, very often – that too in an encrypted space.
- Construct parameterised SQL queries to bulletproof your site from SQL Injection.
- Use the SSL security protocol for communication security over the Web.
Unfortunately, there’s no surefire way to ensure the security of a Joomla website, or any website for that matter. Upgrading your site regularly, giving complete rather than partial attention to it, and taking a professional help sooner than later, however, can help you safeguard your data as well as your server against a majority of threats.