What are the Basic Steps to secure a based Joomla website?

1. Ensure you have the latest version of Joomla.


When your Joomla site is exploited, delete all files in your Joomla installation, saving a copy of the configuration.php file. Replace the deleted files with fresh copy of a current full version of Joomla (minus the installation directory), and fresh copy of extensions and templates used. Upload the copy of your configuration file. Only by replacing all files in the installation (including extensions and templates) you can be sure all backdoors inserted and hidden in files and directories are removed. More details can be found in the security Checklist 7 link below.


2. Review Vulnerable Extensions List


3. Review and action Security Checklist 7 to make sure you've gone through all of the steps.


4. Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc.


5. Change all passwords and if possible user names for the website host control panel and your Joomla site.


6. Use proper permissions on files and directories. They should never be 777, ideal is 644 and 755 and 600 for the configuration.php file.


7. Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).


8. Check the crontab or Task Scheduler for unexpected jobs/tasks.


9. Ensure you do not have anonymous ftp enabled.

  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

How do I secure all web pages in a directory?

Please use the browser control panel interface for password protecting your web pages. Or via...

How do I create a secure password?

Make it at least 6 characters long. Include at least one number, capital letter, or punctuation...

How do I create secure ftp directories?

To make a directory named direct that can only be accessed by userid fred, go to the directory...

How do I secure all pages in a cgi-bin directory?

To stop people from being able to read your scripts under all circumstances, end your CGI scripts...

How do I use SSL security on a webpage or form?

The webpage form that you want to be secure must be called via the secure server. The images in...

Powered by WHMCompleteSolution