Support Forum

  • Page:
  • 1

Securing Your Joomla

zentoolsIf you use Zentools please post a review at the Joomla! Extensions Directory.

Over the past few months I have been on a mission looking for and test driving different Joomla security applications. Below is a list of the different programs I have found to be very useful and best of all... they are free (or near free).

jSecure Authentication: (* small annual fee)
www.joomlaserviceprovider.com/component/ambrasubs/file/view/5/8.html

jFireWall Lite:
extensions.joomla.org/extensions/access-a-security/site-security/4065

Site Scan:
extensions.joomla.org/extensions/tools/site-management-tools/12152

Change Database Prefix:
extensions.joomla.org/extensions/tools/database-tools/12150

Secure admin: (*)
extensions.joomla.org/extensions/access-a-security/backend-a-full-access-control/12142

The ones with an (*) after their names are recommended. I almost put Change Database Prefix on this list but did not because it requires a far amount of planning/logic on your behalf with no documentation to assist you. The 'Secure admin' is a brand new Joomla extension offering and shows a lot of promise. For those of you working behind strange or odd hosting servers I would strongly suggest looking at 'Site Scan'. This external application will scan your entire folder/file structure and set the proper permissions of your folders/directories to 755 and files to 644.

Even after using any or all of these applications, there are NO GUARANTEES that your Joomla site will be 100% safe and secure. Since Joomla is an Open Source CMS application interacting with MySQL another Open Source application, a lot of 'bad guys' know ways around almost all security software. The best prevention you can do for your site is having a daily MySQL dump sent to you via email. I would highly recommend,

JBackup System Plugin:
extensions.joomla.org/extensions/access-a-security/backup/5762

With a daily MySQL backup you are just one day behind a complete rebuild of your crashed or hacked Joomla site.

Ed

p.s. If you have tried or use something different with success, pass it along... PLEASE!
  • Ed's Avatar
  • Ed
  • LIfetime Developer - Big Bamboo
  • 1693 posts
  • 45 Thanks
  • Karma: 60
The administrator has disabled public write access.
Thanks very much Ed,
I must admit I'm a lazy bugger when it comes to this stuff. I think you might have just gave me my belated new years resolution.

Hope your Well Ed, look forward to seeing you around JB!

Ben.
  • Ben Carter's Avatar
  • Ben Carter
  • Previous Member
  • 160 posts
  • Karma: 6
The administrator has disabled public write access.
Wow thanks Ed - plenty of reading and playing to be done now :)

Cheers Anthony
  • Anthony Olsen's Avatar
  • Anthony Olsen
  • LIfetime Developer - Big Bamboo
  • 23925 posts
  • 788 Thanks
  • Karma: 433
The administrator has disabled public write access.
Hi Ed, most of the links are now broken in this article, I guess the landscape changes quickly in the JED. I do have a comment, I downloaded EasySQL, based on the desire to change table jos_ prefixes, and it only works on some sites, of course as with all these measures it seems so easy to break the site when changing parameters (which I did to one of my sites, while trying to figure out the addon, and Anthony helped me fix it) There is a current question in the Joomla forum on EasySQL with the same issue I had about file being unwritable, I will keep an eye on it and update my own post.
  • handsun's Avatar
  • handsun
  • 12 Month basic
  • 511 posts
  • Karma: 1
The administrator has disabled public write access.
Akeeba Admin Tools Pro would be my recommendation, it does *everything* Ed lists above (with the exception of DB prefix changing) and (lots) more. At Eur 20 it seems like a no-brainer. Combine that with Akeeba backup Pro, with the lazybackup plugin it now includes and you are totally covered.

DB prefix is something I always change at install time, when it's easy. I have never tried to cahnge it post install, as there is a potential to breal a lot of stuff!
  • Seth's Avatar
  • Seth
  • Moderator
  • 8358 posts
  • 225 Thanks
  • Karma: 202
The administrator has disabled public write access.
Wow... I had no idea how much the 'landscape' had changed. Thanks for posting and letting us all know this. Here is a current list that have some of my original listed but as with life, things have changed slightly. In closing... don't rely on just this list. Do your homework and ask questions along the way.

extensions.joomla.org/extensions/access-a-security/site-security/site-protection
extensions.joomla.org/extensions/access-a-security/site-security/backup

Applications I use on production sites include;

jHackGuard (Non-Commercial)
extensions.joomla.org/extensions/access-a-security/site-security/site-protection/13233

Admin Tools (Commercial)
extensions.joomla.org/extensions/access-a-security/site-security/site-protection/14087

JDefender (Non-Commercial - Joomla 1.0 ONLY)
extensions.joomla.org/extensions/access-a-security/site-security/site-protection/11359

Marco's SQL Injection (Non-Commercial)
extensions.joomla.org/extensions/access-a-security/site-security/site-protection/12731

jSecure Authentication (Commercial)
www.joomlaserviceprovider.com/component/ambrasubs/file/view/5/8.html

Akeeba Backup (Non-Commercial & Commercial versions)
extensions.joomla.org/extensions/access-a-security/site-security/backup/1606

Finally, for excellent reading regarding securing your Joomla install, give this link a go;
docs.joomla.org/Category:Security_Checklist

Also, know what you are installing into your Joomla. Bookmark this link and keep up-to-date of extensions that present potential harm to your installation. If you can, stay clear of these extensions. If you are currently using any one or more that are listed. Contact the developer and see where they are in fixing their product. Remember... it may be their application but it is YOUR site! Oddly, the majority of extensions listed are of the 'Commercial' type. This alone just angers me to no end. You and I PAY for these applications and for me, I'd expect nothing but 100% compliance.
docs.joomla.org/Vulnerable_Extensions_List

Ed
  • Ed's Avatar
  • Ed
  • LIfetime Developer - Big Bamboo
  • 1693 posts
  • 45 Thanks
  • Karma: 60
The administrator has disabled public write access.
Thank you Ed, for your continuing support on the security topic, still waiting on an answer from the Joomla forum on Easysql For the sites I have already built, am making sure I have a current backup of each of my sites, on my computer and backed up on a flash drive as well, Akeeba is the Best! take care, Carin
  • handsun's Avatar
  • handsun
  • 12 Month basic
  • 511 posts
  • Karma: 1
The administrator has disabled public write access.
Carin,

No problem... I'm no expert on the subject just trying to say one step ahead.
Akeeba is the Best!
I only wish it would do my laundry also!

Something to consider, if you do not already have either WAMP (Windows) or MAMP (Mac) on your local computer... strongly consider it. It makes doing adjustments to core code and MySQL a whole lot saver then on a production server. Tie this in with Akeeba and you'll have the best of all worlds!

Ed
  • Ed's Avatar
  • Ed
  • LIfetime Developer - Big Bamboo
  • 1693 posts
  • 45 Thanks
  • Karma: 60
Last Edit: 9 years 3 months ago by Ed.
The administrator has disabled public write access.
Hey Guys according to the topic of securing the joomla site i think that Joomla is very protected.Especially with the arriving Joomla 1.5 launch, protection will again be enhanced. While most primary elements are protected and secure, often online hackers get into the system by using third celebration additions. Thanks!!
  • markspend1's Avatar
  • markspend1
  • JB Pro
  • 4 posts
  • Karma: 0
The administrator has disabled public write access.
Thanks for your input

Think you mean joomla 3 rather than 1.5?

Cheers
Paul
  • manh's Avatar
  • manh
  • Moderator
  • 45248 posts
  • 2106 Thanks
  • Karma: 603
The administrator has disabled public write access.

zentoolsIf you use Zentools please post a review at the Joomla! Extensions Directory.

Happy Campers