Content management system Joomla offers a fast, powerful website option that’s easy to use and flexible enough to accommodate many needs. While Joomla does have a range of benefits, outdated Joomla sites can be vulnerable to hacks. A hacked website gives customers a bad impression of you and may lead to data leakage. In January 2013 alone, 1,252,308 fraudulent login attempts to Joomla were blocked. This is no small problem. Make sure your Joomla site is hack-proof, and then keep your site up to date to avoid future problems.
Known Joomla Security Issues
Some of the most common issues regarding Joomla security include:
- Forced password attack: Many hackers try to guess passwords to gain access to Joomla sites. A weak password like “123456” is easy for hackers to guess. A best practices password contains a combination of uppercase and lowercase letters, special characters or numbers and is not something that could be easily guessed, such as your child’s name. If your username is generic — i.e., admin or administrator — change this to something more complex to avoid being password hacked.
- Arbitrary PHP code: Once hackers access your site, they can insert rogue PHP code into your Joomla site, using your site to send phishing attacks and more. Updating your version of Joomla to the latest and applying any patches adds some measure of security.
- Unused extensions: Old, unused extensions risk composing your Joomla site because they are an easy target for hackers. Delete unused extensions regularly.
- Broad user permissions: Allowing registered users to upload any files to your site is really begging for trouble. Revise user permissions by imposing file size and type limits.
While these issues are common, they are not exclusive. Many other issues stem from choosing inexpensive web hosts with lax security, not backing up your site and generally being lax about data and security administration. Find a good Joomla host and you won’t have to deal with many of these issues.
Making Sure Your Joomla Site is Secure
If these problems sound familiar, secure your Joomla site now or risk remaining vulnerable. Begin by fixing any issues mentioned above. As a second step, back up your Joomla site and automate a regular backup, if you haven’t done so. If your site changes little, you may decide to backup once a month or once a week. If you’re constantly tweaking your site, backing up once a day might be ideal. After you’ve backed up your Joomla site, delete anything that isn’t being used.
These basic steps do a lot of the work for you. Next-level security upgrades include keeping an eye on Joomla updates using add-ons that automatically update you when admin updates roll out. Keeping a closer eye on the Joomla community, via forums, Joomla blogs or Twitter is useful as well. When you are keyed in to the Joomla community, you’ll hear about fresh security threats as they are uncovered, not months later when your site may already be compromised.
While this may sound like a lot of work, you can automate much of it to reduce regular time commitment. The initial file cleanup will be the most time-intensive, and once you get a feel for the work, you may come to enjoy it. Your reward for amping up site security is the peace of mind and customer satisfaction that come with a well-maintained, clean site.
Image credit: joesive47 on Freedigitalphotos.net