Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security

  • 633 views
Uploaded on

A presentation covering the top priorities a Joomla! website administrator should consider to ensure that their website remains up to date

A presentation covering the top priorities a Joomla! website administrator should consider to ensure that their website remains up to date

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
633
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Joomla! Security
    Ruth Cheesley
  • 2. Hello, I’m Ruth Cheesleyfrom Virya Technologies
    Find my social media stuff here!
    @RCheesley
  • 3. What do we mean by security?
  • 4. Why bother?
  • 5. Where to start?
  • 6. Security is …
    Putting measures in place to make unauthorised access more difficult
    NOT making it impossible
  • 7. … a balancing act
    Security versus usability
    Risk versus implications
  • 8. A quick look at server security
    Use a reputable company with Joomla! experience
    Ensure they have recommended security settings applied
    Ask others if you’re not sure!
  • 9. Is Joomla! insecure?
    It depends!
    Often insecurities are due to poor practice by administrators including:
    Patches not being applied
    Insecure extensions
    Basic precautions not taken
  • 10. If you do nothing else …
    Keep Joomla! and extensions up to date
  • 11. Updating Joomla!
    Manually
    One-click (1.6.x +)
    Akeeba Admin Tools
  • 12. If you do nothing else …
    Enable Search Engine Friendly (SEF) URL’s
  • 13. Enable SEF URL’s
    Enable in global configuration
    With or without .htaccess
    Using extensions
  • 14. If you do nothing else …
    Establish a regular backup routine
  • 15. Establish a backup routine
    On-site backups
    Off-site backups
    Full or partial
    Akeeba backup
  • 16. Other ‘must do’ security tasks
    Hide your admin portal (jSecure, Admin Tools)
    Change your database prefix (manually or using Admin Tools)
    Change your default Super Admin ID (from #62 in 1.5 or #42 in 1.6/7)
  • 17. Hide admin portal
    Why bother?
    jSecure
    Akeeba Admin Tools
  • 18. Change database prefix
    Why bother?
    Manually
    Akeeba Admin Tools
  • 19. Change default admin ID
    Why bother?
    Manually
    Akeeba Admin Tools
  • 20. Would be good to do …
    Web application firewall
  • 21. Web Application Firewall
    Why bother?
    Akeeba Admin Tools
  • 22. Top Ten Tips
    Keep Joomla! up to date
    Keep extensions up to date
    Hide admin portal
    Change database prefix
    Ensure correct file and folder permissions
    Disable default Super Administrator
    Enable SEF URL’s
    Establish and regularly test backup routine
    Ensure strong username/password for admins
    Do not give out Admin rights freely
  • 23. Useful links
    http://www.viryatechnologies.com
    http://www.akeebabackup.com
    http://www.joomlaserviceprovider.com
    http://tinyurl.com/joomlasecuritychecklist
    http://www.ico.gov.uk/
  • 24. Thank you
    Any questions?
    Ruth CheesleyVirya Technologies
    ruth.cheesley@viryatechnologies.com
    @RCheesley