• Save
Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security
Upcoming SlideShare
Loading in...5
×
 

Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security

on

  • 809 views

A presentation covering the top priorities a Joomla! website administrator should consider to ensure that their website remains up to date

A presentation covering the top priorities a Joomla! website administrator should consider to ensure that their website remains up to date

Statistics

Views

Total Views
809
Slideshare-icon Views on SlideShare
805
Embed Views
4

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 4

http://paper.li 4

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security Presentation Transcript

    • Joomla! Security
      Ruth Cheesley
    • Hello, I’m Ruth Cheesleyfrom Virya Technologies
      Find my social media stuff here!
      @RCheesley
    • What do we mean by security?
    • Why bother?
    • Where to start?
    • Security is …
      Putting measures in place to make unauthorised access more difficult
      NOT making it impossible
    • … a balancing act
      Security versus usability
      Risk versus implications
    • A quick look at server security
      Use a reputable company with Joomla! experience
      Ensure they have recommended security settings applied
      Ask others if you’re not sure!
    • Is Joomla! insecure?
      It depends!
      Often insecurities are due to poor practice by administrators including:
      Patches not being applied
      Insecure extensions
      Basic precautions not taken
    • If you do nothing else …
      Keep Joomla! and extensions up to date
    • Updating Joomla!
      Manually
      One-click (1.6.x +)
      Akeeba Admin Tools
    • If you do nothing else …
      Enable Search Engine Friendly (SEF) URL’s
    • Enable SEF URL’s
      Enable in global configuration
      With or without .htaccess
      Using extensions
    • If you do nothing else …
      Establish a regular backup routine
    • Establish a backup routine
      On-site backups
      Off-site backups
      Full or partial
      Akeeba backup
    • Other ‘must do’ security tasks
      Hide your admin portal (jSecure, Admin Tools)
      Change your database prefix (manually or using Admin Tools)
      Change your default Super Admin ID (from #62 in 1.5 or #42 in 1.6/7)
    • Hide admin portal
      Why bother?
      jSecure
      Akeeba Admin Tools
    • Change database prefix
      Why bother?
      Manually
      Akeeba Admin Tools
    • Change default admin ID
      Why bother?
      Manually
      Akeeba Admin Tools
    • Would be good to do …
      Web application firewall
    • Web Application Firewall
      Why bother?
      Akeeba Admin Tools
    • Top Ten Tips
      Keep Joomla! up to date
      Keep extensions up to date
      Hide admin portal
      Change database prefix
      Ensure correct file and folder permissions
      Disable default Super Administrator
      Enable SEF URL’s
      Establish and regularly test backup routine
      Ensure strong username/password for admins
      Do not give out Admin rights freely
    • Useful links
      http://www.viryatechnologies.com
      http://www.akeebabackup.com
      http://www.joomlaserviceprovider.com
      http://tinyurl.com/joomlasecuritychecklist
      http://www.ico.gov.uk/
    • Thank you
      Any questions?
      Ruth CheesleyVirya Technologies
      ruth.cheesley@viryatechnologies.com
      @RCheesley