Joomla! Security<br />Ruth Cheesley<br />
Hello, I’m Ruth Cheesleyfrom Virya Technologies<br />Find my social media stuff here!<br />@RCheesley<br />
What do we mean by security?<br />
Why bother?<br />
Where to start?<br />
Security is …<br />Putting measures in place to make unauthorised access more difficult<br />NOT making it impossible<br />
 … a balancing act<br />Security versus usability<br />Risk versus implications <br />
A quick look at server security<br />Use a reputable company with Joomla! experience<br />Ensure they have recommended sec...
Is Joomla! insecure?<br />It depends!<br />Often insecurities are due to poor practice by administrators including:<br />P...
If you do nothing else …<br />Keep Joomla! and extensions up to date<br />
Updating Joomla!<br />Manually<br />One-click (1.6.x +)<br />Akeeba Admin Tools<br />
If you do nothing else …<br />Enable Search Engine Friendly (SEF) URL’s<br />
Enable SEF URL’s<br />Enable in global configuration<br />With or without .htaccess<br />Using extensions<br />
If you do nothing else …<br />Establish a regular backup routine<br />
Establish a backup routine<br />On-site backups<br />Off-site backups<br />Full or partial<br />Akeeba backup<br />
Other ‘must do’ security tasks<br />Hide your admin portal (jSecure, Admin Tools)<br />Change your database prefix (manual...
Hide admin portal<br />Why bother?<br />jSecure<br />Akeeba Admin Tools<br />
Change database prefix<br />Why bother?<br />Manually<br />Akeeba Admin Tools<br />
Change default admin ID<br />Why bother?<br />Manually<br />Akeeba Admin Tools<br />
Would be good to do …<br />Web application firewall<br />
Web Application Firewall<br />Why bother?<br />Akeeba Admin Tools<br />
Top Ten Tips<br />Keep Joomla! up to date<br />Keep extensions up to date<br />Hide admin portal<br />Change database pref...
Useful links<br />http://www.viryatechnologies.com<br />http://www.akeebabackup.com<br />http://www.joomlaserviceprovider....
Thank you<br />Any questions?<br />Ruth CheesleyVirya Technologies<br />ruth.cheesley@viryatechnologies.com<br />@RCheesle...
Upcoming SlideShare
Loading in...5
×

Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security

713

Published on

A presentation covering the top priorities a Joomla! website administrator should consider to ensure that their website remains up to date

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
713
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security

  1. 1. Joomla! Security<br />Ruth Cheesley<br />
  2. 2. Hello, I’m Ruth Cheesleyfrom Virya Technologies<br />Find my social media stuff here!<br />@RCheesley<br />
  3. 3. What do we mean by security?<br />
  4. 4. Why bother?<br />
  5. 5. Where to start?<br />
  6. 6. Security is …<br />Putting measures in place to make unauthorised access more difficult<br />NOT making it impossible<br />
  7. 7. … a balancing act<br />Security versus usability<br />Risk versus implications <br />
  8. 8. A quick look at server security<br />Use a reputable company with Joomla! experience<br />Ensure they have recommended security settings applied<br />Ask others if you’re not sure!<br />
  9. 9. Is Joomla! insecure?<br />It depends!<br />Often insecurities are due to poor practice by administrators including:<br />Patches not being applied<br />Insecure extensions<br />Basic precautions not taken<br />
  10. 10. If you do nothing else …<br />Keep Joomla! and extensions up to date<br />
  11. 11. Updating Joomla!<br />Manually<br />One-click (1.6.x +)<br />Akeeba Admin Tools<br />
  12. 12. If you do nothing else …<br />Enable Search Engine Friendly (SEF) URL’s<br />
  13. 13. Enable SEF URL’s<br />Enable in global configuration<br />With or without .htaccess<br />Using extensions<br />
  14. 14. If you do nothing else …<br />Establish a regular backup routine<br />
  15. 15. Establish a backup routine<br />On-site backups<br />Off-site backups<br />Full or partial<br />Akeeba backup<br />
  16. 16. Other ‘must do’ security tasks<br />Hide your admin portal (jSecure, Admin Tools)<br />Change your database prefix (manually or using Admin Tools)<br />Change your default Super Admin ID (from #62 in 1.5 or #42 in 1.6/7)<br />
  17. 17. Hide admin portal<br />Why bother?<br />jSecure<br />Akeeba Admin Tools<br />
  18. 18. Change database prefix<br />Why bother?<br />Manually<br />Akeeba Admin Tools<br />
  19. 19. Change default admin ID<br />Why bother?<br />Manually<br />Akeeba Admin Tools<br />
  20. 20. Would be good to do …<br />Web application firewall<br />
  21. 21. Web Application Firewall<br />Why bother?<br />Akeeba Admin Tools<br />
  22. 22. Top Ten Tips<br />Keep Joomla! up to date<br />Keep extensions up to date<br />Hide admin portal<br />Change database prefix<br />Ensure correct file and folder permissions<br />Disable default Super Administrator<br />Enable SEF URL’s<br />Establish and regularly test backup routine<br />Ensure strong username/password for admins<br />Do not give out Admin rights freely<br />
  23. 23. Useful links<br />http://www.viryatechnologies.com<br />http://www.akeebabackup.com<br />http://www.joomlaserviceprovider.com<br />http://tinyurl.com/joomlasecuritychecklist<br />http://www.ico.gov.uk/<br />
  24. 24. Thank you<br />Any questions?<br />Ruth CheesleyVirya Technologies<br />ruth.cheesley@viryatechnologies.com<br />@RCheesley<br />

×