Your SlideShare is downloading. ×
Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security

678
views

Published on

A presentation covering the top priorities a Joomla! website administrator should consider to ensure that their website remains up to date

A presentation covering the top priorities a Joomla! website administrator should consider to ensure that their website remains up to date

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
678
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Joomla! Security
    Ruth Cheesley
  • 2. Hello, I’m Ruth Cheesleyfrom Virya Technologies
    Find my social media stuff here!
    @RCheesley
  • 3. What do we mean by security?
  • 4. Why bother?
  • 5. Where to start?
  • 6. Security is …
    Putting measures in place to make unauthorised access more difficult
    NOT making it impossible
  • 7. … a balancing act
    Security versus usability
    Risk versus implications
  • 8. A quick look at server security
    Use a reputable company with Joomla! experience
    Ensure they have recommended security settings applied
    Ask others if you’re not sure!
  • 9. Is Joomla! insecure?
    It depends!
    Often insecurities are due to poor practice by administrators including:
    Patches not being applied
    Insecure extensions
    Basic precautions not taken
  • 10. If you do nothing else …
    Keep Joomla! and extensions up to date
  • 11. Updating Joomla!
    Manually
    One-click (1.6.x +)
    Akeeba Admin Tools
  • 12. If you do nothing else …
    Enable Search Engine Friendly (SEF) URL’s
  • 13. Enable SEF URL’s
    Enable in global configuration
    With or without .htaccess
    Using extensions
  • 14. If you do nothing else …
    Establish a regular backup routine
  • 15. Establish a backup routine
    On-site backups
    Off-site backups
    Full or partial
    Akeeba backup
  • 16. Other ‘must do’ security tasks
    Hide your admin portal (jSecure, Admin Tools)
    Change your database prefix (manually or using Admin Tools)
    Change your default Super Admin ID (from #62 in 1.5 or #42 in 1.6/7)
  • 17. Hide admin portal
    Why bother?
    jSecure
    Akeeba Admin Tools
  • 18. Change database prefix
    Why bother?
    Manually
    Akeeba Admin Tools
  • 19. Change default admin ID
    Why bother?
    Manually
    Akeeba Admin Tools
  • 20. Would be good to do …
    Web application firewall
  • 21. Web Application Firewall
    Why bother?
    Akeeba Admin Tools
  • 22. Top Ten Tips
    Keep Joomla! up to date
    Keep extensions up to date
    Hide admin portal
    Change database prefix
    Ensure correct file and folder permissions
    Disable default Super Administrator
    Enable SEF URL’s
    Establish and regularly test backup routine
    Ensure strong username/password for admins
    Do not give out Admin rights freely
  • 23. Useful links
    http://www.viryatechnologies.com
    http://www.akeebabackup.com
    http://www.joomlaserviceprovider.com
    http://tinyurl.com/joomlasecuritychecklist
    http://www.ico.gov.uk/
  • 24. Thank you
    Any questions?
    Ruth CheesleyVirya Technologies
    ruth.cheesley@viryatechnologies.com
    @RCheesley

×