• Save
Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security
Upcoming SlideShare
Loading in...5
×
 

Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security

on

  • 844 views

A presentation covering the top priorities a Joomla! website administrator should consider to ensure that their website remains up to date

A presentation covering the top priorities a Joomla! website administrator should consider to ensure that their website remains up to date

Statistics

Views

Total Views
844
Views on SlideShare
840
Embed Views
4

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 4

http://paper.li 4

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security Joomla!Day UK 2011 - Virya Technologies - Ruth Cheesley - Joomla! Security Presentation Transcript

  • Joomla! Security
    Ruth Cheesley
  • Hello, I’m Ruth Cheesleyfrom Virya Technologies
    Find my social media stuff here!
    @RCheesley
  • What do we mean by security?
    View slide
  • Why bother?
    View slide
  • Where to start?
  • Security is …
    Putting measures in place to make unauthorised access more difficult
    NOT making it impossible
  • … a balancing act
    Security versus usability
    Risk versus implications
  • A quick look at server security
    Use a reputable company with Joomla! experience
    Ensure they have recommended security settings applied
    Ask others if you’re not sure!
  • Is Joomla! insecure?
    It depends!
    Often insecurities are due to poor practice by administrators including:
    Patches not being applied
    Insecure extensions
    Basic precautions not taken
  • If you do nothing else …
    Keep Joomla! and extensions up to date
  • Updating Joomla!
    Manually
    One-click (1.6.x +)
    Akeeba Admin Tools
  • If you do nothing else …
    Enable Search Engine Friendly (SEF) URL’s
  • Enable SEF URL’s
    Enable in global configuration
    With or without .htaccess
    Using extensions
  • If you do nothing else …
    Establish a regular backup routine
  • Establish a backup routine
    On-site backups
    Off-site backups
    Full or partial
    Akeeba backup
  • Other ‘must do’ security tasks
    Hide your admin portal (jSecure, Admin Tools)
    Change your database prefix (manually or using Admin Tools)
    Change your default Super Admin ID (from #62 in 1.5 or #42 in 1.6/7)
  • Hide admin portal
    Why bother?
    jSecure
    Akeeba Admin Tools
  • Change database prefix
    Why bother?
    Manually
    Akeeba Admin Tools
  • Change default admin ID
    Why bother?
    Manually
    Akeeba Admin Tools
  • Would be good to do …
    Web application firewall
  • Web Application Firewall
    Why bother?
    Akeeba Admin Tools
  • Top Ten Tips
    Keep Joomla! up to date
    Keep extensions up to date
    Hide admin portal
    Change database prefix
    Ensure correct file and folder permissions
    Disable default Super Administrator
    Enable SEF URL’s
    Establish and regularly test backup routine
    Ensure strong username/password for admins
    Do not give out Admin rights freely
  • Useful links
    http://www.viryatechnologies.com
    http://www.akeebabackup.com
    http://www.joomlaserviceprovider.com
    http://tinyurl.com/joomlasecuritychecklist
    http://www.ico.gov.uk/
  • Thank you
    Any questions?
    Ruth CheesleyVirya Technologies
    ruth.cheesley@viryatechnologies.com
    @RCheesley