Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Brisbane Joomla Day: Defending against hackers and crackers

1,081 views

Published on

Sam Moffatt of the Joomla Core Team talks from real world experience about keeping your Joomla site safe.

Published in: Technology
  • Be the first to comment

Brisbane Joomla Day: Defending against hackers and crackers

  1. 1. Securing your Joomla! Site Sam Moffatt Development and Infrastructure
  2. 2. Get the basics right Read through docs.joomla.org: http://docs.joomla.org/Security_and_Performance_FAQs http://docs.joomla.org/Category:Security_Checklist
  3. 3. Corporate sites on corporate networks have different security requirements than those that exist on the public internet. Determine your level of trust
  4. 4. .htaccess security .htaccess files permit you to lock down access to your site and is controlled at the sever level making it one of the most effective forms of protection.
  5. 5. Deny from All Allow from 192.168.1.0/24 Lock down to your corporate LAN
  6. 6. Use a password silversaviour:tmp pasamio$ htpasswd -c .htpasswd test New password: Re-type new password: Adding password for user test
  7. 7. Use a password AuthName “Administration PreLogin” AuthType Basic AuthUserFile /path/to/file/.htpasswd require valid-user
  8. 8. Deny from All Where you don't expect a directory to be requested normally, you can put in a “Deny from All” Exceptions can be nested with “Allow from All”
  9. 9. IIS
  10. 10. Ban IP address/range There are times when you can't get access to lock stuff down, this is where Joomla! comes to the rescue.
  11. 11. jSecure Extra security for your administrator section.
  12. 12. Front end login Do you need it? Disable it in the component manager! Extensions -> Install/Uninstall -> User Component
  13. 13. Bye bye admin! For your default administrator user, rename it, change its level to registered and then block it. For extra protection, create a few dummy users before your first 'real' admin account.
  14. 14. Don't mix work and play Joomla! has lots of extensions, but your production site isn't the place to test them out. Have a local development site to try it out on!
  15. 15. If you aren't using it, remove it Do you ever find extensions on your site and you can't remember what they actually do, when you put them there and if they're still relevant? They might be good candidates to remove!
  16. 16. Stay up to date Keep up to date with not only Joomla!, but any extensions you have installed. Make sure that you regularly return to sites and subscribe to announcement lists.
  17. 17. Read More Check out the community.joomla.org site and extensions.joomla.org for “Ban IP address/range” and “jSecure”

×