Successfully reported this slideshow.

Joomla Security


Published on

A basic overview of security measures to help protect your Joomla! website

  • Be the first to comment

Joomla Security

  1. 1. Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
  2. 2. Security in Joomla <ul><li>What do we mean by “security”? </li></ul><ul><li>Why bother? </li></ul><ul><li>What can I do to keep my sites secure? </li></ul>
  3. 4. A balancing act?
  4. 5. What is Security? <ul><li>Authorised Access to data & files </li></ul><ul><li>Prevention of malicious attacks & unauthorised access via </li></ul><ul><ul><li>SQL/Command Injection </li></ul></ul><ul><ul><li>Insecure passwords </li></ul></ul><ul><ul><li>OS vulnerabilities </li></ul></ul><ul><ul><li>Software vulnerabilities </li></ul></ul><ul><ul><li>Buffer Overflow </li></ul></ul><ul><ul><li>ETC! </li></ul></ul>
  5. 6. Why Bother?
  6. 7. Legal issues <ul><li>Data Protection Act 1998 </li></ul><ul><ul><li>Anyone who processes your information must comply with 8 principles, including </li></ul></ul><ul><ul><ul><li>Data must be kept securely </li></ul></ul></ul><ul><li>Heavy penalties for not taking appropriate measures to safeguard your data </li></ul><ul><li>No test cases for Joomla! sites yet..... </li></ul>
  7. 8. Professionalism <ul><li>Embarrassing and harmful to organisations’ image </li></ul><ul><li>The “Fear Factor” </li></ul>
  8. 9. Why target Joomla? <ul><li>Very popular Content Management System </li></ul><ul><li>Lots of “inexperienced” users </li></ul><ul><li>Lots of less-than-ideal security practices server-side </li></ul>
  9. 10. How to keep my sites secure? <ul><li>ALWAYS get your installation files direct from </li></ul><ul><li>Use reputable hosting providers – make sure all PHP settings are “Green” </li></ul><ul><li>ALWAYS check vulnerability list before installing extensions (esp. obscure ones!) </li></ul><ul><li>ALWAYS keep up to date with patches for Joomla and for ALL extensions (use mailing lists, etc) </li></ul>
  10. 11. Finding a reliable host <ul><li>Consider your requirements </li></ul><ul><li>Shared v Dedicated Hosting </li></ul><ul><li>Patching of servers (should be on PHP 5 & mySQL 5 at least </li></ul><ul><li>Backup & redundancy </li></ul><ul><li>Customer support 24/7 is VITAL </li></ul>
  11. 12. THOU SHALT BACK UP! <ul><li>Backups made as frequently as your site requires </li></ul><ul><li>Back up files AND database OFF SITE </li></ul><ul><li>ALWAYS back up prior to any upgrade – of ANYTHING! </li></ul>
  12. 13. What to do now? <ul><li>Create a new Super Administrator & delete original one (id 62) </li></ul><ul><li>Hide your administrator URL (jSecure) </li></ul><ul><li>Change your default admin username </li></ul><ul><li>Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin) </li></ul>
  13. 14. Must Read <ul><li>Security Checklist - </li></ul><ul><li>Joomla Security News - (subscribe at ) </li></ul>
  14. 15. Tools to help <ul><li>jSecure – hides your administrator page </li></ul><ul><li>LazyBackup 2 – emails a daily mysql dump </li></ul><ul><li>EasySpamKiller – protects your site against attacks from known IP’s </li></ul>