In the Wild Wild Web, It's not a question of if your website will be hacked, it's when.  So you must, must, must back up your website. Whether that's hourly, daily, weekly or monthly, that depends on how much you can afford to lose.

If your site gets any degree of traffic or even if it doesn't, because you are on the Joomla platform you will be targetted for hacking.  On Joomla, depite all the great capabilities, you are a relatively easy target because of the default way administrators access their Joomla website administrator windows (with a "/administrator" behind the URL), and the default user name "admin."  Both make Joomla sites relatively easy targets for hackers running bots to find and exploit easy UN/PW combos.

Note: If you ever use "password" as your password, I will personally come over to your site and hack it, with an unsavory image (at your request, of course) ;).

Best Practice: automatic site backups

Get your hosting company to do automatic backups, then make sure these backups are actually usable.  Remember that backing up your MySQL DB or your public_html file doesn't back up everything.  You need both.

Shameless Self-Promotion Alert: I recommend using the custom hosting services at XMediaServices.com, because they provide automated hourly, daily and weekly backups for their clients.  No fuss. No worries.  (Disclosure: OK, so I'm also a principal at XMedia services. But we really do a great job with securing and recovering customer sites, even when our clients bring down their own sites because of misinstallations or fat fingering a delete button while in FTP (which happens relatively often!).

A few quick security tightening procedues you should put into place:

1. Get rid of that default UN: admin, and make someone else a SuperAdmin on your Joomla site.
   
2. Limit the # of people who can access your site as a SuperAdmin, like down to one...you.
3. DO NOT use "password" as your password, or any other recognizable word.  The best passwords are a combination of number and letter, with caps and parens and brackets tossed in for good measure.  Something like [Kr0n220f3sT]. This site has good guidelines for creating passcodes.
   
4. Don't use the same passwords for all your sites, and use different ones for your FTP.
5. Install the essential jSecure Authentication plugin which changes the default /administrator entry page to a different location.  Namely /administrator/?whatever-you-want-here.  While this is no gaurantee against hacking, it will certainly make it harder on hackers to find you.

Not so quick security measures:

1. Get familiar with traffic patterns to your website, and note changes in traffic patterns, particularly from IPs and countries from which organized "black hat" hacking groups are known to be based.  Some sites choose to block traffic from specific global regions.  While blocking whole countries is contrary to the open nature of the Internet, for business matters other considerations must be taken into account.
   
2. There are many more Not So Quick measures you can implement all over the Joomla forums. If you haven't been in already, go get familiar. They are a wealth of information, and we'll probably run into you there, from time to time.
   

Comments

Add New Search

Karen  - Thanks...   |2009-02-05 17:44:30 Thanks for the heads-up on jSecure. I've been cruising the forums for more security tips. This is the first I've heard of jSecure, but it's a great idea. Reply

Ed Eusebio  - You're welcome!   |2009-02-10 05:05:40 jSecure is very easy to install. Check it out on my site here. If you type in the typical /administrator behind the URL, you'll get a 404 error page, instead of the usual login screen. Reply

Write comment
Name:
Email:	do not notifynotify
Title:
	Please input the anti-spam code that you can read in the image.

Powered by !JoomlaComment 3.26

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."