Portal Home > Knowledgebase > Joomla! Information > Joomla Tutorials > How To Protect Your Joomla! Site - Security Fixes
How To Protect Your Joomla! Site - Security Fixes
- Backup everything before proceeding!
- Use strong and unique passwords for cPanel, MySQL, and Joomla user accounts. Utilize a password generator such as http://strongpasswordgenerator.com if you would like.
- Move your tmp and logs folders to the root level above /public_html. In your configuration.php file adjust the paths to reflect the new location by eliminating public_html from the path.
- Update Joomla! and all extensions to the latest version. For a list of vulnerable Joomla! extensions visit - http://docs.joomla.org/Vulnerable_Extensions_List
- Change the permissions on index.php, index2.php (if you have one), configuration.php on the root level and index.php in the template folder to 400. Change .htaccess file permissions to 444. If you need to update your Joomla! site be sure to change these back to 644 before updating. This is just an extra layer of security.
- Change your database extension from jos_ (if 1.5 site) to something unique. If in 2.5 this should already be accomplished.
- Follow these instructions to properly set up your server / hosting: http://docs.joomla.org/Security_Checklist_2_-_Hosting_and_Server_Setup
Tips:
- Never use IE web browser for your joomla administration if you intend to visit websites outside your domain. Why? Simple there are tons of script out there that will grab your admin information.
- Never use any directory set at 777 or files at 666
- Do not use the same password for ftp and admin login
Add to Favourites Print this Article