First Things First
The easiest way to access your Joomla site, is right through the Joomla Administration Panel. If someone were to access this control panel, they have access to your entire site. All the person has to do is install new extensions and they can have your database as well!
Malicious users have also been known to delete admin accounts, pertinent files, and even install scripting that is malicious to your site and viewers.
We need to make sure this never happens and we need to make sure we have some basic security measures in place.
The best way to do this is by following these suggestions..
Have a Solid Backup Plan
Having a solid backup plan in place is usually the first step. We need to cover how often we are going to execute a backup and exactly where we are going to store those backups. We need to place them in a secure location that is easy to access if we ever needed to implement the backup.
When you are planning your backup plan, be sure to assign the task to a trustworthy reliable source. Nothing is worse than having your backups going to the wolves that want them most. Be sure to keep your confidential data just that- confidential.
We recommend using the good old fashioned reliable method of creating manual backups using FTP and a manual SQL dump. We cover this in "Creating a Manual Backup of Joomla" in our tutorial series. We furthermore recommend to execute the backups on at least a bi-weekly basis.
Administrative Security Measures
We also need to cover our password and administrative security, and we need to make a plan to update all the administrative passwords on a regular basis. Punch this into your backup plan. You can also change the Joomla Administration login URL, to something that someone would have to guess in order to find, whiche ensures there is one more step they have to take to get to your control panel. By default all Joomla admin panels look something like this-
http://yoursitename.com/administrator
We can change that to something entirely different if necessary, to hide our control panel. We are going to be suggesting this be part of your security plan. There is an extension called "JSecure Authentication". Be sure to add this wonderful extension to your site's security lineup.
When you are creating your backup plan, be sure to add a list of all the admin accounts associated not only with the Joomla site, but also the login details for your hosting provider. Be sure to change the passwords regularly on all administrative accounts. Select passwords that are strings of random text, caps-locked, with symbols, and numbers in between. Use passwords that are hard to break, use 12 character passwords of random text, trust us, being secure is a very good thing!
When you are making the password changes, it doesn't hurt to create a .txt file that has the login details and passwords. Sort of like a master admin account list. Update this file everytime you have a password change, and forward the individual credentials to each admin account holder when necessary. Keep this file private, offline, and only give the passwords out to the individual account holders!
NEVER GIVE SOMEONE YOUR USERNAME AND PASSWORD! SECURITY MEASURES ARE IN PLACE TO HIDE ALL PASSWORDS FROM EVERYONE, INCLUDING ADMIN ACCOUNTS. GIVING SOMEONE ACCESS TO YOUR ACCOUNT CAN BE FATAL! IT IS BEST TO CREATE A NEW ACCOUNT, WITH THEIR OWN LOGIN DETAILS. IF YOU NEED TO DELETE THEIR ACCOUNT, YOU WILL BE ENABLED TO, WITHOUT DUMPING YOUR ACCOUNT! YOU ALSO CAN TRACK WHAT THEY DO TO SOME EXTENT!
Conclusion
This article has covered some basic security measures for your Joomla site, most often the reasons for site hacks, is due to unstable, easy to guess, passwords. If we number one, hide the Joomla admin panel, create regular backups, and regularly update our passwords, we can definitely improve our chances for success in security!
