We’ll show you, How to secure Joomla websites. Joomla is a very popular content management system used by hundreds of thousands of people worldwide and this is one of the main reasons why many hackers often try to find a way to hack Joomla based websites. Listed below are simple, yet powerful methods and practices to secure and protect a Joomla based website running on a Linux VPS from being compromised:
Table of Contents
1. Keep Joomla up to date
Keep the Joomla installation including all installed components, modules and third-party extensions up to date by upgrading them whenever a new version comes out. This is probably the most important part of securing Joomla based websites. Many hackers exploit security vulnerabilities that have been identified in outdated versions of Joomla core files and extensions, that for example allows a hacker to upload files to a Joomla website, so keeping your install up to date is an easy way to prevent most hacking attempts. Install and use only extensions from trusted sites that have a good reputation. Delete all themes, modules and extensions which you are not going to use.
2. Change admin user name
Another simple step that hardens a Joomla website significantly is to choose a username other than ‘administrator’ or ‘admin’ for the administration account, as brute force attacks will often try to break in by using these usernames. Also, ensure the administration account has a very strong password. If you do not need new users added from Joomla front-end, disable new user registration.
3. Set the appropriate permissions on Joomla files
Set the appropriate permissions on Joomla files and directories. Never use 777 permissions for a file or directory because having directories and files with 777 privileges is a huge security risk! All files should be set to 644 and directories should be set to 755.
4. Password protect the administrator directory
The security of any Joomla website can be greatly improved if access to the administrator back-end area is restricted. It can be done by password-protecting the ‘administrator’ directory of the Joomla-based website. To do this, follow the instructions in our tutorials on how to password-protect directories with nginx or password-protect a directory using htaccess on a virtual server with Apache running on it. DirectAdmin and cPanel control panels provide an easy way to password-protect a directory. You can learn more about directory password protection using DirectAdmin.
Of course, you don’t have to secure Joomla websites, if you use one of our Joomla VPS Hosting services. In that case, you can just ask our expert Linux admins to do this for you. They are available 24/7 and will take care of your request immediately.
PS. If you liked this post on How to secure Joomla websites, please share it with your friends on social networks using the buttons on the left or leave a reply below. Thanks.