Our blog is intended to give you snippets of interesting & useful  information or things that we think relevant to our audience. We call it our ‘soapbox’ to the world...
Mar
04

How to help secure your Joomla website from hackers

Share this post

Phil LockeOh... those hackers are everywhere & they just love getting into CMS's and messing around with 'your' content or changing your administration username/password.


So what do we do?

There are 2 easy/quick steps to secure your website.
(then head over to Brian Teemans 'Hidden Secrets' - link at the bottom of this page)

Step 1 - Install a new Joomla plugin


Go to the Joomla extensions website and download the jSecure Authentication plugin.
http://extensions.joomla.org/extensions/access-a-security/site-security/5809

  • Go to your Joomla admin and install it
  • Then go to your Plugin Manager and click on the 'System - jSecure Authentication' link (click image below to expand)

    jsecure_lg

  • Enable the plugin
  • Create a new Key for your login
    ...This will make your login URL different - i.e. http://www.yourdomain.com/administrator/?yourKey
  • Choose a Redirect Option (index/homepage is preferrable)
    ...This will direct anyone going to http://www.yourdomain.com/administrator back to your index/homepage
  • Save your plugin


Why is this plugin useful?
Easy answer... Joomla 'out of the box' always sets your admin URL to http://www.yourdomain.com/administrator. This is a dead give away to hackers and they are one step closer to getting into your admin backend.

Step 2 - Move your configuration.php file

  • Via FTP, grab a copy of your configuration.php file
  • Via FTP, place this configuration.php file below your 'public_html' folder on your server.
  • Rename it to something different - i.e. ha-ha-config.php

Then do this...

  • Edit your configuration.php file in the root of your Joomla website
  • Delete everything in that file and replace with the following code:

    require( dirname( __FILE__ ) . '/../../ha-ha-config.php' );

 

  • Where ha-ha-config.php is the name of configuration.php the file that we renamed & place below our public_html folder on the server.
  • NOTE: don't forget to wrap your php start/end tags around the above code


Sorted ;-)

But hang on - there are more great 'hidden secrets' available for you at Brian Teemans website:
http://brian.teeman.net/tips-and-tricks/joomla-hidden-secrets-the-movie.html


blog comments powered by Disqus
client logos