Common Joomla Security Issues – How to Improve the Security of Your Site

Common Joomla Security Issues – How to Improve the Security of Your Site

Several days ago, we have covered several prioritized issues with respect to WordPress coming down to the security of domain name and the entire website. Today, we divert our attention to another content management system, which also gains extensive utilization among webmasters. That is Joomla. Although this CMS is secured to some extent, do not take it as granted that it is 100% safe, which is impossible in the Internet world.

Since everything on the Internet is vulnerable to hackers and attacks, we attach great importance to the protection of Joomla. In the following, a series of tips are introduced for the sake of safeguarding your website from menace.

Top 6 Tactics Protecting Your Sites from Security Issues

Based on many Internet security experts’ advices and our own experience, we work our the follingtactics which is helpful for you to protect your site from security issues.

Do Not Utilize the Default Username and Password for Joomla Administrators

With progress made, the Joomla community has released its latest version Joomla 3.3 on April 30th, 2014. This newest version reminds users to change the default username to a custom one. Nonetheless, the Joomla 1.5 or older versions come with an admin name by default, which is “admin”. Hence, please remember that do not use it for the sake of avoiding changes. The security deserves change though it may take you few minutes, which protects your website from hackers who tend to guess your user name behind your back.

admin of joomla

Hence, change the username by making it a little bit unique and complicated. At the same time, it is advisable to choose a safe password via containing minimal eight characters as well as combining letters, special characters and numbers.

Protect Your Joomla Database

As for the backup of databases, if you do not have a clear idea of how to backup database, then this tutorial tells you how to use phpMyAdmin to backup database. The MySQL database is also a vulnerable part needing protection which can be done via php.ini file. However, this cannot be achieved for webmasters using shared web hosting services. This means what they can do is only to create a database but have to count on their Joomla hosting providers to maintain protections upon safety. If you belong to this group, then this post may be useful for it helps you spot the best Joomla hosting that do a great job in solving security issues.

Employ Trustworthy Third-Party Extensions for Your Joomla

At times, some webmasters may blame the security problems on Joomla itself, but lose sight of some extensions that are taken advantage of by hackers. Therefore, the selection of these extensions should be paid with careful considerations. If you are the owner of a lately launched Joomla website, then these must have Joomla extensions actually deserve trust.Utilizing good security extensions can effectively generate backups, protect the administrator directory, fix database, and accomplish many more tasks. According to our experience, the following ones are worth trying.

  • Akeeba Backup, one of the most popular Joomla extensions for automated and enhanced backups and restoration.
  • Admin Tools, a widely used extension that detects and notifies new releases, fixes file permissions and sets a strong admin ID.
  • RSFirewall!, an advanced Joomla security extension that protects websites from attacks by strengthening backend password, stopping login attempts and performing system check.

Furthermore, Updating Joomla and all the extensions installed on your site is the first thing that you need to keep in mind all the time because a large number of attackers make use of the security issues of the old versions to launch attacks. The new versions, however, usually come with fixes to most large and serious security holes. Besides, it is a common mistake that many people remember to update the Joomla core files but ignore the new versions of extensions for the reason that attackers are more likely to utilize the security problems of extensions.

Nowadays, many web hosts offer Softaculous, SimpleScripts, Fantastico or some other 1-click installers to automate not only the installation of Joomla but also the update of the software. If your web host provides you with such a tool, it is quite easy to get the software up-to-date. Just keep yourself informed of the new releases.

trustworthy extensions of joomla

Backup Your Joomla Website Frequently

There are multiple reasons why you should back up your site on a regular basis, among which the most important one is that backups help you recover your site to get all data back in the case that you suffer from unexpected data loss caused by attacks or improper changes on files. Regular backups keep the latest modifications on the site available for use. In short, the importance of backups cannot be emphasized too much as it is one of the most commonly adopted way for website protection.

Change File Permissions to Pose Restrictions on Editing and Overwriting

In order to pose difficulties on hackers in editing and overwriting some momentous files, we deem it as necessary to restrict file permissions. To be specific, you are capable of achieving this goal by setting the permission of /index.php to 444, /configuration.php to 444, /templates/index.php to 444, folder/templates to 555 and so forth.

change permissions of files

Using proper file permissions is also necessary for preventing potential risks and compromises of security because the permissions determine who have what access to certain files on the server. By restricting the permissions for the Group and World, you can effectively stop other people from uploading malicious files or viruses.

For enhanced security, you should never use 777 permissions to either folders or files which allow all people to read, write and execute your directories and files. In fact, you need to keep the write access to User only and do NOT give 7 permissions to anyone else. In this case, 755 permissions are recommended for your directories, and 644 permissions are suitable for the protection of files.

Use Reliable Joomla Templates

Everything put in use to your Joomla websites should be strictly considered, including templates. Since these templates are subject to utilization of hackers to transmit virus causing security concerns. As a consequence, it is wise to apply credible and safe Joomla templates at the very beginning. If you are seeking a dependable one, this post is useful for it brings responsive Joomla templates that are safe.

How to Backup Joomla Manually with cPanel Control Panel

Many people prefer to backup their sites manually instead of using a tool. Thus, we developed the following step-to-step tutorial to teach you how to backup Joomla manually with cPanel control panel.

Backup Joomla Files
You are able to transfer all of your Joomla files to your computer using a stable and fast FTP client, like WinSCP, FireFTP, FileZilla, and much more. However, the files include 3,000+ core files of Joomla, and your actual media content like images, videos, extensions and much more. It means that using an FTP to transfer files may take some time. Besides, it takes more time to transfer multiple small files than to transfer a big file, so we suggest you to compress your files into a single zip file and use the File Manager in cPanel first.

To use File Manager to compress your files, you first need to go to the main folder of your Joomla 3 installation, select all files and then click Compress button at the top of this page.

Backup Joomla Files 1

Next step is to click Compress File(s) to make File Manager create the archive of all selected files and folder.

Backup Joomla Files 2

After creating the archive of files, you are able to use an FTP client or a regular browser to download it to your computer or hard drive.

Backup Joomla Files 3

Backup Joomla Database
You are able to backup your Joomla database using SSH console and phpMyAdmin in cPanel. You need to know that no matter which method you choose, you have to figure out the name, username and password for your Joomla MySQL database. It is very easy to get this information by opening the configuration.php file in the Joomla root directory and locating the following commands including the database credentials. Once you got this information, you are able to start to backup your Joomla database.

Backup Joomla Database Using SSH
To backup your Joomla database using SSH, you first need to log into your account. Next step is to locate to Joomla site builder and use mysqldump command in the following screenshot and the information you got before to create a backup for your database.

Backup Joomla Database SSH 1

The final step is to visit and download the backup of your database to a local place.

Backup Joomla Database SSH 2

Backup Joomla Database Using phpMyAdmin
phpMyAdmin is a useful tool written in PHP and translated into 72 languages, which can be used to export and import a database and backup a database. Therefore, if you haven’t download this software, we recommend you download and install phpMyAdmin by following the easy-to-understand tutorial we worked before. If you already have downloaded and installed this software, follow the steps as follows to using it to backup you Joomla database.

Step 1. Log into your cPanel account and you are able to see several buttons, including MySQL Databases, PostgreSQL Databases, phpMyAdmin, and so forth. Click phpMyAdmin icon and find your Joomla database.

Backup Joomla Database phpMyAdmin 1

Step 2. After clicking phpMyAdmin, you are directed to a new page where you are able to see all your databases in the left menu. Then, select the database you plan to backup.

Backup Joomla Database phpMyAdmin 2

Step 3. After selecting the database, you need to click on the Export button at the top of phpMyAdmin menu to export this database.

Backup Joomla Database phpMyAdmin 3

Step 4. After finishing the former step, you need to leave the options and click Go button. Next, phpMyAdmin generates a backup of your Joomla database. Now, you are able to download the backup and store the backup in your computer. Then, you have completely backed up your Joomla site.

Backup Joomla Database phpMyAdmin 4