Staying secure
-
-
- Sue B
- Hero Rocketeer
- Posts: 300
- Thanks: 0
-
OK, I've just built my first "real" site (i.e one that wasn't "just for fun"). It needs to be as secure as I can make it (while still functioning). The person I built it for almost had a conniption when they found out that I used something 'open source', which they think is a synonym for 'open slather'. Sigh.
Currently, I do the following:
- CHMOD config file to 644
- "move" the config file out of the document root
- change admin name
- keep up to the latest version of joomla
To be honest, I find the main joomla security section to be a bit impenetrable and I don't always understand what they're talking about, so these steps are the bits I "get".
What other (straightforward) steps do people recommend I should take to stay safe? I'd be very interested to hear other points of view.
-
-
-
- Yves
- Preeminent Rocketeer
- Posts: 9214
- Thanks: 5
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
I think you can even CHMOD the config file to 444 which is a little bit more secure.
Sometimes when people think of security, they think just about preventing something from happening, but often times the most important step is to keep backups. If you have a good backup, you're always OK...even if you're not OK.
This post talkes about what Yves just suggested and also a backup utility:
http://www.rockettheme.com/forum/index.php?f=92&t=46753&rb_v=viewtopic#p243903
This post has the links to the Joomla Security Wiki pages with some good information:
http://www.rockettheme.com/forum/index.php?f=92&t=46753&rb_v=viewtopic#p243905
I know the Joomla pages are a little long, but they are worth looking into. A lot of it has to do with your server set up too, so many of those things are just questions you can pass along to your host.
-
-
-
- Sue B
- Hero Rocketeer
- Posts: 300
- Thanks: 0
-
Thanks Ben, I'll ramp up my CHMODing!
After after my site was hacked and it cost a bomb to get it restored, I have come to appreciate the benefit of backups. I think this is something that people tend to not pay attention to in the web world.
-
-
-
- Rae French
- Elite Rocketeer
- Posts: 646
- Thanks: 20
- IT Consultant
- jSecure Authentication is a great plugin. When using it, I would also add to create your own 404 page on your server instead of using the default. The more unique you can look the better your security will be when using open source programs.
- Best wishes,
Rae
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
Rae French wrote:
...I would also add to create your own 404 page on your server instead of using the default. The more unique you can look the better your security will be when using open source programs.
Good thought! This is probably a good idea regardless of what you are using for a system.
-
-
-
- Yves
- Preeminent Rocketeer
- Posts: 9214
- Thanks: 5
-
Another secure authentication can be done with
Swekey
, a usb dongle similar to what banks use for unique authentication. It's Joomla, phpmyadmin, phpBB, etc. compatible.
Joomla module: extensions.joomla.org/extensions/access-...xternal/6444/details - Yves
-
-
-
- Kat05
- Preeminent Rocketeer
- Posts: 25898
- Thanks: 334
-
hi!
how about using sh404sef component which besides rewriting urls also "performs various security-related checks, to improve prevention of some common hacking techniques" ?
extensions.joomla.org/extensions/site-ma...ent/sef/2380/details
- Kat05 / QA Lead & Support / Germany
-
Time to create page: 0.051 seconds