How to secure Joomla
Here are some tips on how to make your Joomla site more secure:
- Change the default administrator name from admin to something more complex. You can do that from your site's backend (Site>Edit Profile). From there you can also change your password. Use a random combination of upper and lower case letters, numbers and symbols.
- Make regular backups of the Joomla files and database.
- Update your site when a new stable version of Joomla becomes available.
- Check regularly for updates for any third party extensions you have installed. When you want to install a new extension check whether it has a stable version and whether it's still supported and updated regularly. Check the comments of other people about the extension to see whether in general they're satisfied with it and whether there aren't too many bugs reported. If there is an extension on your site that you don't need, remove/uninstall it, don't just unpublish it.
- Make sure that the Joomla files and directories on your account have the right file/directory permissions. The files should have permissions of 644 and the directories of 755. You can use the Fix incorrect permissions tool in the Files section of the Pixie control panel. It searches through all the files and directories on your account and automatically fixes the permissions if there are any incorrect ones.
- You can block the access to the administrator directory on your account to all IP addresses except yours (or any other IP address to which you want to give access to your site's backend). This is done by creating an .htaccess file inside the administrator folder and adding some rules to the file. For more information on this read the Joomla security tutorial.
- Another useful security measure is to block the access to all php files except index.php and index2.php (which have to be accessible in order for the site to function). This is again done through an .htaccess file.
- Disable dangerous PHP functions through the php.ini file. HostKnox customers can post a support ticket to request this. Our support team will gladly do it, free of charge.
- Install Joomla and any other application in a separate database with a different user and password.
For more information read the tutorial on improving the security of your Joomla site.