13 security tips joomla website
Dienstag, 27. Mai 2014
Free Joomla CMS, and more than 8,600 extensions (installed extensions) are allowed to do almost anything you want on CMS. Furthermore, Joomla community flourished as help you find that this is an attractive product and the hacker also attractive. So, you need some work done while using this platform to prevent attacks and enhance security for your website.
1. Servers and Host
Your site stored on a server running PHP 5.2 or better in CGI mode with Su_PHP. Su_PHP basically allowed to execute the script under a specific user account, as opposed to the default Apache account. This makes it easy to identify and track the security perimeter. Make sure you are using the latest version of Apache and Apache configuration does not allow browsing / indexing (browsing / indexing). IT managers also need to ensure the appropriate settings for file storage location. Htaccess, serverconfig and php.ini.
2. Use accounts and permissions
Joomla works well right from the start when properly installed on the server. You need to set the CHMOD all files to 644 and directories to 755. Having a few exceptions to this rule as CHMOD configuration.php file will move to 640. Ensure that nothing is set to the 777.
Name the default administrator account is usually "admin", you should immediately change the account name. It will make it more difficult for a hacker finding little details in the account name. You can also change the name of the website administration page
3. Activating and using htaccess file
By default, the htaccess file is not used. Make sure you rename it from. Htaccess.txt to. Htaccess, then it needs to be placed in the root directory of the website. You can also add some rewrite rules to it to prevent the possibility of being exploited.You can find instructions on editing the htaccess file here. This will add an additional layer of protection for the system, and also good for SEO
4. Careful management of installed extensions (extension)
Extensions of third parties is what makes Joomla become extremely popular, but many times it is the way to go to your website. Each different extension is an object that you need to update patches on a regular basis. This is why you should consider installing the expansion only really necessary. You should definitely perform the following steps:
- Perform code review for any extension to use
- Run the test suite (there are many out there) and review the results.
- Updates and patches for extensions when necessary.
Remember, a safe extension can not be harmful to your entire website.
5. Backup and troubleshooting
Established before the outline of what will happen if you become a victim. Bearing in mind: "Backup early and often." If this step is done best when the pressure's largest website has not been attacked, because the most important data is always backed up, you're right. Perform daily backup or even - if possible - is to ensure hours when restoring your page without downtime or data loss. Once a backup is available then the need to worry only when there is a problem on the site looking for vulnerabilities.
6. Password Protection
The attacks usually target common to weak passwords. Keep up a good habit: change your password frequently and it must satisfy four elements: uppercase letters, lowercase letters, special characters and numbers.
Database (database) your very important. A SQL injection attack or any other attack on the database can also make the whole month of your health disappears. Make sure your database access is password protected at MySQL. Try using tools like Nikto or Nmap to scan the system, looking for weaknesses and exploit open.
7. Removing files not used
You try to install a lot of extensions but do not use it? This is not just a weakness but also cause garbage to your server.Please remove them altogether to avoid the hassle that may occur.
8. Changing the default table prefix
The majority of SQL injection attacks typically attempt to access a database table jos_users. Once hackers can access files they get all the user names and corresponding passwords - including senior administrators. Use a short name, random name to replace the default help prevent most attacks database.
If you are using Joomla 1.5, you can use the DB admin component to do this. If you are using version 1.6 and not make changes in the installation process, the situation still can be done but it is a bit more complicated.
In other versions of Joomla, including 1.7, random table name used during installation to combat this kind of attack.
9. Removing the version number of the installed expansion
You can edit the extension so that it only displays names using a tool like Dreamweaver. Perform a global search and replace all the necessary information in the directory containing the file extension.
Typically, the operators usually specifies a particular version of the extension, which is why you should remove the version number information of any extensions installed. Removing the version number can prevent an attack before it happens.
10. Friendly URLs for search engines
Using friendly URLs to search engines. This not only helps Google rank your website but also improve mining prevent hackers use the Google search results. Huon again, it is better for SEO.
11. The Joomla FTP Layer Off
Disable the Joomla FTP Layer and make sure it does not save your login information.
12. Use SSL certificates
Using SSL on your website for all members login. Note that you must have a certificate properly configured SSL for your site's domain name (shared SSL certificate will not work).
13. Register_globals Off
Turn off register_globals, but you must know that this can cause disabling some of the PHP script to work, and may affect other programs that are using your website. To do this, simply edit the php.ini file in the root directory of the website's domain name.
_________________
Kiến thức mạng
All comments [ 0 ]
Your comments