RECOMMENDED: jHackGuard - Joomla 1.5 Plugin

As an addition to the security tips given in this tutorial we have developed a plugin to further protect your Joomla websites! We still advise you to follow the steps explained below to make sure your Joomla website is safe. More info about jHackGuard...

The purpose of this tutorial is to show you how to secure your Joomla website. There are several steps you can take to protect your Joomla application. Joomla's security can be improved significantly by following these simple steps.

  • Change the administrative username of your Joomla
  • Change the default table prefix of your Joomla database
  • Password protect your Joomla administrative area
  • Keep your Joomla up-to-date
  • Use the .htaccess file to additionally secure Joomla

How to change the administrative username of your Joomla website

By default your administrative username is admin. The majority of the attackers would expect the username to be admin. Changing it will protect you against many attacks.

To do this, you should:

Step 1. Log in to the Joomla administrative area and click on the User Manager menu.

Step 2. Click on your administrative user in order to edit it. You can either check the box next to the user and click the "Edit" button or directly click on the user's full name.

Step 3. In the next page you should edit the Username field. Change it to something different than "admin" and click on the "Save" button.

Alternatively, you can do this by modifying the database of your Joomla website:

Step 1. Open the phpMyAdmin tool in your cPanel and load your Joomla database.

Step 2. Select the jos_users table from the left column and click on the Browse button to edit the rows in it.

Step 3. Locate the line for the "admin" username and click on the pen icon next to it to edit it.

Step 4. Change the value of the "username" field to something different than "admin". Using lower and upper case characters as well as numbers is highly recommended.

Step 5. Once you change your administrative username, press the Go button at the bottom right part of the page.

Now you can login to the administrative area of your Joomla application with the new username.

How to change the default table prefix of your Joomla database

Changing the default table prefix will stop the majority of attacks against your database. You can use the DB Admin component in order to do this. Although it is originally designed for Joomla 1.0.x, it works on Joomla 1.5 too.

Step 1. Install the component and go to Components > DB Admin.

Step 2. Using the intuitive interface, change the default "jos_" prefix of your Joomla 1.5 tables to a different value.

Step 3. Modify the configuration.php file in your main Joomla folder. In it locate the following line:

var $dbprefix = 'jos_';

You will have to edit it to correspond to the new table prefix you have set. For example, if you have changed the table prefix to "smth_" the line in the configuration.php file should look like this:

var $dbprefix = 'smth_';

The default table prefix of your Joomla database is now changed. This should block the majority of attacks against your database.

Password protect your administrative area

Password protecting the "administrator" folder will add an additional layer of protection to your Joomla website. For more information on how to do that you should refer to our tutorial on How to password protect directories. You should set username and password for your website different from the ones for your Joomla application.

Once you do this, you will have to login twice. First to access the login page of Joomla and then to login in the application itself.

That would make guessing your passwords a very difficult task for any attacker. In addition, even if there is a security breach within the Joomla script itself, a potential attacker won't be able to gain access to your administrative end even if s/he knows your login details.

Keep your website up-to-date

You should always keep your Joomla application up-to-date. We recommend you to subscribe to the Joomla newsletter in order to receive news about new versions. You can do this at Joomla's official download page.

Once you receive a notification that a new version of Joomla is released, you should upgrade your website immediately. For detailed information on how to upgrade your site, you can refer to our Joomla upgrade tutorials:

  • How to upgrade Joomla 1.0.x
  • How to upgrade Joomla 1.5.x

If your website is running Joomla 1.0.x it is recommended to migrate it to Joomla 1.5.x. In Joomla 1.5 there are many security improvements in the core elements of the application. The migration, however, should be performed with caution. You should always backup your Joomla before proceeding with the upgrade. For more information you can check our tutorial on How to upgrade from Joomla 1.0.x to Joomla 1.5.

Use the .htaccess file to additionally secure your Joomla

You should make the following changes to the .htaccess file in the Joomla directory:

  • First, If you don't have a .htaccess file in your Joomla folder, you should rename the htaccess.txt file that comes with your Joomla installation package to .htaccess. To do this, you can use the File Manager tool in your cPanel. In addition, doing this will allow you to enable the SEF functionality of your Joomla application. The rules in it will block the majority of well-known attacks against your website.
  • Make sure you are running your website on PHP 5.2 or newer. All SiteGround customers have their accounts running PHP 5.2 by default.
  • Block the access to all files except index.php and index2.php. Note, however, that you may have to allow the access to some additional files if your extensions require them. If certain parts of your website do not appear, you can check the files that they rely on. Then, you can add them to the access rules. Generally, if you add the following lines to your .htaccess file, everything should work just fine:

    deny from all
    <FilesMatch "index.php">
    allow from all
    </FilesMatch>
    <FilesMatch "index2.php">
    allow from all
    </FilesMatch>

The SiteGround Web Hosting servers are perfectly optimized and secured in order to provide you with the best environment for your Joomla website. Please do not hesitate to contact us if you have any questions regarding the security of your Joomla website.

Login to post comments

advertise with us

Boost your traffic and expand your pool of potential customers

8000 active members

Ready to join Now?

CMS Portal - The free marketplace for submitting Joomla, Drupal, Wordpress, Magento, phpBB, Prestashop, vBulletin, Opencart Templates and more.

FOLLOW US

Email Newsletters

Make sure you don't miss interesting happenings by joining our newsletter program.
konya escort eskisehir escort canakkale escort samsun escort balikesir escort aydin escort hatay escort kahramanmaras escort giresun escort tokat escort
Joomla Templates Free Joomla Templates Virtuemart Templates K2 Templates JoomShopping Templates HikaShop Templates SobiPro Templates OpenCart Themes
Magento Themes Magento Extensions Free Magento Extensions Prestashop Themes Prestashop Modules Magento 2 Themes
bettilt
tempobet