Download presentation
Presentation is loading. Please wait.
Published byCathleen Watts Modified over 9 years ago
1
Joomla! Security Ruth Cheesley
2
Hello, I’m Ruth Cheesley from Virya Technologies Find my social media stuff here! @RCheesley
3
What do we mean by security?
4
Why bother?
5
Where to start? Joomla! Security Local server security Global server security
6
Security is … Putting measures in place to make unauthorised access more difficult NOT making it impossible
7
… a balancing act Security versus usability Risk versus implications
8
A quick look at server security Use a reputable company with Joomla! experience Ensure they have recommended security settings applied Ask others if you’re not sure!
9
Is Joomla! insecure? It depends! Often insecurities are due to poor practice by administrators including: –Patches not being applied –Insecure extensions –Basic precautions not taken
10
If you do nothing else … Keep Joomla! and extensions up to date
11
Updating Joomla! Manually One-click (1.6.x +) Akeeba Admin Tools
12
If you do nothing else … Enable Search Engine Friendly (SEF) URL’s
13
Enable SEF URL’s Enable in global configuration With or without.htaccess Using extensions
14
If you do nothing else … Establish a regular backup routine
15
Establish a backup routine On-site backups Off-site backups Full or partial Akeeba backup
16
Other ‘must do’ security tasks Hide your admin portal (jSecure, Admin Tools) Change your database prefix (manually or using Admin Tools) Change your default Super Admin ID (from #62 in 1.5 or #42 in 1.6/7)
17
Hide admin portal Why bother? jSecure Akeeba Admin Tools
18
Change database prefix Why bother? Manually Akeeba Admin Tools
19
Change default admin ID Why bother? Manually Akeeba Admin Tools
20
Would be good to do … Web application firewall
21
Web Application Firewall Why bother? Akeeba Admin Tools
22
Top Ten Tips 1.Keep Joomla! up to date 2.Keep extensions up to date 3.Hide admin portal 4.Change database prefix 5.Ensure correct file and folder permissions 6.Disable default Super Administrator 7.Enable SEF URL’s 8.Establish and regularly test backup routine 9.Ensure strong username/password for admins 10.Do not give out Admin rights freely
23
Useful links http://www.viryatechnologies.com http://www.akeebabackup.com http://www.joomlaserviceprovider.com http://tinyurl.com/joomlasecuritychecklist http://www.ico.gov.uk/
24
Thank you Any questions? Ruth Cheesley Virya Technologies ruth.cheesley@viryatechnologies.com @RCheesley
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.