Clear Skys

When starting with Joomla, consideration should be given to the security set up for your new web site. Here are our top tips to avoid if you want your web site taken over by hackers.

Always update to the latest version of Joomla for any security patches

You can subscribe to the joomla security teams rss feed here. The critical fixes are essential. Of course you need to ensure that the latest joomla installation works OK with all your extensions that you have installed - best to try on a test or development site that you have installed before updating your live site.

Change the default administrator login

When joomla is first installed the administrators user name is admin, this should be changed to something less familar from an admin user. Your admin password should also be a combination of numbers,letters and special characters - more than 10 characters preferably. Best not to use this username or password on any other web site that you are regsitered for.

Get a good SEF component

If a hacker know your site is a joomla site, this can make it easier for him to find vunrabilities and exploit them. A good SEF Search Engine Friendly URL component will help mask the components and the folder structure of your web site. Artio SEF and sh404SEF.

Beware 3rd party components and templates

Most 3rd party components are there to help you build a feature rich web site, but beware there are some extensions that could potentially leave your site open to a hacker. Always source your extensions from a trusted source and check for updates to that extension. Similary with templates.

Backup backup backup your web site

Your no doubt the one responsible for backing up your own site, it is unlikely to be the responsisbility of the web developer or hosting company. So backup up your MySQL database and all your web files. This is normally carried out via cPanel or there are some commercial backup solutions for joomla.