1 / 24

Joomla! Security

Joomla! Security. Ruth Cheesley. Hello, I’m Ruth Cheesley from Virya Technologies. Find my social media stuff here!. @ RCheesley. What do we mean by security?. Why bother?. Where to start?. Security is …. Putting measures in place to make unauthorised access more difficult.

camilla-doyle
Download Presentation

Joomla! Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Joomla! Security Ruth Cheesley

  2. Hello, I’m Ruth Cheesleyfrom Virya Technologies Find my social media stuff here! @RCheesley

  3. What do we mean by security?

  4. Why bother?

  5. Where to start?

  6. Security is … Putting measures in place to make unauthorised access more difficult NOT making it impossible

  7. … a balancing act • Security versus usability • Risk versus implications

  8. A quick look at server security • Use a reputable company with Joomla! experience • Ensure they have recommended security settings applied • Ask others if you’re not sure!

  9. Is Joomla! insecure? • It depends! • Often insecurities are due to poor practice by administrators including: • Patches not being applied • Insecure extensions • Basic precautions not taken

  10. If you do nothing else … Keep Joomla! and extensions up to date

  11. Updating Joomla! • Manually • One-click (1.6.x +) • Akeeba Admin Tools

  12. If you do nothing else … Enable Search Engine Friendly (SEF) URL’s

  13. Enable SEF URL’s • Enable in global configuration • With or without .htaccess • Using extensions

  14. If you do nothing else … Establish a regular backup routine

  15. Establish a backup routine • On-site backups • Off-site backups • Full or partial • Akeeba backup

  16. Other ‘must do’ security tasks • Hide your admin portal (jSecure, Admin Tools) • Change your database prefix (manually or using Admin Tools) • Change your default Super Admin ID (from #62 in 1.5 or #42 in 1.6/7)

  17. Hide admin portal • Why bother? • jSecure • Akeeba Admin Tools

  18. Change database prefix • Why bother? • Manually • Akeeba Admin Tools

  19. Change default admin ID • Why bother? • Manually • Akeeba Admin Tools

  20. Would be good to do … • Web application firewall

  21. Web Application Firewall • Why bother? • Akeeba Admin Tools

  22. Top Ten Tips • Keep Joomla! up to date • Keep extensions up to date • Hide admin portal • Change database prefix • Ensure correct file and folder permissions • Disable default Super Administrator • Enable SEF URL’s • Establish and regularly test backup routine • Ensure strong username/password for admins • Do not give out Admin rights freely

  23. Useful links http://www.viryatechnologies.com http://www.akeebabackup.com http://www.joomlaserviceprovider.com http://tinyurl.com/joomlasecuritychecklist http://www.ico.gov.uk/

  24. Thank you Any questions? Ruth CheesleyVirya Technologies ruth.cheesley@viryatechnologies.com @RCheesley

More Related