• +91-120-4052610
  • 0044-203-239-6361
  • 001-201-984-1831

7 Most Recommended Security Tips to Prevent Joomla! Site from Hackers

  • 7 Most Recommended Security Tips to Prevent Joomla! Site from Hackers

Joomla is a great content management system that is used worldwide. With the surging popularity of Joomla website development, hackers often try to find different ways to hack it. Therefore, it is quite important for you to not only keep your Joomla website secure, but also to take the suitable measures to help prevent data theft, unauthorized access or malicious activity on your website. After an in-depth research work, I have found seven amazing tips that will not only strengthen your Joomla website security, but also prevent it from getting hacked.

1.Keep your Joomla website up-to-date

The latest Joomla version addresses all the security issues that are known to Joomla community at the time of its update. Therefore, if you do not update your Joomla site immediately, then the probability of your website being hacked increases.

I know that it is hard to keep your Joomla site updated with the latest version, especially if you have a lot of extensions (modules, components, and plugins) or if you are using a heavily customized Joomla platform for your website, there is always a risk of broken website. But you must do this to make your website secure from external attacks. I have mentioned both manual and automatic methods to upgrade your Joomla site:

Manual method

First, access your administrative area. After that, Joomla 3 will automatically check for latest versions at its official repository. If there is the latest version available, you will see a notification in your quick links.


Source: http://www.siteground.com/tutorials/joomla/upgrade-joomla.html

I strongly recommend that you create a backup of your site with the help of Akeeba Backup extension before you initiate the upgrade process. Now, click on the “Update now” link to proceed.

Source: http://www.siteground.com/tutorials/joomla/upgrade-joomla.html

After clicking on link, you will be redirected to the Joomla update page, where you will see information of your present Joomla version and the latest one you will be upgrading to, the update package URL and the complete installation method. Do not make any changes at this point- the default settings should work just fine. After that, click on “install the update” button. In a few moments, your site will be upgraded to the latest version of Joomla and you will be brought to a screen with confirmation for the successful update.

Automatic method

With the help of SP Upgrade extension you can upgrade your Joomla website automatically. The process is mentioned below:

  • Install a new version of Joomla (2.5 or 3.x), anywhere (your live server, or a remote server, or even on your PC)
  • Install SP Upgrade
  • Connect to the source 1.5 database
  • Click the transfer button
  • Enjoy your new Joomla site

After updating Joomla latest version, you should take care of all the components, modules and plugins. You can delete the ones that you don’t use and update all the rest to the latest available version.

2. Change your administrator username

An easy, yet important tip for securing your website is changing your administrator username. By default, the administrator username in Joomla website consists of ‘Admin’. Most often, people never change this default username, which makes it quite easy for hackers to gain access to your site as they already know one half of your login details, and they only need to guess or obtain your password. Changing the administrator username reduces the chances of hacker guessing your login details.

To change your default administrator username, you can simply log-in to your administrator panel, and click Site -> User Manager. After that, within the User Manager look for the Administrator account and then click the checkbox next to the name. Now, click the edit button on the User Manager Toolbar on the top right. On the edit user page, find the username field and remove the existing username. Here, you can also change the password at the same time. It is also important to change your password regularly. An ideal and secure password should consist of letters, special characters (@#$%^) and numbers and should not be simple words such as ‘password’ or ’12345′. When you are done with the change, click Save on the toolbar.

3. Change the default Joomla database table prefix

By default, when Joomla creates database tables, it does this using the ‘jom’ prefix. When you install Joomla, it asks about database table prefix, which is often skipped by people. You can install Akeeba Admin Tools, which is a great and free Joomla extension that can easily and quickly change the prefix for you after you have installed Joomla.

If you want to change your database tables prefix manually, simply look for and click the ‘Database Table Prefix Editor’ button, which will open the Prefix Editor. Here you can see your current database prefix along with automatically suggesting a new one. You can override this suggestion with your own preferred prefix. Now, simply click the ‘Change my prefix’ button to immediately perform the change. This helps in making your website more secure.

4. Use additional extensions that extend your site’s security

Third party extensions like Joomla SEO extensions, security extensions etc. make Joomla wildly popular and enhance its functionality. I have collected three best Joomla security extensions that are quite useful in boosting security of your website:

Admin Tools

Download: commercial version/ non-commercial version.

Admin Tools extension works as a true Swiss Army Knife for your Joomla website. The professional version of this extension provides you much more than the free version. Few of its best features are as follows:

  • Web application firewall to block common exploits like SQL injection, XSS, DFI, RFI, malicious user agent, and CSRF/spam-bot protection
  • Bad word filtering
  • Block front-end Super Administrator log-in
  • IP White listing for the administrator section
  • Modification of Generator meta-tag and other sensitive HTTP headers
  • Block Super Administrator user modification
  • Block visual fingerprinting (tmpl, template and tp URL parameters)
  • Block extensions installation
  • Automatic IP blocking of repeat offenders
  • URL redirections (exclusive support for query parameters)
  • Scheduled site maintenance operations

JISecure My Site

Free Download
JISecure My Site is simple but effective extension, which adds key and value requirement to the administrator URL. This extension will prevent unauthorized visitors or hackers to access the admin panel without correct permission. Developed by JomLand, this extension is available for free in Joomla extension directory.

RS Firewall

Paid Download
RS Firewall is one of the most advanced security extensions for Joomla. Although this is a commercial extension, I strongly recommend this due to its unique feature of Joomla Installation as Administrator Lockout. Some key features of this extension are as follows:

  • Adds on Captcha over Unsuccessful Login Attempts
  • IP Blocking by single IP Address or even Country Level IP Blocking
  • Provides Logs of Unsuccessful Login with IP Address
  • Blocks Brute Force Attacks

There are several other extensions that can strengthen your Joomla website security, but these four are my personal favorite that will definitely boost security of your site.

5. Check your directory permissions

Directories (folders) on your web-space where Joomla is installed have permissions, granting you access and preventing others from accessing certain areas. Occasionally, extensions of Joomla can create insecure directories, or you may have accidently altered the permissions on a directory yourself. Either way, it is important to ensure that directories remain at the appropriate secure level to prevent access of hackers. To inspect directory permission manually is a tedious task, but there are a few extensions, like Akeeba Admin Tools extension, which can quickly check and correct all of your directory permissions.

6. Hide your administrator log in page

Everybody knows that in order to log-in to the Administrator Panel (the back-end of Joomla website) you simply have to add/administrator to the end of the website address. It is also a security risk, as hackers already know where to log in. If you don’t want to give hacker an easier step to gain access to your website, then hide your administrator log in page and move it to another address on your website that can increase your sites security. This task requires technical knowledge, therefore, I recommend you to hire experienced Joomla developers, who will complete it professionally as well as efficiently.

7. Some other tips

  • Remove Unused Files- Unused extensions or files lead to unseen vulnerabilities down the road. Therefore, uninstall these unused files completely.
  • Enable and Use the htaccess File- You should make sure to rename htaccess file from .htaccess.txt to .htaccess. Then, it needs to be placed in your root folder. In addition to this, you can also add some rewrite rules to it to prevent common exploits. By doing this, you will add an additional layer of protection to your Joomla website.
  • Use SSL Certification- You should use SSL on your Joomla website and force Joomla into SSL mode for all logins. Remember that you have a properly configured SSL certification for your website’s domain (shared SSL certificates will not work in this case).
  • Turn Off Register_globals- For more security, you can switch off register globals, but be aware that doing this can also disable some PHP scripts from working, and may affect other programs that your website uses from working. In order to do this, you just need to edit your website’s php.ini file in the root directory for your domain.
  • Search Engine Friendly URLs- You should use search engine friendly URLs. This will not only improve your Google ranking but it will also prevent hackers from finding exploits using Google search and other tools.

As you can see security of Joomla website is not dependent on one thing. Therefore, follow the above mentioned tips on regular basis to secure your Joomla website.


Manoj Tiwari is a business & Internet marketing strategist at a leading India based IT Company – Tisindia.com. From more than 10 years, he is involved in offering website designing, eCommerce development, branding and reputation management and internet marketing services.

Warning: file_get_contents(http://graph.facebook.com/comments?id=http://www.india-designers.net/blog/7-most-recommended-security-tips-to-prevent-joomla-site-from-hackers): failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request in /home/indiadesigners/public_html/wp-content/themes/india-designer/functions.php on line 880

Warning: Invalid argument supplied for foreach() in /home/indiadesigners/public_html/wp-content/themes/india-designer/functions.php on line 883