To protect a site created on the Joomla engine from hacking, you need to perform a number of simple steps:
- 1. Setting an Administrator password. If this function is not provided by the hosting panel, it can be done manually. To do this, you need to create a .htaccess file in the root directory and enter the following lines there:
AuthName "arbitrary_text" AuthType Basic Require valid-user AuthUserFile "full_path_to *file*.htpasswd"
In the AuthName field, you need to enter text information about what will be accessed. In the AuthUserFile field, you need to enter the full path to the .htaccess file. To maximize the security of your site, create a separate directory on the hosting where network access will be denied. Example of full path to file – /var/www/vhosts/test-account.pp.ua/.htpasswd or in the case of Windows operating system: c:/my_site/.htpasswd.
The htpasswd file will be generated by a utility that is included in the Apache web server build. To do this, enter the following data in the command line:htpasswd -bc .htpasswd username user_password
When the process is complete, move the file to the AuthUserFile directory specified in the file.
After completing these settings, to access the protected directory or page, you will need to additionally enter a login and password. - 2. Hide the presence of joomla
- 2.1 Do not use default table prefixes (jos_ in Joomla 1.5) in the database.
- 2.2 Replace or delete . This will significantly reduce the risk of your site being hacked. To do this, in the index.php file, enter the code setGenerator(‘Your-Site.ru’); ?>.
- 2.3 Disable the ability to view module positions in the site template. To do this, use domain.ru/?tp=1. However, this method of viewing module position is only possible for Joomla 1.5, while versions 1.6, 1.7, 2.5 it is not possible, as it is disabled by default.
- 2.4 Using SEF. In the process of generating links, be sure to use SEF.
- 3. Unused joomla files must be deleted
- 3.1 Delete all components, templates, and plugins that are not used.
- 3.2 Get rid of files responsible for password reset and recovery. You can delete either the entire com_user folder (in the /components folder) or the file responsible for reset – reset.php (in the /components/com_user/models folder).
- 4. All rights must be restricted. To restrict access to folders and files, use the following rights:
templates 555 (recursively) files in root directory 444 tmp folder 705 logs folder 705
- 5. To detect viruses in Joomla at the first appearance, we recommend using Eyesite, jFireWall, RSFirewall.
If you don’t want to spend time on this and at the same time not worry about site security, use the services of UkrHost company. We provide not only hosting and domains, but also perform functional website maintenance. Our highly qualified employees will ensure the highest possible level of protection for your page.