Secure Joomla from hackers

To help secure your Joomla website from hackers follow some of the tips below

Block access via IP

Here are a few simple tricks to protect your website in view of the recent massive brute-force global attack:

Limit the access to the administrator directory by IP address:
If you are the only person who needs to log into your admin area, you can deny access to the administrator folder to everyone but yourself via an .htaccess file.
Create a file called .htaccess using a plain text editor or simply edit the existing one (if any) and add:
# Block access to administrator.
order deny,allow
allow from x.x.x.x
deny from all

Where x.x.x.x is your IP address. You can add multiple IP addresses by adding the line: allow from x.x.x.x in accordance with the number of IPs you wish to whitelist.
Place the newly created .htaccess file inside the administrator folder. To find your public IP, just Google "my ip".

Change database prefix

Change the default jos_ to something other eg: 7ht53_ on your database (if you do this post installation, you can export your mysql db, open with notepad if you do not have another editor and find and replace jos_ with your new prefix. Then do a mysql query and paste the notepad contents into the query then go. You will then need to remove the jos_ db entries once you are confident all is working, remember your config.php file must also be updated to the new prefix.
The latest versions of Joomla! already incorporate this method.

Configure PHP settings

Our Hosting enables the configuration of PHP settings and the choice to use PHP4, 5.2, 5.3, 5.4, 5.6, 7 and 7.1 although the latter are still in experimental stages.
Below is an example of the configurability of PHP settings in our hosting control panel.

note: this is just an example and your requirements may be different to what is displayed


Joomla PHP Settings

Use .htaccess, Joomla! ships with a preconfigured .htaccess file, but YOU need to choose to use it. The file is called htaccess.txt. To use it you are required to rename to .htaccess and place it in the root of the Joomla site. Once you have renamed the htaccess.txt to .htaccess you may start receiving "error 500" messages, this could be because of the "Options +FollowSymLinks" in the .htaccess file, just comment out the directive by placing a "#" infront of the command eg: "#Options +FollowSymLinks".

Configure Apache mod_security and mod_rewrite filters to block PHP attacks mod_rewrite in glogal config settings

Disable PHP allow_url_fopen if not required

allow_url_fopen = 0  

Disable PHP safe mode

safe_mode = 0  

Enable magic_quotes_gpc = Off - Joomla! 1.5 ignores this setting and works fine either way

magic_quotes_gpc = 0  

register_globals should always be off

register_globals = 0  

Consider Using PHP open_basedir more information can be found here http://us3.php.net/manual/en/ini.core.php#ini.open-basedir

Files

Make sure permissions are correct Chmod DocumentRoot directory: (e.g. public_html)

Chmod files: to 644

Chmod Directories: to 755


Password protect the Joomla Administrator folder

RFI - Remote File Inclusion is the latest method hackers are using to hack Joomla websites. The hackers make POST requests to com_installer or com_templates and then a shell php file is posted to the server by which they can then manipulate files and folders.
Password protecting the administrator folder can help to prevent this and adding to the .htaccess file an RFI protection code.
Password protecting a folder is an easy task with our hosting control panel

Backup! JoomlaHosting.uk.com provide free daily backups

Most importantly make sure you make regular backups of your site, so if your site is comprimised you can just restore via the backup.
JoomlaHosting.uk.com perform daily backups of your site automatically, giving you peace of mind at no extra cost.


Install the latest patches from Joomla for the core, http://www.joomla.org/announcements/release-news/ and ensure plugins and extensions are updated

There are many hackers who have nothing better to do than cause misery to those hard working and honest people, just for fun and to boost their ego's.

One of the most popular methods of hacking is mysql injection, just do a google search and get informed.



Shared Hosting Plans Include

All this from just £2.90 excl VAT per month
  • FEATURES
  • Unlimited Storage
    The storage you receive when signing up for a web hosting account with us. It can be used for uploading any types of files, text documents, HTML documents, images, etc.
  • Unlimited Monthly Traffic
    Traffic is the term used to describe the amount of data transferred and the number of visits made to a web site for a given period of time
  • 30 Day Money Back Guarantee
    With our 30-day money-back guarantee, you can receive reimbursement for your cloud hosting plan if our services are not suitable for your websites.
  • Free 5GB VPN
    We offer free VPN access with all cloud hosting plans, so you can easily route your traffic through a number of servers around the globe and access any content that is not available in your country.
  • Unlimited Sub Domains
    This is the maximum number of subdomains that you can create under your cloud hosting account. Each subdomain can have its own content like a standalone website or complement the website under the root domain.
  • Unlimited Parked Domains
    Parking a domain implies that the domain is registered, but it is either forwarded or loads a parking template, i.e. it doesn’t have its own website. This feature is valuable if you register a domain name and the website for it is not fully ready or if you want to direct the traffic to another site
  • Full DNS Management
    You can set up and configure any record for your domains and sub-domains easily. Many other hosting companies restrict this functionality or offer it at an additional cost
  • Regular Data Backups
    We make backups of your web site content regularly, which suggests that you never risk losing your own files, web applications, databases, email messages, etc. as a result of hack attacks or accidental deletions on your part
  • Web Stats
    You’ll be able to choose between 3 stats tools – the famous Webalizer and AWStats tools and a new full–featured web analytics software that we’ve created with your ideas and recommendations in mind.