Secure Joomla! from hackers
To help secure your Joomla site from hackers follow some of the tips below
Change the default jos_ to something other eg: 7ht53_ on your database (if you do this post installation, you can export your mysql db, open with notepad if you do not have another editor and find and replace jos_ with your new prefix. Then do a mysql query and paste the notepad contents into the query then go. You will then need to remove the jos_ db entries once you are confident all is working, remember your config.php file must also be updated to the new prefix.
The latest versions of Joomla! already incorporate this method.
Our Hosting enables the configuration of PHP settings and the choice to use PHP4, 5.2, 5.3, 5.4 and 6 although the latter are still in experimental stages.
Below is an example of the configurability of PHP settings in our hosting control panel.
note: this is just an example and your requirements may be different to what is displayed
Use .htaccess, Joomla! ships with a preconfigured .htaccess file, but YOU need to choose to use it. The file is called htaccess.txt. To use it you are required to rename to .htaccess and place it in the root of the Joomla site. Once you have renamed the htaccess.txt to .htaccess you may start receiving "error 500" messages, this could be because of the "Options +FollowSymLinks" in the .htaccess file, just comment out the directive by placing a "#" infront of the command eg: "#Options +FollowSymLinks".
Configure Apache mod_security and mod_rewrite filters to block PHP attacks mod_rewrite in glogal config settings
Disable PHP allow_url_fopen
allow_url_fopen = 0
Disable PHP safe mode
safe_mode = 0
Enable magic_quotes_gpc = Off - Joomla! 1.5 ignores this setting and works fine either way
magic_quotes_gpc = 0
register_globals should always be off
register_globals = 0
Consider Using PHP open_basedir more information can be found here http://us3.php.net/manual/en/ini.core.php#ini.open-basedir
Make sure permissions are correct Chmod DocumentRoot directory: to 750 (e.g. public_html)
Chmod files: to 644
Chmod Directories: to 755
Password protect the Joomla Administrator folder
RFI - Remote File Inclusion is the latest method hackers are using to hack Joomla websites. The hackers make POST requests to com_installer or com_templates and then a shell php file is posted to the server by which they can then manipulate files and folders.
Password protecting the administrator folder can help to prevent this and adding to the .htaccess file an RFI protection code.
Password protecting a folder is an easy task with our hosting control panel
Most importantly make sure you make regular backups of your site, so if your site is comprimised you can just restore via the backup. JoomlaHosting offer a great backup facility available through our hosting control panel.
Install the latest patches from Joomla for the core, http://www.joomla.org/announcements/release-news/
There are many hackers who have nothing better to do than cause misery to those hard working and honest people, just for fun and to boost their ego's.
One of the most popular methods of hacking is mysql injection, just do a google search and get informed.
Get a great deal on domain registration or transfersRead More