It has been a boom year for hackers and web hacking. Tom Canavan, Joomla web security expert, identifies an increase of greater than 600% in overall hacking this last year. Tom’s book “Joomla! Web Security”, a Packt publication, expands on the threats of web security.
Hacker issues bothered a couple of our clients this year and if it didn’t do anything else for us, it sure kept us all on our toes. Hacking comes as more of an embarrassment than a true threat, however the results are damaging to intellectual property, brand identity and most of customer confidence. Hacking is a common occurrence on all public web platforms and CMS systems, however we continue to win the battle and have the ability to leverage one of the largest global networks of expert Joomla developers and programmers and are proud to say that the Joomla community is one of the fastest to respond.
It continues to be a battle to keep the bad guys out so we’ve gathered some tips and links to help you keep your Joomla website secure and safe.
Tip one: When building or planning any Joomla site make sure that you keep up with a good maintenance plan and figure these costs into your ongoing budget. A dynamic web site requires regular attention and this means an ongoing investment of time and resources to keep this up. Hackers pound away on the core CMS framework and 3rd party extensions looking for vulnerabilities. If you continue to ensure your core Joomla CMS and extensions are running with the latest security patches you will save yourself a lot of headaches by preventing a big percentage of vulnerabilities. The longer a component is out there and not patched the more chances a hacker has to break into your infrastructure. Keep in mind, that for any moderate web site, you put a lot of time and treasure into making this your home on the web and if you do not invest in protecting it the whole place can be blown up in a puff of smoke.
Tip two: As a Joomla Website Designer I would suggest that you work with professional components when possible and be willing to contribute to those projects too. The reason is, behind the code are real people and economics plays into the success and longevity of these components. It is quite a commitment to sustain the security and evolution of these development projects. The healthier you can help them become the healthier your code options will be to evolve your own web platform over a period of time.
Tip three: “Keep a clean house” so to speak. Make sure you clean out any unused components and modules. This will not only help reduce the options for a hacker to get in, it will also improve the performance of your site. Make sure file permissions are set to allow you the flexibility you need to build out content, but button down everything else to further minimize threats.
Tip Four: It doesn’t take a Joomla Developer to know that “P@ssw0rd” doesn’t make a very secure password. In fact, don’t rely on any password listed on DefaultPassword.com. The guys dealing in the hacking business have terrific tools, commonly known as Brute Force Tools and password crackers with them. They have dictionaries of common passwords and keystroke combinations that make it possible to crack almost any password. So one should make a password that is very hard to crack by using a combination of numbers, letters, and other different symbols with proper usage of upper and lower case. For “best practices” change your password every 30 days to prevent threats.
Tip Five: Look into the option of using a security monitoring service. Sometimes these services are available through your ISP. We have worked with the “Securelive” component built specifically for Joomla and so far this has been doing a great job. We had some performance issues while we were first getting this installed but now it works very well.
Tip six: Back up everything on a regular basis and don’t forget. Backing up will give you a much better sense of security. A good regular back-up routine will protect you from hackers and, just as importantly, guards against “human failures” as well. For help with your Joomla back-up routine, take a look at joomlaplug.com and akeebabackup.com for a couple Joomla component options that we have used for Joomla Website Development.