Joomla Security – Security Joomla
We start from the beginning we have a website with php 5 possibly because of the safest php 4, mysql database, the operating system can be both Linux and Windows although it is recommended LINUX. Now install Joomla! we finished in 6 steps. Upload via FTP (SmartFTP) all files and folders in the space dedicated to you, call the index.php from your browser or the installation / index.php and follow the instructions on the screen.
After installation, remember to make sure your installation of Joomla, we begin to delete the "installation" with all files, right after we have forgiven all file permissions changed to its original place, usually in the folders 0755 to 0644 and files. Remember that the folder "media" and "images" must be writable so you can upload files to your website. The configuration file configuration.php and the most important thing to remember because the more usually used to change the settings of the site, but never forget to call edi permissions to that file is not writable.
We can also set the Joomla global configuration that permits to put new files and folders as above, at 644 and 755 for folders.
Use username and password are not easy to guess, also try to change passwords often administration. A good rule might be to use a combination of numbers and uppercase and lowercase characters. Never store your password on the site and not spread it on the net for any reason, if you have any suspicions immediately change it.
Another very important thing comes when you use the components of Joomla SEO-SEF, because this could jeopardize the entire site or even the entire server. Modified the file htaccess.txt to. Htaccess can change the functions of PHP, such as:
The "register_globals PHP is ‘ON’ instead of ‘OFF’. To put it safely in your. Htaccess
php_value register_globals off
or
register_globals = 0
There are other features that you can modify to make it more secure site, you must change the server’s php.ini file. To block SQL iniection , just put the following lines in your php.ini page:
allow_url_fopen = OFF
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
- shows_source – a pseudonym highlight_file () which provides syntax highlighting for files;
- system – allows execution of external programs;
- shell_exec – allow execution of orders by a shell;
- exec – allow execution of orders;
- passthru – similar to the function of the exec (), allows the execution of orders;
- phpinfo – outputs PHP information that could be used by potential intruders;
- popen – opens a pipe to a process that is performed by a particular order;
- proc_open – similar to popen () but provides better control over the execution order.
So this setting disables all possible executions of scripts. Again, this could cause problems with some components and modules that use the PHP functions for orders to launch, but their number is negligible.
To apply the above rules and to ensure complete safety of the portal, you can use the htaccess file. Since not all leave the webhosting and use this file because some functions can only be specified in the php.ini file server, we can intervene using the php.ini file to include the restrictions.
Finally: Copy the file php.ini in each folder or subfolder of your Joomla!. Possibly after your site is properly installed and fully functional, then check if everything works after you enable these changes.
Then, as an additional measure of security, protect folders with a htpasswd file. In / administrator, creates two new files: htaccess and htpasswd.
Htaccess file should contain the following lines:
AuthType Basic
AuthName "Joomla Administrator"
AuthUserFile / full / path / to / joomla / administrator / .htpasswd
<Limit GET>
require valid-user
</ Limit>Specify a username (different from the one already registered within Joomla!) And a long and difficult password to guess, if you have trouble try to follow the link htaccess tools . You will have a double password to access Administration of your Joomla site, remember this data and store them safely also outside of the site, maybe on the agenda.
Delete the installation files and images that you do not need the subdirectories of the Joomla! You may also delete unused modules. Check all installed extensions to see if there are vulnerabilities and visit the database of the Secunia Vulnerability often. Visit Joomla! The category of Darkness forums and read what others have to say and, in case of disaster, following these guidelines . Also I suggest reading the Joomla! Checklist Safety Coordinator .
The main thing for safety is kept informed. Check security lists and update your extensions whenever new versions are launched.