We are often approached, as are many Joomla! developers, by those unfortunate enough to have their websites exploited for one reason or another, asking us to fix the immediate problem and also secure their site against future attacks.  Needless to say this can be quite costly, not ownly in our fees but also in terms of business downtime and potential loss of clients visiting your sites, and loss of confidence (particularly with Ecommerce sites).  Here are some basic tips to help you secure your site and prevent this happening in the first place.
  1. The most important factor in preventing sites being hacked is always to ensure you are up to date with all the latest releases, not only of Joomla! itself but also all the components, modules and plugins you may be using - you may find it useful to maintain a spreadsheet which contains these details.  We always recommend using a local test-server before rolling out upgrades on your live sites.
  2. Sign up to the Joomla Mailing List to hear when new releases come out and other important security announcements.  If you prefer RSS feeds, it's here.
  3. Choose a secure hosting provider - the cheapest is not generally the best - and make sure their settings and available features are as recommended by Joomla!
  4. Ensure you take basic precautions including
  • Rename your default administrator account (admin) to something harder to guess
  • If you're setting up an FTP account for the ftp layer, grant it permission only to the folder it needs (where your Joomla! installation is) and not to your entire site root
  • Use JSecure's plugin to "hide" your administrator back-end - this plugin only allows access if you know the "keyword" to append to the site URL
  • Only give out Super Administrator rights to people who definitely need it - if you have to give it out to a developer to faultfind ensure you're around to watch and be sure you're aware what is being done - and disable it as soon as the work is done!
  • Regularly back up your files & database - Lazybackup emails you an SQL dump of your site which can be quite useful, but don't forget if you use other applications outside of Joomla! which you've bridged in (such as forums, helpdesk etc) you'll need to back them up too!
We would strongly advise all Joomla! users to read the abundance of informative articles on the Security Checklist at Joomla's Site which goes into much more depth - if you have any specific questions please get in touch.

Article Courtesy of