Top Ten Joomla Security Problems ...
... and how to avoid them
Joomla Security issues are always a hot issue :) Unfortunately there are some mistakes which are repeated over and over again creating security problems which can easily be avoided. Here are the problems - the Joomla security issues and what you should do to avoid them.
How to achieve a secure Joomla setup
9. No Backups - Make sure you have regular Joomla backups. In case your site gets hacked or something happens, you will be able to rebuild from scratch.
8. Skipping hardening (tweaking settings for security) of PHP and secure Joomla! settings - Forgetting or skipping the adjusting of PHP and Joomla! settings for increased security is a huge no no. There are many small settings and tweaks you can do to make your PHP server and Joomla! more secure and prevent most of the Joomla security issues from occurring in the first place and avoiding all types of security problems.
7. Weak Passwords or Same passwords - Using the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, Gmail account and everywhere else is another mistake you should avoid like the plague. Always use strong passwords which are different from those for your other accounts. Remember also to always change the name of the admin account to something other than "admin".
6. Install and forget - After installing your brand new beautiful Joomla!-powered site, check it regularly making sure nothing has gone wrong. Lots of things can go wrong and you can get all sorts of Joomla problems if you don't maintain all the components of your Joomla installations.
Top 5 Joomla Security Issues!
5.Having no development server - All upgrades and extension installations should be first tried on a development server, before being done on the live site. If something goes wrong on the development server, you can avoid creating the same problem on the server, and you'll make sure your live site stays clean.
4. Trusting all 3rd party extensions - If you want to optimal Joomla security you should only install the barest minimum extensions you require. If you can avoid installing a 3rd party module, avoid it. Not all 3rd party extensions are free from trouble, and some are just plain horrible, buggy and contain vulnerabilites. Each 3rd party extension, is another component which might expose you to vulnerabilities and must be kept up to date. Be wary of the 3rd party extensions you install, preferably go for the professional components from reputable companies.
3. Forgetting to keep your Joomla! site updated - after installing your brand new beautiful Joomla!-powered site, keep yourself up to date with any stable releases, and update with each stable release. Most stable releases fix problems and vulnerabilites. Forgetting to upgrade will leave your site exposed to all sorts of Joomla problems. This also applies for any 3rd party Joomla extensions you install. There's a way to keep your Joomla always updated though - you might want to have a look at it here.
2. Lack of infomation when asking for help - If your site gets hacked / cracked, go to the Joomla forums, and before you start posting away like crazy, make sure you have all relevant information available, such as the version of Joomla you have installed, what version of 3rd party extensions you have installed. This information will help to identify what could have caused your hack, and how to fix and avoid it happening again.
1. Fix any cracked file and forget it - Once your site's been cracked, fixing the defaced file is not enough. Check your site's logs, change your old passwords, remove the entire directory and rebuild it from clean backups, and take all precautionary actions! Serious Joomla security issues can recur if you do not restore from a clean backup, because backdoors can be present in your installation, which will be reactivated by hackers once you remove what you think is the only infected file.
This is a revisited version of the Top Ten Stupidest Adminstrator Tricks , without the sarcasm and with recommendations of how to fix the top ten Joomla Security issues instead :)