A lot of people who are using the older versions of Joomla are increasingly being hacked, which in turn takes all day to fix and interrupts your business. Your first step to avoid being hacked is to upgrade your site to the latest version of Joomla.
In spite of doing this, there are still many other actions that you need to take in order to prevent having your Joomla site hacked:
In spite of doing this, there are still many other actions that you need to take in order to prevent having your Joomla site hacked:
- The guys at the Joomla.org community have created a Joomla Administrator’s Security Checklist. Go through this list and take the necessary steps to secure your site as much as possible.
- Install a security plug-in like the jSecure Authentication plug-in. Every Joomla backend comes with the same URL. By installing a security plug-in, you can add a suffix to your URL and make it exclusively yours. If the URL has not been entered with the correct suffix, then the site will be redirected to a 404 page. Keep changing the suffix every now and then.
- Never use the jos_ prefix! The jos_ is the standard prefix for Joomla. However, many hackers will depend on the fact that your database table starts with a jos_. Use your own prefix and you will be protecting your site from hackers. Make sure you use a unique prefix for every site.
- Change your admin user! In Joomla, the default admin user is always 62 and this can also be used by a hacker. To avoid this, you can try out the following steps: create a new administrator with a new username and password, log out of your current account and sign in as the new user, change your original admin user to a manager and then save it, and then delete your original admin user!
- Use a Strong Password: Create a strong password with a combination of both uppercase and lowercase letters, symbols and numbers. Change your username and password every 3 months.
- Never use the root user in mySQL as the user for your database. Always create a new database when creating a new site and give right to this new database only. This way, you will have access only to a specific site.
Comments