SlideShare a Scribd company logo

Joomla Security

Download as PPT, PDF
Ruth Cheesley, profile picture
Ruth Cheesley

The document discusses security best practices for Joomla websites. It defines security as authorized access to data and files while preventing malicious attacks. It recommends always getting installation files from Joomla.org, using reputable hosting providers, keeping software updated, regularly backing up files and databases offline, and changing default usernames and passwords. Specific security tools mentioned include jSecure to hide the administrator page and EasySpamKiller to block known attacker IP addresses.

1 of 15
Downloaded 29 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
Security in Joomla What do we mean by “security”? Why bother? What can I do to keep my sites secure?
 
A balancing act?
What is Security? Authorised Access to data & files Prevention of malicious attacks & unauthorised access via SQL/Command Injection Insecure passwords OS vulnerabilities Software vulnerabilities Buffer Overflow ETC!
Why Bother?
Legal issues Data Protection Act 1998 Anyone who processes your information must comply with 8 principles, including Data must be kept securely Heavy penalties for not taking appropriate measures to safeguard your data No test cases for Joomla! sites yet.....
Professionalism Embarrassing and harmful to organisations’ image The “Fear Factor”
Why target Joomla? Very popular Content Management System Lots of “inexperienced” users Lots of less-than-ideal security practices server-side
How to keep my sites secure? ALWAYS get your installation files direct from Joomla.org Use reputable hosting providers – make sure all PHP settings are “Green” ALWAYS check vulnerability list before installing extensions (esp. obscure ones!) ALWAYS keep up to date with patches for Joomla and for ALL extensions (use mailing lists, etc)
Finding a reliable host Consider your requirements Shared v Dedicated Hosting Patching of servers (should be on PHP 5 & mySQL 5 at least Backup & redundancy Customer support 24/7 is VITAL
THOU SHALT BACK UP! Backups made as frequently as your site requires Back up files AND database OFF SITE ALWAYS back up prior to any upgrade – of ANYTHING!
What to do now? Create a new Super Administrator & delete original one (id 62) Hide your administrator URL (jSecure) Change your default admin username Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin)
Must Read Security Checklist - http://docs.joomla.org/Security_Checklist_1_-_Getting_Started Joomla Security News - http://developer.joomla.org/security/news.html (subscribe at http://developer.joomla.org/security/news.html )
Tools to help jSecure – hides your administrator page http://www.joomlaserviceprovider.com/ LazyBackup 2 – emails a daily mysql dump http://www.lazybackup.net/ EasySpamKiller – protects your site against attacks from known IP’s http://projects.easy-joomla.org/projects/easyspamkiller.html

More Related Content

PDF
WordPress Security 2018
Adrian Mikeliunas
 
ODP
WordPress Security - Kulpreet Singh
guest4fe370
 
PDF
Migrating to WP Engine
mesmonde
 
PPTX
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
ODP
Securing Your Moodle
moorejon
 
PPTX
Locking down word press
Zachary Russell
 
PPT
Internet Security
Anne Adrian
 
PPT
Dark Alleys/Internet Security
John Dorner
 
WordPress Security 2018
Adrian Mikeliunas
 
WordPress Security - Kulpreet Singh
guest4fe370
 
Migrating to WP Engine
mesmonde
 
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
Securing Your Moodle
moorejon
 
Locking down word press
Zachary Russell
 
Internet Security
Anne Adrian
 
Dark Alleys/Internet Security
John Dorner
 

What's hot (20)

PDF
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
PPTX
WordPress Security 101
Shady A. Sharaf
 
PPTX
7 tips to make word press website secure in 2021
WebConnect Pvt Ltd
 
PDF
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
StuartJDavidson.com
 
PDF
WordPress Troubleshooting Hacks.pdf
Arthur Kasirye
 
PPT
Dark Alleys Part1
Anne Adrian
 
PPT
Dark Alleys Part1740
guest2bd2b2
 
PPT
Top Keys to create a secure website
Click Ripple Solutions
 
PDF
Endpoint Security
Zack Fabro
 
PPTX
Stronghold to Strengthen: Advanced Windows Server Hardening
Microsoft TechNet - Belgium and Luxembourg
 
PPT
Fun With Http Handlers - Miguel A. Castro
Mohammad Tayseer
 
PPTX
Wordpress security
jhon wilson
 
PPTX
4liftchairs.
Jerry Peterson
 
PPTX
Ed Saipetch EMC VMware Lightning Talk CloudCamp Cincy
Intel Corporation
 
PPT
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 
PPTX
Why WordPress?
Brian Layman
 
PPT
WordPress Security
Brad Williams
 
PDF
10 things I’ve learnt about web application security
James Crowley
 
PPTX
Securing Your Joomla website
Mike Carson
 
KEY
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
WordPress Security 101
Shady A. Sharaf
 
7 tips to make word press website secure in 2021
WebConnect Pvt Ltd
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
StuartJDavidson.com
 
WordPress Troubleshooting Hacks.pdf
Arthur Kasirye
 
Dark Alleys Part1
Anne Adrian
 
Dark Alleys Part1740
guest2bd2b2
 
Top Keys to create a secure website
Click Ripple Solutions
 
Endpoint Security
Zack Fabro
 
Stronghold to Strengthen: Advanced Windows Server Hardening
Microsoft TechNet - Belgium and Luxembourg
 
Fun With Http Handlers - Miguel A. Castro
Mohammad Tayseer
 
Wordpress security
jhon wilson
 
4liftchairs.
Jerry Peterson
 
Ed Saipetch EMC VMware Lightning Talk CloudCamp Cincy
Intel Corporation
 
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 
Why WordPress?
Brian Layman
 
WordPress Security
Brad Williams
 
10 things I’ve learnt about web application security
James Crowley
 
Securing Your Joomla website
Mike Carson
 
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
Ad

Viewers also liked (8)

PPT
Massachusetts One-Stop Career Centers
Boston College Career Center
 
PPTX
Graham Jones Social Networking
Graham Jones
 
ODP
Microdata, Rich Snippets and Google Authorship with Joomla - JoomlaDagen 2013
Ruth Cheesley
 
ODP
Suffolk Internet Marketing & SEO/M Specialists - Ruth Cheesley - Don't get in...
Ruth Cheesley
 
PPS
Observatorio solar en Perú
Armando Toledo
 
PDF
Fight for the Pixel - Innovation Martlesham - Ruth Cheesley
Ruth Cheesley
 
ODP
Ruth Cheesley - Joomla!Day Spain - Microdata and Semantic Search
Ruth Cheesley
 
ODP
Ruth Cheesley - Joomla! World Conference 2013 - What are you trying to say (a...
Ruth Cheesley
 
Massachusetts One-Stop Career Centers
Boston College Career Center
 
Graham Jones Social Networking
Graham Jones
 
Microdata, Rich Snippets and Google Authorship with Joomla - JoomlaDagen 2013
Ruth Cheesley
 
Suffolk Internet Marketing & SEO/M Specialists - Ruth Cheesley - Don't get in...
Ruth Cheesley
 
Observatorio solar en Perú
Armando Toledo
 
Fight for the Pixel - Innovation Martlesham - Ruth Cheesley
Ruth Cheesley
 
Ruth Cheesley - Joomla!Day Spain - Microdata and Semantic Search
Ruth Cheesley
 
Ruth Cheesley - Joomla! World Conference 2013 - What are you trying to say (a...
Ruth Cheesley
 
Ad

Similar to Joomla Security (20)

PDF
OWASP Thailand 2016 - Joomla Security
Akarawuth Tamrareang
 
PPTX
Brendon Hatcher Joomla Security
Joomla Day South Africa
 
ODP
Joomladay Netherlands - Security
Wilco Jansen
 
PPTX
Joomla Security v3.0
Ajay Lulia
 
PDF
Seven steps to better security
Michael Pignataro
 
PDF
How to Check Website Safety | Complete Guide
helgacuthbertson
 
PPT
Joomladay Switzerland - security
Wilco Jansen
 
PPT
Securing Windows web servers
Information Technology
 
PPT
WordPress Security Hardening
Timothy Wood
 
PPTX
Joomla! security jday2015
Shaiffulnizam Mohamad
 
PPTX
Getting Started with IBM i Security: Securing PC Access
HelpSystems
 
PPTX
WordPress End-User Security
Dre Armeda
 
PDF
Joomla! security jday2015
kriptonium
 
PPT
Securing Your WordPress Website - WordCamp GC 2011
Vlad Lasky
 
PPT
Securing Your WordPress Website by Vlad Lasky
wordcampgc
 
ODP
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
PPTX
WordPress security
Shelley Magnezi
 
PPTX
Word press security 101
Kojac801
 
PDF
Making Joomla Insecure - Explaining security by breaking it
Tim Plummer
 
PPT
Php My Sql Security 2007
Aung Khant
 
OWASP Thailand 2016 - Joomla Security
Akarawuth Tamrareang
 
Brendon Hatcher Joomla Security
Joomla Day South Africa
 
Joomladay Netherlands - Security
Wilco Jansen
 
Joomla Security v3.0
Ajay Lulia
 
Seven steps to better security
Michael Pignataro
 
How to Check Website Safety | Complete Guide
helgacuthbertson
 
Joomladay Switzerland - security
Wilco Jansen
 
Securing Windows web servers
Information Technology
 
WordPress Security Hardening
Timothy Wood
 
Joomla! security jday2015
Shaiffulnizam Mohamad
 
Getting Started with IBM i Security: Securing PC Access
HelpSystems
 
WordPress End-User Security
Dre Armeda
 
Joomla! security jday2015
kriptonium
 
Securing Your WordPress Website - WordCamp GC 2011
Vlad Lasky
 
Securing Your WordPress Website by Vlad Lasky
wordcampgc
 
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
WordPress security
Shelley Magnezi
 
Word press security 101
Kojac801
 
Making Joomla Insecure - Explaining security by breaking it
Tim Plummer
 
Php My Sql Security 2007
Aung Khant
 

More from Ruth Cheesley (20)

PDF
Open source meets marketing - Presentation - OpenFest 2019
Ruth Cheesley
 
PDF
Data first web development
Ruth Cheesley
 
PDF
Integrated Marketing Strategies with Mautic
Ruth Cheesley
 
ODP
Automating your marketing workflows in Joomla with Mautic
Ruth Cheesley
 
PPTX
Custom Fields in Joomla - JoomlaDay UK 2016 - Marco Dings
Ruth Cheesley
 
PDF
Time to stop breaking your promises - dealing with 404's, broken URLs and pla...
Ruth Cheesley
 
PDF
Chalk and cheese - how developers and designers can work together and not cru...
Ruth Cheesley
 
PDF
Discovering Joomla! - Find out about Joomla's features
Ruth Cheesley
 
PDF
Ruth Cheesley - Joomla World Conference 2014 - How to prove you're worth a mi...
Ruth Cheesley
 
PDF
Conflict as an opportunity for growth in Open Source communities - European C...
Ruth Cheesley
 
ODP
The world needs Open Source - Ruth Cheesley - NorDevCon 2014
Ruth Cheesley
 
ODP
A gaze into the crystal ball of Google - social, local and predictive search
Ruth Cheesley
 
ODP
CMS Security - Ruth Cheesley - CMS Africa 2014
Ruth Cheesley
 
ODP
Women in Open Source - Ruth Cheesley - CMS Africa 2014
Ruth Cheesley
 
ODP
Ruth Cheesley - Joomla! World Conference 2013 - Is your business intelligent?
Ruth Cheesley
 
ODP
Ruth Cheesley - Joomla!Day UK - Joomla in your area
Ruth Cheesley
 
ODP
Ruth Cheesley - Joomla!Day UK - Articles are boring, long live the CCK!
Ruth Cheesley
 
ODP
Ruth Cheesley - Joomla!Day UK - Giving back to Joomla!
Ruth Cheesley
 
ODP
Ruth Cheesley - Joomla!Day South Africa - Developments in Semantic HTML - Add...
Ruth Cheesley
 
ODP
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Ruth Cheesley
 
Open source meets marketing - Presentation - OpenFest 2019
Ruth Cheesley
 
Data first web development
Ruth Cheesley
 
Integrated Marketing Strategies with Mautic
Ruth Cheesley
 
Automating your marketing workflows in Joomla with Mautic
Ruth Cheesley
 
Custom Fields in Joomla - JoomlaDay UK 2016 - Marco Dings
Ruth Cheesley
 
Time to stop breaking your promises - dealing with 404's, broken URLs and pla...
Ruth Cheesley
 
Chalk and cheese - how developers and designers can work together and not cru...
Ruth Cheesley
 
Discovering Joomla! - Find out about Joomla's features
Ruth Cheesley
 
Ruth Cheesley - Joomla World Conference 2014 - How to prove you're worth a mi...
Ruth Cheesley
 
Conflict as an opportunity for growth in Open Source communities - European C...
Ruth Cheesley
 
The world needs Open Source - Ruth Cheesley - NorDevCon 2014
Ruth Cheesley
 
A gaze into the crystal ball of Google - social, local and predictive search
Ruth Cheesley
 
CMS Security - Ruth Cheesley - CMS Africa 2014
Ruth Cheesley
 
Women in Open Source - Ruth Cheesley - CMS Africa 2014
Ruth Cheesley
 
Ruth Cheesley - Joomla! World Conference 2013 - Is your business intelligent?
Ruth Cheesley
 
Ruth Cheesley - Joomla!Day UK - Joomla in your area
Ruth Cheesley
 
Ruth Cheesley - Joomla!Day UK - Articles are boring, long live the CCK!
Ruth Cheesley
 
Ruth Cheesley - Joomla!Day UK - Giving back to Joomla!
Ruth Cheesley
 
Ruth Cheesley - Joomla!Day South Africa - Developments in Semantic HTML - Add...
Ruth Cheesley
 
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Ruth Cheesley
 

Joomla Security

  • 1. Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
  • 2. Security in Joomla What do we mean by “security”? Why bother? What can I do to keep my sites secure?
  • 3.  
  • 5. What is Security? Authorised Access to data & files Prevention of malicious attacks & unauthorised access via SQL/Command Injection Insecure passwords OS vulnerabilities Software vulnerabilities Buffer Overflow ETC!
  • 7. Legal issues Data Protection Act 1998 Anyone who processes your information must comply with 8 principles, including Data must be kept securely Heavy penalties for not taking appropriate measures to safeguard your data No test cases for Joomla! sites yet.....
  • 8. Professionalism Embarrassing and harmful to organisations’ image The “Fear Factor”
  • 9. Why target Joomla? Very popular Content Management System Lots of “inexperienced” users Lots of less-than-ideal security practices server-side
  • 10. How to keep my sites secure? ALWAYS get your installation files direct from Joomla.org Use reputable hosting providers – make sure all PHP settings are “Green” ALWAYS check vulnerability list before installing extensions (esp. obscure ones!) ALWAYS keep up to date with patches for Joomla and for ALL extensions (use mailing lists, etc)
  • 11. Finding a reliable host Consider your requirements Shared v Dedicated Hosting Patching of servers (should be on PHP 5 & mySQL 5 at least Backup & redundancy Customer support 24/7 is VITAL
  • 12. THOU SHALT BACK UP! Backups made as frequently as your site requires Back up files AND database OFF SITE ALWAYS back up prior to any upgrade – of ANYTHING!
  • 13. What to do now? Create a new Super Administrator & delete original one (id 62) Hide your administrator URL (jSecure) Change your default admin username Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin)
  • 14. Must Read Security Checklist - http://docs.joomla.org/Security_Checklist_1_-_Getting_Started Joomla Security News - http://developer.joomla.org/security/news.html (subscribe at http://developer.joomla.org/security/news.html )
  • 15. Tools to help jSecure – hides your administrator page http://www.joomlaserviceprovider.com/ LazyBackup 2 – emails a daily mysql dump http://www.lazybackup.net/ EasySpamKiller – protects your site against attacks from known IP’s http://projects.easy-joomla.org/projects/easyspamkiller.html