Register now or log in to join your professional community.
Probably the most important part of securing your Joomla website is to keep it updated to the latest version. In almost all version releases there are fixes for security issues. For more information on how to update Joomla to the latest version check out our Joomla Update Tutorial.
Keeping your Joomla extensions up-to-date is equally important for the security of your website. Actually, there are more attacks that utilize security issues in extensions than in the actual Joomla3 core files. For more information on how to keep your Joomla components, modules and plugins up-to-date, please refer to our tutorial on How to Update Joomla Extensions.
When hosted with SiteGround you can simply enable the Joomla Auto-Updatefeature so you can be sure your Joomla application is always up-to-date!
First, you should avoid using default user names like "admin" or "administrator". Those will be first in the list of words a potential attacker would try.
Next, it is important to have a strong password for your website. Many attackers try to brute-force your login details. This means that they use a list of commonly used passwords to guess yours. There are several tips that will help protect you against such attacks:
Another important part of having a secured Joomla3 website is to set the right permissions for your Joomla files and folders. We recommend that you follow these suggestions for your permissions:
For more information on how to change your files and folders permissions, please refer to our File Permissions Tutorial.
Using security extensions is another easy way to improve your Joomla website security. We have developed our own security extension (jHackGuard) that is free for download by anyone. Below you will find a list of the most popular Joomla security extensions:
When hosted with SiteGround jHackGuard will be automatically added to your Joomla installation so you won't have to worry about Joomla security! Check out our jHackGuard video to see more details.
It is essential to backup your Joomla3 site as often as possible. You should always keep a backup copy of your Joomla files and database on your local computer just in case something happens. For more information on the best Joomla backup practices, check out our tutorial on How to backup Joomla.
In case you loose your personal backups if you're hosted with SiteGround you can rely on our free daily backups!
You can greatly improve the security of your Joomla website if you restrict the access to your admin area. First, you can password protect the /administrator folder of your site. To do this, follow the instructions in our tutorial on How to Password Protect Folders. Once you protect your /administrator folder an additional password will be required in order to see the standard administrator login form.
Next, you can restrict the access to the /administrator directory only to your IP address. If there isn't a file named ".htaccess" in the /administrator directory, create one and upload it via FTP for example, otherwise, just add the following lines at the end of the .htaccess file:
Deny from ALLAllow from x.x.x.xNote that you need to replace x.x.x.x with your actual public IP address. To find out your address, you can use the What Is My IP website for example. To add multiple IPs, simply replicate the Allow from x.x.x.x command to a new line and change the address.
ImportantIf your Internet service provider is giving you a dynamic IP address, the IP restriction option might not be suitable for you because you'll have to edit the .htaccess file each time your IP changes.