It's Saturday - what a day to visit jfoobar!
Joomla! Security, let's get started!
Written by Wilco Jansen Tuesday, 25 November 2008 00:00
In the Joomla! Security and unsafe Sex article we promised to do a series of articles related to Joomla! Security, in this article we will start the series. During my presentation about security at the Swiss Joomla!Day I explained that you don't need a super hero like Iron Man to make your Joomla! site save, but just common sense and a bit of patience (yes you need to study this topic a bit).
As basic foundation for this series of articles we will use the Joomla! security check-list that is available on the Joomla! Documentation wiki. We will not only handle a the Joomla! security check-list, there where needed we will go into more detail to give a better understanding on the topics we want to cover.
At Jfoobar we try to create blogs that are not too long and easy to read. The security topic will be spread out of a number of blog posts that we will try to post on a very regular basis.
Disclaimer: following the hints in this series of articles will help you improve web security. There is no best way to approach this topic, as we will explain. Keep in mind that following the descriptions in this series of articles will surely improve the security of you website, but in now way we can be responsible for the content of the articles.
We don't know how many articles we will write, but let's just start with the first article. This will be a fairly simple description of things to start with, basically we strongly advise you to take at least 2 precautions when you start with a Joomla! site.
- Backup Early and Often: For me personally a real open door...a backup is crucial for recovery. Not only when you site has been hacked, also when something gets broken or worst case, the server crashes and you have to recover. After making an initial set-up, test if you can recover. It is fairly easy to recover a full Joomla! installation, so perform this at least once but preferable on a regular basis. This one step ensures that you can always recover from any problem. As said, this sound like something very obvious, you will be surprised how many people still think that they can rely on their hoster. I cannot hammer this one out often enough, backup on a regular basis and test it. This also is an important criteria when you select a hoster, make sure that your hoster has descent backup and recovery tools!
- Update Early and Often: Also something obvious, but certainly not something to forget. Update your server to the latest stable version of Joomla! and don't forget to update ANY installed third-party extensions. We often see reports of sites hacked, and 99% of the times this is due to outdated versions of extensions. In an upcoming blog about security we will explain the things to keep in mind when updating your site, for now get used to this statement: update, update, update! This one step ensures that your site is protected from all new vulnerabilities as soon as a fix is released, and from all new attacks methods as soon as a defence is developed.
As mentioned before, site security is a serious matter and takes some time and effort. If you're not familiar with web security, we suggest you make time to study it. Like said in the security check-list...there is no free lunch! In these blogs we only can give you limited information, a full training course would take at least 2 days for professional users to understand all steps. We advise you to read as much as you can on this topic, below you will find some links for additional information:
- Joomla! security checklist. Great piece of information, read it and these blogs will seem very familiar to you ;-)
- Security and performance FAQ holds a lot of interesting information on security and performance. Go there and read what the most common issues and solutions are.
- Absolute Beginners Guide to Joomla! This section is a must read for newcomers of Joomla! Even those who have some experience with Joomla! are advised to go there.
- To stay informed about security updated of the Joomla! core code, just get a subscription to the Automatic Email Notification or add an RSS feed to your reader.
To end this blog...keep in mind that the security measurement described here also apply to other PHP web solutions, even when you have written your own website in PHP. The next security blog will follow the security check-list, so next on our list is "Hosting and Server set-up".
About the author Wilco Jansen
Wilco was born in 1967 in the Netherlands where he still lives. After years of being a programmer Wilco has worked as project manager and IT manager. Discovered Joomla! when he was creating his own content management system, and never lost focus after then. Joined core team as development coordinator in September 2006 just helping to make Joomla! even better then it is already. Wilco has been deeply involved in the Joomla project as Google summer of code program manager 2006, 2007 and 2008 editions, co-organizer of the Google Highly Participation contest in 2008, first ever development coordinator, creator of the Joomla bug squad, member of the board of Open source matters, regular speaker on world wide conference advocating Joomla and much, much more. Wilco has a bachelor degree in business and information engineering and studied knowledge and information engineering at the Middlesex University in London.
More about Wilco JansenLike it? Share it!
bookmark.it
del.icio.us
digg
furl
blinkllist
reddit
feedmelinks
technorati
yahoo
rawsugar
netvouz
rojo
shadows
gabbr
dzone
newsvine
ma.gnolia
stumbleupon
google
squidoo
spurl
blinkbits
blogmarks
bloglines
co.mments
scuttle
ask
slashdot
There are 0 comments posted.
Blogging team
We have a team that works on the blogs presented on this site. Below you will find all present members who are actively working on blogs on this site.
- Amy Stephen
- Angie Radtke
- Anthony Ferrara
- Antonie de Wilde
- Arno Zijlstra
- Ian Maclennan
- Robin Muilwijk
- Wilco Jansen
Please contact us if you are interested in helping us out with the creation of the blogs.
Post translations
jfoobar has readers from all over the world and in many languages. If you create a translation of one of our posts and link to it than please let us know so we can add a link back to the translation at the original post.
JFoobar friends on Twitter
Sponsored Links
Latest Comments
- roshan wrote:
- 2009-06-22 13:25:39 - Hi Can a user just registered only using email .
- Posted in Plugin - Joom .
- Patrick wrote:
- 2009-06-21 10:22:24 - Hi there, thanks for the nice plugin, very muc .
- Posted in Plugin - Joom .
- Forex Rates wrote:
- 2009-06-20 17:59:53 - This structure is very easy to understand where .
- Posted in The Art of Jo .
- Moblie prices wrote:
- 2009-06-20 17:57:12 - Pakistan is biggest user's country of joomla am .
- Posted in Upcoming Joom .
- DigiGirl wrote:
- 2009-06-19 11:56:26 - Wow, this component is really great! :-) It wor .
- Posted in Component - P .
- Marcos wrote:
- 2009-06-19 11:52:39 - Thank you for sharing this Arno, been watching .
- Posted in New labs item .