Measures to prevent hacking in Joomla sites
The following measures can be followed to prevent hacking for Joomla sites:
-
The most important factor in preventing sites being hacked is always to ensure you are up to date with all the latest releases, not only of Joomla! itself but also all the components, modules and plugins you may be using.
-
Sign up to the Joomla Mailing List to hear when new releases come out and other important security announcements.
-
Ensure you take basic precautions including
-
Rename your default administrator account (admin) to something harder to guess
-
If you're setting up an FTP account for the ftp layer, grant it permission only to the folder it needs (where your Joomla! installation is) and not to your entire site root.
-
Use JSecure's plugin to "hide" your administrator back-end - this plugin only allows access if you know the "keyword" to append to the site URL.
-
Only give out Super Administrator rights to people who definitely need it - if you have to give it out to a developer to faultfind ensure you're around to watch and be sure you're aware what is being done - and disable it as soon as the work is done!.
-
Regularly back up your files & database.
