Securing a Joomla Site

Realizing the dangers and designing strategies that most users usually do isn’t enough always. It is also necessary to educate yourself with detailed techniques of securing your Joomla Website. Though the best and a highly recommended practice is to keep the Joomla version and patches updated with the latest releases.

In the following article, we would take you through certain steps that would help you enhance your Joomla Website’s Security.

Content :

• Changing the admin username of Joomla
• Changing the default table prefix of Joomla database
• Protecting the Joomla Admin area Password
• Updating your Joomla Installation
• Using .htaccess file for enhancing your Joomla Website Security

Steps for changing the Admin username of your Joomla website

In a default scenario, the administrator username is ‘admin’. Most of the Joomla website owners would never change their administrative login username, this serves as a free meal to hackers. Making amendments to the admin username can help keeping your site protected from individuals who have destructive ideas when accessing your website.

The following procedure explains you about How to change your Joomla websites Administrator default Username :

Step I – You must get yourself logged in to your Joomla administrator area, then go to the User Manager menu.

Step II – Look for the administrator user and proceed with editing it. You have two options to go about doing it, (a) Check the box besides the username and click “Edit” OR (b) Simply clicking the user name

Step III – Going further you must amend the Username field. You might want to change it to anything of your choice, apart from “admin”, “administrator” etc. Once done, you must Save the changes by clicking Save.

There is another procedure to change it via. the Joomla database. The following steps would help you with that :

Step I – Go to the phpMyAdmin within your cPanel control panel and select the appropriate Joomla database.

Step II – Choose jos_users table listed in the left sidebar. Hit the Browse button for editing the rows.

Step III – Look for a line with the “admin” username, there you should be able to view an icon of a pen, you must click that and proceed with editing it.

Step IV – Replace the default value in the username field ie. “admin” to a different value of your choice. A combination of upper and lower cases in this field can make it more unique and easy to judge.

Step V – Upon completion of these steps, simply hit the “Go” tab located at the bottom.

Having done that, you should try and login using the changed Username.

Steps for Changing the default table prefix of Joomla database

Making changes to the default table prefix would help you avoid hacking and attack attempts made on your database. Using the DB Admin component can help you serve the purpose.

Step I – You must first of all Install the DB Admin component by : Components > DB Admin

Step II – Using the intuitive interface, you must replace the default “jos_” prefix of the tables with any other value of your choice.

Step III – You must now proceed with modifying the configuration.php file located in the main Joomla folder of your website. You must try and look for the below line :

var $dbprefix = ‘jos_’;

You must amend it with a corresponding new table prefix that you have set. For eg. you have replaced the jos_ prefix with stnl_ within the configuration.php file then it would look as following :

var $dbprefix = ‘stnl_’;

This completes the procedure of changing the default table prefix of your Joomla database.

Protecting the Joomla Admin area Password

As a measure of additional security, you must password protect your website’s administrator folder.

For that you must choose the Password Protect Directories option found on the main page of your websites cPanel control panel. You would be shown a list of directories present in your account.

You must choose the directory to which you intend to offer a limited access. Now, on a new page, you must create a username and password for the user. Choose the name that would appear on the login screen, then click Save tab for activating the protection.

It is recommended to use a username and password for the website which is different than that of your Joomla application.

Upon doing this, you would be asked to to login twice. Initially for accessing the login page of Joomla , then for logging in the application itself.

This avoids the hacker from finding your password, hence keeping your site safe from destruction. If at-all someone does get it correct and reaches your Joomla script, s/he would not be able to get an access to your administrator area.

Keeping your site updated with the latest version

Keeping your webiste updated with the latest release of Joomla versions and patches reduces half of your work of securing your site. For every website created using Joomla CMS, you would be alerted about the latest release of upgrades.

But before proceeding with the upgrades, it is very important to take backup of your Joomla Website. Check the following to learn more about Steps to Back Up Joomla Web Site

Using .htaccess file for enhancing your Joomla Website Security

You are expected to make amendments to the .htaccess file located in the Joomla directory:

1. It may be possible that you do not have .htaccess file within your Joomla folder, in that case you must proceed with renaming the htaccess.txt file that is available with the Joomla installation package to .htaccess.For doing it, the File Manager utility within the cPanel can be used. Also, with this you would be able to enable the SEF functionality for your Joomla application. The rules included in it would restrict most of the known attacks against your website.
2. Furthermore, you must get assured about the PHP version that is installed on your server, it should ideally be 5.2 or higher.
3. You must now, restrict the access to every file other that the index.php and index2.php.

Related Posts:

• No Related Posts