Is your Joomla website secure?
There is a sad reality out there, Hackers Hack. I often wonder why hackers do the things they do. It just doesn't make sense for them to take down a small business site that isn't doing any harm to anyone but the sad thing is that they do, especially if the business is running a modern CMS website like Joomla.
So Why Does This Happen? Here are the top reasons.
Top Reason #1
Let's talk security, the number one reason hackers gain access to a website is due to usernames and passwords.
Here is a hint: Always change the Admin username to something else!
If you keep the standard default username as Admin, you are making it easy for hackers since they will already know your username.
Here is another hint: Make your passwords un-hackable!
Too many times I see people using simple passwords that do not contain capitals, numbers or symbols so they won't forget the password in the future. They will use simple passwords, like there kid's name or dog's name etc. This is not a good thing to do, although it may be simpler for you, it is really simple for a hacker to figure out as well.
A more secure or un-hackable password should be at least 8-10 characters in length, including a capital letter, numbers and a symbol. (Also, if using a word make sure that the word used can't be found in the English dictionary.)
Will this stop the hackers? Well, not necessarily but it will certainly slow them down.
Top Reason #2
Websites are not being upgraded with the most current security patches.
This is a big reason, and can easily be avoided in CMS applications like Joomla. Open Source programs are huge security issues if they are running in older versions that are no longer supported or if they are not being upgraded with the latest security patches.
With today's CMS programs, it is your responsibility to make sure you are always running in the most current supported version. If you don't know how to make sure you are doing this, hire someone that can help.
If you are running an unsupported version, you are taking a huge chance since an unsupported version is highly vulnerable to hacking.
This is especially important for the Joomla CMS program. Support for version 1.5 & 2.5 was discontinued. I still see many websites in this version out there and I highly advise that they upgrade to the most current supported version 3.4.4.
Top Reason #3
People are installing vulnerable extensions to their sites.
There are thousands of extensions you can install on a Joomla site and newbies tend to install all sorts of extensions for fun but be aware, extensions you install should be carefully chosen to ensure that they are not vulnerable.
When installing an extension, check the vulnerabilities list and read the comments. Also, my advise is to you is to run with as few of extensions as you can to keep your site healthy and updated at all times.
Recommended Joomla security extensions
I have found three essential security extensions that I believe should be installed on every Joomla site as a security measure. Please note: If you are running an unsupported version of Joomla like 1.0 or 1.5 you must upgrade before you can use these security extensions.)
My Top Security Extensions
This is a component and a plugin that hides the administration login and replaces it with a secret key. Even though you may have added the Bye Bye Generator, if your site is running a Joomla website, hackers know all they have to do is type in your domain with a /administrator and that will allow them to go to your back-end login area.
What JSecure does is stop that from occurring and what you do is create a secret key that only you are aware of. As a result your admin login area will be replace with /administrator/?Secretkey
Although this isn't a security extension, this is an essential component that allows you to take a full backup of your site anytime you need to. It is so important that you always have a current backup of your site so if something does happen, you can quickly restore your site.
When should you do a backup? Every time you make a change. It's as simple as that.
Need More Information?
If you need any help with your security, I'd be happy to help. Please feel free to call me at 780-963-5501.