5 Common Security Issues with Joomla

Security should be your number one priority when developing any site.  Not only do you risk jeopardizing your own information, you could possible jeopardize any of your clients’ or subscribers’ information as well.  Joomla users tend to experience security issues on the hosting site, but more often than not, most of these issues can be fixed by users taking the proper precautions and steps in tightening their security.  Here are 5 common security issues that Joomla users experience and how they can fix them.

#1 Weak Administrator Passwords

passwordsecurity_627686It seems like a password 101 issue that only technology rookies would make, but you will be surprised how many people still use weak, easy passwords to safeguard even the most sensitive information. The best way to get your site hack is to use a week username and password.  Many people have to work hours just to administer damage control, such as saving or retrieving as much information as possible, undoing any changes made by the hacker, and rebuilding your security system to ensure that the hacking incident doesn’t happen again.  To create a good username, you would need the following:

  • At least 6 characters using numbers, digits, caps, and symbol
  • Remember that it must be difficult to guess, but you are still able to remember it.

To create a good password, you would need the following:

  • Between 10 and 20 characters
  • Upper case and lower case letters
  • Numbers
  • Symbols

Do not use birthdays, social security numbers, children’s names or anything that would be easy to guess or dangerous to use for your password or username.

#2 Not Keeping Joomla Core Files Up to Date

joomla1_5Systems are being update for various reasons, mostly for functionality and security.  It is important not to miss an update, because that update could save you from a new virus.  Make sure you receive notifications for when a new update is available.

#3 Trusting 3rd Party Plugins and Extensions

Not all 3rd party extensions are bad, but not all are good either.  When using a 3rd party extension, you want to make sure that you are using one from a company that is well known and reputed.  If you want to use an extension from a not so well known company, then make sure to read reviews, get a second opinion, and limit installations as much as possible.  Third party extensions have the potential to give your site bugs, affect your security system, and become an overall hassle.

#4 Joomla Allowing Uploads Without Restrictions

This is dangerous.  Allowing uploads from any users or files is the best way for your site to get hacked, and the cleanup process is stressful.  Make sure to set restrictions on file types and sizes.  Also, utilize coding in your ‘.htaccess’ file to detect common exploit terms.

#5 Using No Security Measures at All

This is the most dangerous thing anyone building a website can do.  You’re leaving your site and any information it is storing vulnerable to hackers.  Make hard, but memorable usernames and passwords, install a Risk-Cubes-1database prefix, set upload limits, block certain terms in URLs, etc.  Taking the most basic steps can save you a world of trouble, but you should not stop there.  Run a security audit and see where you site’s weakest points are.  You can then remedy the problem and save yourself a lot of money in the long run.  You can also hire a professional who knows are the measures that need to be taken to secure your site.  Spend some money in the short run, so you can save a lot of money in the long run.

I love the web. I have been obsessed with it since dial-up. How do people create this site? How can such a space contain all this information? How is it possible I can connect with so many people globally? It was a fascinating time. I was obsessed. I would look up anything and everything on the web.

Leave a Reply

Your email address will not be published. Required fields are marked *