I want to cover some basic security measures for folks using Joomla Websites. This article however applies to any content management system, which include most websites. Please also review my more general security post where I discuss vulnerabilities with sites like Facebook.

Why We Need To Be Careful

It is easy to say “well I’m not really worried if someone knows my login,” however this is really no longer in any way acceptable. Unfortunately as the internet grows, so do those with malicious motivations. There are various reasons somebody would try to achieve access to your website, one would be to harvest information that might lead them to greater treasures such as your username and password that might be the same as say your bank account? Or even if you are using a different username and password, somebody might gain access to the website through your account but then get the usernames and passwords of everyone else that has an account in your website, and somebody else might not be as careful as you. It is also possible to install malicious software on a website once access is obtained. This could turn your website into a spam generating machine or worse, which could have lasting consequences with the trust in your website or even organizational name.

Basic Security Measures

Create a username and password that is unique to your website, and change it periodically. Don’t forget the usual rules of adding some numbers, capital letters and special characters. There is software that will try all common words, so if you are using a word in the dictionary, or a common name, change it immediately.

Change the Admin login to a name different than ‘admin.’ This is the first login name that a malicious programmer will try to use. Note to our clients: We have changed all the admin accounts in our clients sites, please contact us for your new admin login; your own login name has not been changed, however you can do so at any time, if you have questions please contact us.

Be careful in public spaces and on public computers. There is software that can be installed that can track what you type, or your wireless signal can become compromised.

Create a backup routine. Make sure you have in place a tested backup routine including the backup of your mySQL database and your hosted files. This way if your site is attacked, you will be able to recover quickly and easily. Note to our clients: we are taking care of this for you, please contact us immediately if you suspect anything unusual about your website.

Advanced Security Measures

There are other levels of security that can be taken, if you are a client please contact us so we can discuss these measures, especially if you are regularly logging into your website from different computers or in public places, or if you just want to be extra careful. If you know of additional security measures, please add your comment.