by | 17 Jan 2017

7 tips to make your Joomla site more secure

As CEO of OZON, I’m continuously reading reports on security matters in order to improve our cybersecurity solutions, and looking for tips you can quickly put in place to secure your eCommerce site. This time, I was reading a Sucuri research, revealing that Joomla is the second largest CMS downloaded (68 million times), and the second infected website platform. In the light of such figures, I decided to write you down some tips to scare off hackers and fraudsters. Most of the Joomla websites are hacked due to misconfiguration and vulnerable code. The following 7 tips will help to boost your Joomla security.

1# Never use your Joomla admin password for anything else

Your Joomla Admin password should be 100% unique, you should never use the same password you do with other sites. Too often, a hacker will get access to your usual password and use it to hack your Joomla site. Don’t let this happen to you.

To check how secure your password is and how long it takes to crack it, try this:

2# Require HTTPS/SSL for your Joomla login pages

Without an encrypted connection, every time you use your username and password, you run the risk of it being intercepted by a hacker. Read more on risks and how to enhance your consumer confidence with HTTPS/SSL. You should enable HTTPS/SSL on your Joomla to avoid these risks.

As HTTPS security must not be an unaffordable luxury, we have decided to automatically deliver a free SSL/TLS certificate for every site you are securing with OZON. In a matter of minutes, with no technical or administrative constraints, your website will benefit from a state of the art HTTPS security that we always maintain a high level of security over time.

3# Make sure that your Joomla and extensions are upgraded to the latest version

It is quite important to keep your Joomla updated and patched. This may seem obvious but it’s an important reminder! When was your last update? Indeed, it is important to note that a new version of Joomla can provide security updates in addition to fixes and new features.

Review vulnerable extension list provided by Joomla and update the outdated extension. Review the change log each time Joomla release and upgrade if you see any critical fixes.

#4 Sign up for Joomla security notifications

Joomla has two email notification services that notify list members when a vulnerability is discovered in the Joomla core or when an extension has been discovered to have a vulnerability (having a list of extensions installed on your site makes it easy to check if a vulnerable extension is one you have installed. ). To subscribe to the RSS flow:

5# Only use trusted Joomla extensions

Generally, third party software provides additional security risks. Sometimes sites are hacked through insecure third party software. So you should install only add-ons and modules that you need and are useful for your store. If there are any modules that you don’t use and need any more, you should uninstall them. It only takes one vulnerability in one extension to provide a hacker complete access and control over your website. Please use only trusted Joomla extensions and be sure to update it regularly.

6# Make sure to backup your Joomla regularly

Many hosts provide automatic backups. This is great, but it’s a good idea to maintain your own backups as well to create some redundancy for failures. The backup tool that we recommend is Akeeba. Akeeba Backup Core is the most widely used open-source backup component for the Joomla. If your host does not provide backups or you’d like redundancy, install Akeeba and configure it to backup regularly to an off-site location (Dropbox is an easy backup to set up for most people.)

7# Assess your Joomla website and use a web application firewall

We learned a lot in this article about how to increase your security level. There are lots you can do to protect your Joomla. But there is always a way that a determined attacker can find a flaw with your security. Hopefully, there is a good online tool from OZON to assess your Joomla site risk level for free. At the end of the test, you will see the security report and be able to patch it.  This 360 cybersecurity solution makes your online shop really secure and safe from sophisticated cyberattacks. Web Application Firewall (WAF) is essential for any website to protect from top OWASP 10 security, known vulnerabilities & malware. Using WAF will help you from following:

  • Bot protection
  • Login protection
  • Backdoor protection
  • DDoS protection
  • SQL injection
  • XSS attack
  • Joomla specific vulnerabilities
  • Brute force attack
  • Layer 7 DDoS protection
  • And much more…