15
Security in Joomla! Ruth Cheesley Suffolk Computer Services ruth@suffolkcomputerservi ces.co.uk

Joomla Security

Tags:

Embed Size (px)

DESCRIPTION

Ruth's Presentation on Joomla! Security

Citation preview

Page 1: Joomla Security

Security in Joomla!

Ruth CheesleySuffolk Computer Services

[email protected]

Page 2: Joomla Security

Security in Joomla

• What do we mean by “security”?

• Why bother?

• What can I do to keep my sites secure?

Page 3: Joomla Security
Page 4: Joomla Security

A balancing act?

Page 5: Joomla Security

What is Security?

• Authorised Access to data & files

• Prevention of malicious attacks & unauthorised access via

–SQL/Command Injection–Insecure passwords–OS vulnerabilities–Software vulnerabilities–Buffer Overflow–ETC!

Page 6: Joomla Security

Why Bother?

Page 7: Joomla Security

Legal issues

• Data Protection Act 1998– Anyone who processes your information must

comply with 8 principles, including • Data must be kept securely

• Heavy penalties for not taking appropriate measures to safeguard your data

• No test cases for Joomla! sites yet.....

Page 8: Joomla Security

Professionalism

• Embarrassing and harmful to organisations’ image

• The “Fear Factor”

Page 9: Joomla Security

Why target Joomla?

• Very popular Content Management System

• Lots of “inexperienced” users

• Lots of less-than-ideal security practices server-side

Page 10: Joomla Security

How to keep my sites secure?• ALWAYS get your installation files direct from

Joomla.org

• Use reputable hosting providers – make sure all PHP settings are “Green”

• ALWAYS check vulnerability list before installing extensions (esp. obscure ones!)

• ALWAYS keep up to date with patches for Joomla and for ALL extensions (use mailing lists, etc)

Page 11: Joomla Security

Finding a reliable host• Consider your requirements

• Shared v Dedicated Hosting

• Patching of servers (should be on PHP 5 & mySQL 5 at least

• Backup & redundancy

• Customer support 24/7 is VITAL

Page 12: Joomla Security

THOU SHALT BACK UP!

• Backups made as frequently as your site requires

• Back up files AND database OFF SITE

• ALWAYS back up prior to any upgrade – of ANYTHING!

Page 13: Joomla Security

What to do now?

• Create a new Super Administrator & delete original one (id 62)

• Hide your administrator URL (jSecure)

• Change your default admin username

• Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin)

Page 14: Joomla Security

Must Read

• Security Checklist - http://docs.joomla.org/Security_Checklist_1_-_Getting_Started

• Joomla Security News - http://developer.joomla.org/security/news.html (subscribe at http://developer.joomla.org/security/news.html)

Page 15: Joomla Security

Tools to help

• jSecure – hides your administrator page http://www.joomlaserviceprovider.com/

• LazyBackup 2 – emails a daily mysql dump http://www.lazybackup.net/

• EasySpamKiller – protects your site against attacks from known IP’s http://projects.easy-joomla.org/projects/easyspamkiller.html


Joomla! World Conference 2016: Dre Armeda - The Gentle Art of Website Security

Joomla! World Conference 2016: Dre Armeda - The Gentle Art of Website Security

Internet
Joomla Security Expert Session - Onderhoud & monitoring

Joomla Security Expert Session - Onderhoud & monitoring

Technology
Joomla! security 101

Joomla! security 101

Documents
Tom Canavan Joomla Security and Disaster Recovery

Tom Canavan Joomla Security and Disaster Recovery

Technology
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Technology
Publish Joomla! Articles · Publish Joomla! Articles - Publish Joomla! Article 20 January, 2020 Install Joomla! Locally Before you can publish model contents as Joomla! Articles,

Publish Joomla! Articles · Publish Joomla! Articles - Publish Joomla! Article 20 January, 2020 Install Joomla! Locally Before you can publish model contents as Joomla! Articles,

Documents
Joomla! and security in today's world

Joomla! and security in today's world

Technology
Joomla 1, Joomla 2, Joomla 3 (Joomla Versions Explained)

Joomla 1, Joomla 2, Joomla 3 (Joomla Versions Explained)

Technology
Tour of sh404SEF - SEO and security for Joomla

Tour of sh404SEF - SEO and security for Joomla

Technology
Joomla Development Company | Joomla Development India |

Joomla Development Company | Joomla Development India |

Technology
Upgrade Joomla 2.5 to Joomla 3.x

Upgrade Joomla 2.5 to Joomla 3.x

Services
Joomla Security Expert Session - Veilige server

Joomla Security Expert Session - Veilige server

Technology
Joomla basic-i introduction-to-joomla-cms

Joomla basic-i introduction-to-joomla-cms

Education
Making Joomla Insecure - Explaining security by breaking it

Making Joomla Insecure - Explaining security by breaking it

Technology
Joomla! Security Presentation - Joomladagen 2010

Joomla! Security Presentation - Joomladagen 2010

Documents
Joomla Tutorial: Joomla 2.5 a first look

Joomla Tutorial: Joomla 2.5 a first look

Education
Joomla The Basics for Joomla 3

Joomla The Basics for Joomla 3

Education
Joomla Security Expert Session - Hacker technieken

Joomla Security Expert Session - Hacker technieken

Technology
Joomla basic-i joomla-installation

Joomla basic-i joomla-installation

Education
Joomla Web Development Services-Hire Joomla Experts

Joomla Web Development Services-Hire Joomla Experts

Technology
Joomla! 1.5 Installation Manualsheepsqueezers.com/media/documentation/joomla/joomla15_install… · Joomla! 1.5 Installation Manual Author: Andy Wallace Joomla! User Documentation

Joomla! 1.5 Installation Manualsheepsqueezers.com/media/documentation/joomla/joomla15_install… · Joomla! 1.5 Installation Manual Author: Andy Wallace Joomla! User Documentation

Documents
Joomla! ACL - Joomla!Day Germany

Joomla! ACL - Joomla!Day Germany

Documents
Joomla! security

Joomla! security

Technology
Publish Joomla! Articles...Publish Joomla! Articles - Publish to Joomla! 27 August, 2020 Install Joomla! Locally Before you can publish model contents as Joomla! Articles, you must

Publish Joomla! Articles...Publish Joomla! Articles - Publish to Joomla! 27 August, 2020 Install Joomla! Locally Before you can publish model contents as Joomla! Articles, you must

Documents
Joomla security nuggets

Joomla security nuggets

Documents
Joomla! Volunteers Portal @ Joomla World Conference 2013

Joomla! Volunteers Portal @ Joomla World Conference 2013

Technology
Joomla on Azure Module 3 Joomla as a Service mit Azure Websites & MySQL ...download.microsoft.com/.../03-Joomla-on-Azure.pdf · Joomla! Joomla! is an award-winning content management

Joomla on Azure Module 3 Joomla as a Service mit Azure Websites & MySQL ...download.microsoft.com/.../03-Joomla-on-Azure.pdf · Joomla! Joomla! is an award-winning content management

Documents
Upgrading Joomla 2.5 to Joomla 3

Upgrading Joomla 2.5 to Joomla 3

Internet
JMS MULTISITE for joomla!tutorial.jms2win.com › joomla › multisite-12x › joomla... · Joomla Day Mallorca 9th and 10th april 2010 JMS MULTISITE for joomla! Extends joomla! with

JMS MULTISITE for joomla!tutorial.jms2win.com › joomla › multisite-12x › joomla... · Joomla Day Mallorca 9th and 10th april 2010 JMS MULTISITE for joomla! Extends joomla! with

Documents
Joomla! User Manual for 1.0 - DITdit.upm.es/joomla/figures/joomla_user_manual_v101_102106.pdf · Joomla! 1.0.11 User Manual 2 Version 1.0.1. Joomla! User Manual Joomla! V1.0.11 21

Joomla! User Manual for 1.0 - DITdit.upm.es/joomla/figures/joomla_user_manual_v101_102106.pdf · Joomla! 1.0.11 User Manual 2 Version 1.0.1. Joomla! User Manual Joomla! V1.0.11 21

Documents