Embed Size (px)
Ruth's Presentation on Joomla! Security
Text of Joomla Security
- 1. Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
2. Security in Joomla
- What do we mean by security?
- What can I do to keep my sites secure?
3. 4. A balancing act? 5. What is Security?
- Authorised Access to data & files
- Prevention of malicious attacks & unauthorised access via
6. Why Bother? 7. Legal issues
- Anyone who processes your information must comply with 8 principles, including
- Data must be kept securely
- Heavy penalties for not taking appropriate measures to safeguard your data
- No test cases for Joomla! sites yet.....
- Embarrassing and harmful to organisations image
9. Why target Joomla?
- Very popular Content Management System
- Lots of inexperienced users
- Lots of less-than-ideal security practices server-side
10. How to keep my sites secure?
- ALWAYS get your installation files direct from Joomla.org
- Use reputable hosting providers make sure all PHP settings areGreen
- ALWAYS check vulnerability list before installing extensions (esp. obscure ones!)
- ALWAYS keep up to date with patches for Joomla and forALLextensions (use mailing lists, etc)
11. Finding a reliable host
- Consider your requirements
- Shared v Dedicated Hosting
- Patching of servers (should be on PHP 5 & mySQL 5 at least
- Customer support 24/7 isVITAL
12. THOU SHALT BACK UP!
- Backups made as frequently as your site requires
- Back up files AND databaseOFF SITE
- ALWAYS back up prior to any upgrade of ANYTHING!
13. What to do now?
- Create a new Super Administrator & delete original one (id 62)
- Hide your administrator URL (jSecure)
- Change your default admin username
- Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin)
14. Must Read
- Security Checklist -http://docs.joomla.org/Security_Checklist_1_-_Getting_Started
- Joomla Security News -http://developer.joomla.org/security/news.html (subscribe athttp://developer.joomla.org/security/news.html )
15. Tools to help
- jSecure hides your administrator pagehttp://www.joomlaserviceprovider.com/
- LazyBackup 2 emails a daily mysql dumphttp://www.lazybackup.net/
- EasySpamKiller protects your site against attacks from known IPshttp://projects.easy-joomla.org/projects/easyspamkiller.html