Wordpress, Joomla and Drupal are three of the world’s most popular open-source content management systems. Though each one of them has special characteristics, Joomla has some distinct attributes which the other two lack. Joomla was the outcome of Mambo – an open source CMS project, Joomla is use to build dynamic websites and robust web applications. Worldwide some of the well-known brands including Danone, Harvard University, Barnes and Noble, Porsche use Joomla to power their websites. Though Joomla is stuffed with features, offers flexibility and scalability, it has its share of security concerns which need to be addressed so to make full use of this amazing open-source content management system. In the native form the risk of Joomla website getting hacked is high generally you will come across Joomla website filled with hidden malicious content that can be determinant to your data hence taking appropriate timely measure to ward off this vulnerability is paramount. Below are some of the reasons why your Joomla website gets hacked time and again.
Keeping hackers at a distance is not a rocket science but at the same time it should not be taken very lightly. Below are some of the common yet least understood reasons to why hackers sometimes become successful to hack Joomla websites. Have a look at below points and take necessary precaution to make you’re your Joomla website safe and secure.
1. Change the default database prefix (jos_)
Hackers are different breed they do all they can to hack websites and one of the most common way is to write code that will try to retrieve data from the jos_users table. This helps them to retrieve all the username and password from the super administrator of the website. To safeguard your website from such attack it is highly recommended to change the default prefix to random prefix.
2 Keep your Joomla version updated
This is quite obvious yet many of them don’t follow this simple and effective way to keep Joomla website hacker proof. Joomla CMS regularly releases its updated version by removing the existing bugs, and adding enhanced security features. Keeping your website up-to-date with the latest version can fix many of the vulnerability and keep your website safe. Though it is quite a task to keep on updating to the latest version when you have plenty of extensions like components, plugins, templates, modules and languages to upload but all the effort is worth to ensure the security of your website.
3. Change your .htaccess file
This is another weak point through which a hacker can gain control over your website. Joomla CMS by default has write permissions to .htaccess file since joomla has to constantly update it when you are using SEF or Search Engine Friendly url. Due to this your website becomes vulnerable for attacks so it is advisable for you to set your .htaccess permission to somewhat 444(r-r-r-) or maybe 440(r-r--) or something similar.
4. Get away with old extensions and Remove leftover files
No prize for guessing this one! Even though it is simple to take notice of yet many developers give it a miss and ultimately pay with their follies. Keep your extensions up-to-date, remove the old and unsupported extensions and find a suitable alternative to it. Many times it happens that you have installed an extension but due to some reason you don’t like it or it does not serve your purpose, what you do? Keep it unpublished, or let it be there forever? This is very close you can come in compromising your website. All you need to do is use a simple and harmless uninstall feature, get rid of those unwanted extensions and heave a sigh of relief.
5. Remove version number and name of extensions
You are a developer and you must know the ABC of Joomla security yet how many times you have slapped your hand to your head in dismay to know that you forgot to remove the version number and name of extension giving easy entry to hackers. It’s better late than never. If you have not done this do it right away.
6. Do not give write permission on your *.php files
This is another reason why hackers exploit your website. Giving write permission on your Joomla *.php files can be a very reason why Mr.Hacker visit your website and hack it effortlessly. You should always take an effort to set the permission of all you *.php to 444.
7. Do not give execute permission on public directories
We become so much engrossed with our creation that we forget something very basic and important to keep hackers at bay. One of these is giving execute permission on Public directories. These directories let users to upload their files and if the directories allow scripts to run and if that script turns out to a malicious then it becomes easier for hacker to get the website infected. Just give a permission of 766 on all public directories and reduce the chances of hacking your website.
8. Do not give all possible permission to the database users
After setting up the Joomla website it is important that a database user should not be given all the possible permissions like INSERT rows, UPDATE rows, DELETE rows, CREATE tables etc. Joomla database user should be given only necessary permission to keep the risk of hacking through vulnerable exploit to minimum.
9. Hacking through your vulnerable web-server
Developers and users are so much into the website development that they sometime overlook the real reason for their website hacking. They always go by rule book of Joomla website hacking, which does not mention that sometime going for cheap and unreliable web-hosting can be the reason. Just to save few dollars users sometimes opt for cheap web-hosting service provider and compromise on their website security. When all is said and done, this is very easy to solve all you need to do is change your web-hosting services provider and cheer up.
10. Thinking you are invincible
Even though you have taken all the precautionary measures to secure your website it is very important to keep in mind that hackers around the world are coming out with new ways to hack websites. Whether you are a small business or a large multi-billion dollar conglomerate you are never safe unless and until you make these measures as your routine exercise. Hackers are lurking everywhere finding vulnerability to the websites to hack it. Your crucial data, financial details and private information will be in peril if we don’t give heed to the wisdom of Joomla website security. As the age old proverb goes, “Prevention is always better than cure” still hold true today, tomorrow and forever.