A Few Basic Security Rules for Joomla Website

If a person follows these few simple rules the majority of site hacks will not happen.

1.) Use a decent hosting provider. Cheap is not necessarily bad, and expensive is not necessarily good. Do your research. Take a few minutes to search for and read comments and reviews left by other users.

2.) If you don't need it for your sites functionality then don't install it. If you do need it for your sites functionality, take a few minutes to search for and read comments and reviews left by other users of that software to make sure you’re not getting more than you bargained for by installing the software.

3.) If you installed it then keep it updated. The hackers are constantly looking for outdated, security compromised software to exploit. Save yourself a lot of work, and don't become a statistic, update!!

4.) If you no longer need it for your sites functionality, then remove it. This includes any files that may be left behind after uninstalling extensions. It is easy to forget about things no longer in use. Remove those things before a hacker finds them for you! You can always reinstall it if needed later.

5.) Back it up and test those backups to make sure they work properly before you need them, not when you need to depend on one.

6.) Avoid updating software on your laptop or other mobile device while you are using a wired or wireless network that is untrusted and public. This means those free (and paid) Wi-Fi networks like those that are available in hotels, and coffee shops, public libraries and so on. Also avoid updating software using a tethered connection through your smart phone. Many laptops, phones and other mobile devices will automatically switch over to available Wi-Fi networks if the 3G/4G signal dies. Malicious software could be downloaded while using such untrusted networks and connections and infect your laptop or mobile device (tablet) and thus infecting your website(s) or stealing passwords used for website access.

Yes, there are many things one can add, but they pretty much all fit into these few rules.

If your not willing to follow these few rules, then hire someone who will follow these rules. Everyone will be happier in the long run.

Author : PhilD
Source : forum.joomla.org

More reference :
http://developer.joomla.org/security.html
http://docs.joomla.org/Security

10 Tips to Secure Your Joomla Site

Joomla is undoubtedly one of the best CMS available in the market. As more and more websites have started using Joomla, its important that the site is configured properly to prevent any security compromises. I have compiled 10 security tips to secure your joomla website.

1. Proper Hosting Environment

A properly configured server is highly recommended for your joomla website. Host your site on a server that runs PHP in CGI mode with su_php. This means that PHP runs under your own account user instead of the global Apache user and you don’t need to set insecure global permissions like CHMOD of 777.

a. Set register_globals OFF
b. Disable allow_url_fopen
c. Adjust the magic_quotes_gpc directive as needed for your site. The recommended setting for Joomla! 1.0.x is ON to protect against poorly-written extensions. Joomla! 1.5 ignores this setting and works fine either way.
d. Don’t use PHP safe_mode

2. Change the Default Database Prefix (jos_)

While installation, change the default database prefix to something random. This will prevent most of the SQL injection attacks as hackers try to retrive superadmin details from jos_users table.

3. Disable FTP Layer

While installation, dont enable the FTP layer as it opens up a potential security hole since your FTP details are stored in plain text under a Joomla! configuration file. FTP layer is not required if your hosting is secured and configured properly for Joomla.

4. Change superadministrator username

After installation, change the username for the super-administrator. By default, its admin. So change it something like ravi.chamria so that the username/password combination becomes difficult to guess or crack.

5. Strong password

Always use strong password for the administrator accounts. An example of strong password is E@^M!$<9@k. You can use sites like www.strongpasswordgenerator.com to generate a strong password.

A good addition is to password protect the administrator folder. In apache web server, you can do this htaccess file or in cpanel, you can use Password Protected Directory option to setup a password. This will add another layer of username/password before someone reaches your Joomla admin details. Needless to say, have this password different from Joomla admin password.

6. Enable SEF URLs

Most hackers use the Google inurl: command to search for a vulnerable exploit. So enable SEF urls from site configuration if you are using Joomla 1.5. You can also use extensions like SH404SEF for both Joomla 1.0 and Joomla 1.5. This will prevent hackers from finding the exploits as well as benefit you in SEO perspective.

7. Upgrade to latest release of Joomla

Always upgrade to the latest release of Joomla as soon as possible. Always download Joomla! from official sites, such as the Joomla! Forge, and check the MD5 hash

8 Third party extensions

There are more than 4000 extensions available for Joomla many of which are non-commercial. But dont take this as an opportunity to install unnecessary extensions on your website. Remember that most hacking attempts occur due to vulnerability in these extensions. So, always use extensions which are popular, has strong community backing and development process.

9. Proper file/folder permissions

The proper file/folder permissions for your joomla website is:

* PHP files: 644
* Config files: 666
* Other folders: 755

You can CHMOD the files and folders using your FTP client.

10. Setup a backup and recovery process

Always rely on a strong backup and recovery protocol for your live website. Its not just hacking that may compromise your website but other factors like a faulty upgrade or extension install, hardware failure, hosting provider issues. You can use JoomlaPack, a non-commercial component native for both Joomla 1.0 and 1.5 for backup.

Source : http://blog.joomla.in/

Secure Your Joomla Before They Are Hacked

I have some tips to secure your Joomla website.


* Follow the Joomla Administrator's Security Checklist
The guys at joomla.org have put together a Joomla Administrator's Security Checklist - use it and secure your Joomla site as much as possible using the guidelines.

* Install the jSecure Authentication plugin
Every Joomla back-end has the same URL. If you install a security plugin, you can add a suffix to your back-end URL to make it look like this: http://www.yoursite.com/administrator?helloworld
If the URL is not entered with a correct suffix, the site will redirect to a 404 (not found) page. Change the suffix regularly. The plug-in is $4.99 and it's worth it!
Buy and download the jSecure Authentication plugin here

* Don't use the jos_ prefix
The standard prefix for Joomla tables are jos_. However, many security exploits rely on your database tables being called jos_XXXXXX.
By simply using your own prefix you would have been protected from these exploits.
It should also be unique for every site.
Read more about this over at the blog of Brian Teeman.

* Change your admin user
The default ID for the admin user in Joomla is always 62, and this may be used by a hacker. To avoid this, do the following:

# Create a new super-administrator with another user name and a strong password
# Log out and in again as this new user
# Change the original admin user to a manager and save (you are not allowed to delete a super-administrator).
# Now, delete the original admin user (user ID 62).

* Create a unique passwords from a combination of upper- and lowercase letters, numbers and symbols. For instance WsHc3_#7
Use an Online Password Generator to make the process easier.

* Change your username and password often At least every 3 months.

* Don't use the root user in mySQL as the user of your database
You should always create a new database user when installing a new site, and give rights to the new database only. This way, the user will only have access to the specific site. If not, you can have one site hacked and the rest are wide open as well...

* Always update to the latest Joomla version

Free Joomla Template : CloudAccess 2.0

CloudBase 2.0 is an advanced template created by CloudAccess.net. It's based on Gantry Framework developed by RocketTheme.

Features :

Additional features we created on top of those Gantry offers:
* 11 template presets (color variations),
* 10 background patterns,
* One of the most advanced system of picking colors for each template element,
* improved "Scroll to top" feature,
* Equal height for modules,
* 60 module positions.

Gantry features:

* 960 Grid System (http://960.gs) for simple consistent layout. 12 and 16 column support
* Per-menu control over all Gantry functionality
* Ability to save/remove custom presets
* Built-in AJAX Support
* iPhone and iPod Touch mobile autotheme support
* Built-in Gantry RokGZipper to compress and combine Gantry JS and CSS files
* Cleaner more understandable index.php.
* Flexibility to configure up to 6 modules in row position.
* 36 possible combinations for the layout of the mainbody/sidebars alone!
* Flexibility to configure different grid-size layouts based on number of published modules. You are not forced to use the same grid layout for every page
* 12 built-in Gantry Features like Logo, font-sizer, to-top smooth slider.
* Ability to force module display and 'blank' module positions for advanced module placement ability.
* Stunning new Admin interface providing better usability and control.
* Unique Layout controls allow you to configure your layout without having to do math.
* Layout controls provide visual representation of your front-end layout for simple and intuitive customization.
* Gantry is XML driven, adding another row of completely flexible module positions is as simple as editing one XML file.
* New flexible parameter system allows loading preset theme attributes and modifying for a custom design.
* All new table-less HTML overrides based on the excellent GNU/GPLv2 overrides from YOOtheme (http://www.yootheme.com)
* New standard typography and Joomla core elements styling
* New advanced caching system makes using Gantry really fast!
* All configuration state is stored in params.ini and cached for speed.
* Optimized codebase with speed, size, and reuse core tenants of the framework design

DEMO | DOWNLOAD | HOMEPAGE 

sigplus Image Gallery Plus : Joomla Extensons

Description :

sigplus Image Gallery Plus or (sigplus in short) is a straightforward way to add image galleries to an article with a simple syntax. The galleries exhibit the well-known lightbox effect: when a thumbnail is clicked, the corresponding image appears in a pop-up window overlay, without navigating away from the current page.

The plug-in implements features that are usually found only in image gallery Joomla plug-ins that are either commercial or require paid club membership. sigplus ships with all features included, there is no upgrade to a commercial professional version.

Features :

* user-selectable pop-up window engine, including popular Slimbox, prettyPhoto, FancyBox and boxplus (specifically designed for sigplus)
* user-selectable image slider/carousel/rotator
* free-flow and grid layout mode; row, column and grid arrangement
* support for image types .jpg, .png and .gif (with and without transparency)
* best-fit thumbnail generation with automatic cropping and centering
* progressive load feature to save network bandwidth [≥1.3]: only those images are fetched from the server that are being shown
* multiple galleries per content item and per page
* multilingual, search engine-friendly image labels and more verbose description set globally and for each individual image
* right-to-left language support
* download option to save high-resolution image version
* image metadata processing; IPTC data extraction
* custom styling (preview image margin, border, padding and opacity, slide duration and animation delay)
* custom sort criteria (user-defined, file name, last modification time and random order)
* large gallery support (100 or more images in a single gallery) [≥1.3]
* 100% CSS and JavaScript, valid XHTML 1.0 and 1.1, passes WCAG v2 AAA automatic validation (when using labels file)
* default global settings for the entire site and local parameter overrides for individual galleries
* restricted-access galleries and more...

DEMO | DOWNLOAD | HOMEPAGE |

Template Joomla Gratis : CloudBase from CloudAccess.net

CloudAccess.net berbagi template joomla versi 1.5 dan 1.7 secara gratis. Sekalipun gratis, template"nya cukup keren dan mudah untuk dimodifikasi karena ragam penempatan bagi module" yang nantinya akan dipasang.

Sedikit reviews dari vendornya :

Joomla! templates are a great way to jumpstart your site's look and feel for little or no cost. CloudAccess.net provides a variety of both commercial and free Joomla! templates. Check back often as we continue to add more templates. Please note as templates are delivered electronically we do not offer refunds on template purchases for any reason. Please be sure to review your purchase carefully.

PLEASE NOTE: Joomla! 1.5 templates DO NOT work with Joomla! 1.7. Be sure the Joomla! template you purchase includes the correct version if you are using Joomla! 1.7

 Pada postingan ini, saya akan berbagi template dari cloudaccess.net yang bernama 'CloudBase'

Yes, you can have a website that is both beautiful and easy to manage. Joomla! templates are a great way to jumpstart your site's look and feel. CloudAccess.net’s new Joomla 1.5 template, CloudBase, provides you with a instant way to get your business online and looking good.

CloudBase is free and comes with a selection of pre-built themes, 32 modules positions, 5 menu options, iPhone and handheld support, and lots more. Delivered with the Adobe .PSD source file.

    * 100% CSS-based, tableless design
    * 8 color versions
    * 32 module positions
    * Based on T3 framework
    * 5 menu options: Split menu, CSS menu, Dropline menu, Mega menu, Moo Menu
    * Amazing Mega Menu allows you to use modules inside a menu
    * Native iPhone & handheld optimization and style support
    * Improved style for core Joomla! system pages
    * Modules suffixes built into template for module styling
    * Lightweight, modern, very fast-loading design
    * SEO Ultimate - Content first, content on the top
    * Right to left language support
    * Joomla 1.5 native
    * W3C XHTML 1.0 Transitional Valid
    * Fully compatible with: IE7+, Firefox 2+, Firefox 3, Safari, Opera 9.5, Chrome
    * Delivered with Adobe .PSD source file

LIVE DEMO | DOWNLOAD | INSTRUCTIONS
 

RD Flipping Pages - Joomla Module

With this module we can create a browsable magazine with few clicks.
The module is based on Flash application developed by IpariGrafika.

The module supports following formats: .JPG, .GIF, .PNG and .SWF.

Documentation :

- Install the module using the Joomla! installer.

- Create a new folder in "modules/mod_RD_flipping_pages/books" and put pages inside it. The images will be loaded in alphabetical order, so you need to name files in the order in which they appear.

- From the management module, enable the module and assign a position in the template.

- Set the option "Update XML" and click "Apply" to save the setting.

- Go to the front end of the site, navigate to the page where the module is published, and then refresh the page. At this point a warning message will appear confirming the updates of the XML file. If the file is not written, you will see an error message, in this case you must change the permissions of the folder "modules/mod_RD_flipping_pages/pageflip/xml" making the folder writable.

- Go back in the management of the module and disable "Update XML".

- Set any other parameters and save.

DEMO | DOWNLOAD