This email address is being protected from spambots. You need JavaScript enabled to view it.

Joomla - How to secure your Joomla website

.

  1. Change default Administrator username and Name: go to Site/User manager and change username to something other then admin or administrator. Joomla password should be different then one used for host/ftp/e-mail administration to prevent eventual intruder access to all your protected resources.
  2. If you have web site hosted on Linux server then make .htaccess file and upload it in /administrator sub-directory of your Joomla installation and limit access to only few IP addresses to your /administrator sub directory. See how to restrict access to web site by IP address.
  3. In root Joomla directory edit htaccess.txt and uncomment lines (remove # at start of each line):

    <Files ~ "\.xml$">
    Order allow,deny
    Deny from all
    Satisfy all
    </Files>

    then rename htaccess.txt to the .htaccess. This Joomla .htaccess file will restrict access only to index.php and few additional types of the files. Test your site availability, if you experience problems, you can add additional file types in RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ line, e.g. to allow access to the *.asp files (does not make sense, but for example), just add one more OR condition at end of list after .raw:  RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|\.asp|/[^.]*)$

  4. Additionally you can password protect access the /administrator sub-directory (see how to password protect web site directory). You should use username and password other then used for your website and Joomla administration.

 

See my advanced anti-hack guide on how to secure Joomla website advanced

See details on how to secure Joomla website at SiteGround

See list of all Joomla mini how to's from this site