Questions? Feedback? powered by Olark live chat software

Joomla is a Content Management System (CMS) that empowers you to create websites and some useful online applications. The best feature of Joomla is that it’s an open source application that is free to use and available to everyone.  The easy-to-use interface and brilliant features make the award-winning Joomla, the most ideal website software in the market.

Joomla security tips

 As it’s a freeware application, there are some important security concerns attached to it as well. Hackers have a deep sight on the loopholes in your application settings.

It is highly recommended to the Joomla users to employ some preventive measures that can save them from losing their valuable data.

We are presenting some Joomla Security tips along with some plug-ins that will enhance the security level of your Joomla website.

Most Recommended Joomla Security Tips and Plug-ins

Here are some Joomla Security tips that you must consider at the earliest if you are still running your Joomla website being care free. Some Joomla security tips & plug-ins are also presented that will ensure the maximum level of your Joomla website security.

Tip #1: Backup Your Data

The first and foremost thing you need to do is to create a backup of your data stored on your Joomla website. This will save you from losing all your crucial information in an event of hacking. You will only be required to identify the vulnerabilities on your website as you can easily recover the lost data from the back up you created.

Tip #2: Use the most updated version of Joomla

It is highly recommended that use the latest and updated release offered by Joomla. With every new release, you get several improvements in the core components of the application along with the enhancement in the security of your Joomla hosting website. However you must backup your Joomla data prior to the upgrading process.

Tip #3: Hardening your Joomla Login

Your administrative username for your Joomla website is by default set to ‘admin’. Hackers do know this and can easily access your administrative area. Therefore, you must replace your default user ID with some strong one to increase your Joomla security.

Tip #4: Change the default database table prefix

A majority of the SQL injections used for hacking a Joomla website usually attempt to have the data retrieved from the jos_users table. This makes the retrieval of the username and password easy and simple from the website’s super administrator. Therefore, you must replace the default prefix with something difficult to be guessed as it would avert most or all of the SQL injections.

The database prefix can be set during the installation process of the Joomla website. However, you can change the prefix later as well by following the below mentioned instructions.

  • First sign-in to your Joomla back-end
  • Scroll through your global configuration option and look up for the data base
  • Replace your database prefix (example: fdasqw_) and hit Save.
  • Go to phpMyAdmin to access your database.
  • Go to export, leave all default values and press Start. Exporting the database can take a while.
  • When done, select all code and copy it to notepad (or any other text editor)
  • In phpMyAdmin, select all tables and delete them
  • Innotepad, do a Search & replace (Ctrl + H). Set the searchterm to jos_ and change it into your new prefix (Example: fdasqw_). Press “Replace all”.
  • Select everything in your notepad file and copy it. In phpMyAdmin, go to SQL, paste the queries and press Start.

Tip #5: Use a SEF (Search Engine Friendly) component

It has been identified thatmajority of the hackers use the Google inurl: command in order to look for a vulnerable exploit. For increased Joomla security, you are advised to use URL’s search engine friendly that keeps the hackers from acquiring the exploits. It will also improve the Google ranking of your Joomla website.

Tip #6: Protecting your Joomla Website from Spam

It is highly recommended that you protect your entire Joomla website’s data using a strong password. Frequent change of passwords is also advised for improved Joomla’s security

Tip #7: Keep your Joomla extensions up-to-date

Users install several extensions but all of them are not used in real. These unused and inactive extensions are an additional load on your Joomla website that must be removed immediately.

Tip #8: Change your .htaccess file for improved Joomla Security

Another Joomla security tip requires you to insert the below mentioned coding in the .htaccess file in the Joomla directory. This will provide a shield against some common exploits.


Begin – Rewrite rules to block out some common exploits

# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a < script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script that tries to set CONFIG_EXT (com_extcal2 issue)
RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR]
# Block out any script that tries to set sbp or sb_authorname via URL (simpleboard)
RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR]
RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D)
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
########## End - Rewrite rules to block out some common exploits

Tip #9: Install commercial Security plugins

You should consider installing some commercial or paid Joomla plug-ins as they offer a range of features for enhancing your Joomla security. Some recommended plug-ins include:

Joomla Security Tips and Plugins – Make a Final Move

If you are really bothered about your Joomla security, then this blog holds something perfect for you. Review these tips, try to exercise as many of these tips as you can. Using the maximum number of security measures will ultimately lead to the highest level of Joomla security tips. So if you are a Joomla user, then it’s the high time to get done with your security measures before hackers have their eyes on your website.

Other Useful Resources:

[Read: 15 Best WordPress Security Plugins to Help Secure your WordPress Site]

[Read: 5 Tips to Increase your Cloud Performance!]