Tips on How to Secure a Joomla Website rating not rated
                  Programming Books
                Open Web Directory
           SoftXMLLib | SoftEcartJS
xml products   Home page    contact    site map
Contact Us
Latest Blog Articles:   Latest SEO Articles | RSS Feed
DOM manipulation best practices
JavaScript Module Pattern
How to start developing with the Nextjs
Angular application structure
Write Guest Articles
Articles Archive


The Art & Science of JavaScript ($29 Value FREE For a Limited Time)
The Art & Science of JavaScript ($29 Value FREE For a Limited Time)

Tips on How to Secure a Joomla Website

Make Backup Archives of Your Files

First you should know that there is no such thing as a perfect security scheme. That is why you should make regular backup of your database files. So, if anything goes wrong, you can recover your data quickly and restore your online business operations.

To effectively protect your site, host it with renowned hosting companies. Some of them take daily backup for free. Along with backup hosting, you can use backup extensions, such as Akeeba Backup.

Protect Your Login With Strong Passwords

Weak login details make it easier for hackers to crack ID’s and passwords, this technique is known as ‘Brute forcing’. To avoid that do not leave the admin account as ‘admin’ with easy to guess passwords. It is wiser to use an email address as an administrator ID. Regarding the password, it should at least be 8 characters long. Avoid using passwords that include your name and site name. Prefer a combination of upper-case letters, lower case letters, numerical and special characters.

For more security, force your users to use strong passwords at the time of registration. Your Joomla website can be even more secure by using a two-factor authentication code. Even if a hacker manages to guess your password, he will still need the authentication code to log in!

Note that two-factor authentication code is also called One-time password or OTP.

Restrict access to your administrative area

This hint can improve significantly the security of your Joomla website. There are two ways to do this, you can: password protect the administrator page or replace the login page URL. To password protect the admin page by locking. It is done from Cpanel main page, there you can add a password to your admin page. After that you will have to enter the password each time you want to access the page.

Changing the login page URL is a very easy thing to do. It can be done with extensions such as RSFirewall or Admin Tools.

Keep the Version of Your Joomla and Your Extensions Up-to-date

It is easier for hackers to log into a backdated system. A new version of a system always comes with some bug fixes and security upgrades. Thus, in order to reduce the risk of hacking of your Joomla website keep it updated. And do the same for extensions.

Strengthen the Protection of Your Website With Security Extensions

Security extensions are a good way to further the protection of your website. They will fight spam, close security holes and, above all, block hacking attempts. However do not install any extensions without checking their features, support service, reviews and price. Checking what an extension really does is even more recommended as in some cases they can make your Joomla site more vulnerable. Therefore, if you have unnecessary extensions it is best to delete them. This way, your site will load much faster.

It is also preferable to use pro extensions, but the use of free ones is always possible. Nevertheless, never download and install free premium extensions. These are often infected with malware. If the downloaded file contains on, a hacker will have direct access to your site’s backend.

Protect Your Joomla Website With a Web Application Firewall

A Web Application Firewall or WAF is a good way to protect against vulnerabilities listed in OWASP 10 as well as other known vulnerabilities and malware. Among other things, it will provide you with protections such as login protection, backdoor protection, bot protection, layer 7 DDoS protection, SQL injection, etc.

Hide Your URL With SEF

Search Engine Friendly or SEF component hides your Joomla’s URL from any visitor. Joomla’s URL gives much information about the page and the components that are being used. Know that this type of information can be used to hack your website. Not only will SEF give you additional security but it will also make your Joomla more Search Engine Friendly.

To enable your SEF URLS log into Joomla administration area. Click on Site, then Global Configuration. After, on site, tab select ‘Yes’ next to Search Engine Friendly URLs.

Manage Permission and Rewrite the .htaccess File

When it comes to a Joomla website it is important to never give full permission (777). So it is better to distribute accesses, for folders use 755, for file 644 and for configuration.php file use 444.

Joomla has a file that helps your site from being exploited by common threats. This file is the .htaccess and by default it is not enabled. When you see it rename ‘htaccess.txt’ to ‘. htaccess

Use SSL Certification

You should know that when a user logs into a site, his ID and password are sent directly to the server without any encryption or decryption. With an SSL certification the user’s ID and password are encrypted before being sent over the internet. So if a hacker catches this information, it will be useless to him without decryption.

In Conclusion

Following these steps takes time, but it will greatly reduce your chances of being hacked. In the event that this happens, the time and money lost will be more significant than if you had taken the time to secure your Joomla website.

Author bio
Nicolas Finet is the Co-founder of  – an online solutions company which helps customers to find the best marketing agencies.

Follow him on Twitter: @nifinet!

Tag cloud



Engine Joomla









access admin


authentication backup


Rate This Article
(votes 1)

No Comments comments

Post Comment

We love comments on this blog - they are as important as anything we write ourself. They add to the knowledge and community that we have here. If you want to comment then you�re more than welcome � whether you feel you are a beginner or an expert � feel free to have you say.

* = required
Leave a Reply
Name *:
Email *
(will not be published):
Comment *:
Human Intelligence Identification *:
What is the background color of this web page?
Please enter a valid email Please enter a valid name Please enter valid email Please enter valid name Enter valid year
™SoftXML.   Privacy Statement  |  Article Archive  |  Popular Web Development Books