Joomla is a powerful free and open source content management system. It has become very popular, and many web hosting provider offer instant installer scripts that can automatically install Joomla onto a customer’s website. In certain, situations, however, you may prefer to install Joomla yourself. When you do, there are certain security issues you should know.
1. Delete the “install” directory. Joomla tells you to do this, and if you forget, the results can horrific.
2. Chmod configuration.php to at least 644. No one should be able to access your configuration.php file. The only reason to even leave it as 644 and not 600 is that some web servers on shared hosts require PHP files to be readable by the web server, which is a different user than the site owner.
3. Backup early and often – Create backups of Joomla’s MySQL database. If anything ever does go wrong, you will have a backup.
4. Install mod_security – ModSecurity is an application firewall designed for web applications like Joomla. It will protect you where a network firewall cannot.
5. Secure your database – Setup Joomla to access the database with a user with limited privileges, and make sure the password is not easy to guess.
There are many more security issues you should consider. Over the coming days, I will highlight some of them. Hopefully, they will help you keep your Joomla installation stable and secure.