This document discusses Joomla! security best practices. It recommends keeping Joomla! and all extensions updated, enabling search engine friendly URLs, and establishing a regular backup routine. The document also suggests hiding the admin portal, changing the database prefix and default admin ID, and using a web application firewall for additional security. Key tips include keeping software updated, using strong passwords, and not giving out admin rights freely.

1. Joomla! Security Ruth Cheesley

2. Hello, I’m Ruth Cheesleyfrom Virya Technologies Find my social media stuff here! @RCheesley

3. What do we mean by security?

4. Why bother?

5. Where to start?

6. Security is … Putting measures in place to make unauthorised access more difficult NOT making it impossible

7. … a balancing act Security versus usability Risk versus implications

8. A quick look at server security Use a reputable company with Joomla! experience Ensure they have recommended security settings applied Ask others if you’re not sure!

9. Is Joomla! insecure? It depends! Often insecurities are due to poor practice by administrators including: Patches not being applied Insecure extensions Basic precautions not taken

10. If you do nothing else … Keep Joomla! and extensions up to date

11. Updating Joomla! Manually One-click (1.6.x +) Akeeba Admin Tools

12. If you do nothing else … Enable Search Engine Friendly (SEF) URL’s

13. Enable SEF URL’s Enable in global configuration With or without .htaccess Using extensions

14. If you do nothing else … Establish a regular backup routine

15. Establish a backup routine On-site backups Off-site backups Full or partial Akeeba backup

16. Other ‘must do’ security tasks Hide your admin portal (jSecure, Admin Tools) Change your database prefix (manually or using Admin Tools) Change your default Super Admin ID (from #62 in 1.5 or #42 in 1.6/7)

17. Hide admin portal Why bother? jSecure Akeeba Admin Tools

18. Change database prefix Why bother? Manually Akeeba Admin Tools

19. Change default admin ID Why bother? Manually Akeeba Admin Tools

20. Would be good to do … Web application firewall

21. Web Application Firewall Why bother? Akeeba Admin Tools

22. Top Ten Tips Keep Joomla! up to date Keep extensions up to date Hide admin portal Change database prefix Ensure correct file and folder permissions Disable default Super Administrator Enable SEF URL’s Establish and regularly test backup routine Ensure strong username/password for admins Do not give out Admin rights freely

23. Useful links http://www.viryatechnologies.com http://www.akeebabackup.com http://www.joomlaserviceprovider.com http://tinyurl.com/joomlasecuritychecklist http://www.ico.gov.uk/

24. Thank you Any questions? Ruth CheesleyVirya Technologies ruth.cheesley@viryatechnologies.com @RCheesley