Before taking extra steps to secure Joomla, you should make sure its core code and any additional components / modules are up to date. Then you can take advantage of the next extra security measures:
1. Secure your administrator's area. This will prevent simple brute-force attacks. Along with that, all components and modules code inside this directory will be safe. For this purpose:
- Place an .htaccess inside Joomla's 'administrator' directory. It should contain:
Deny from all
Allow from YourIP*
* You can find your IP* by going to sites such as http://whatismyip.org
- In case your IP changes, you should try securing the directory with Password Protection
2. Change the default database prefix jos_. This will trick all MySQL injection attempts. For this purpose you can use the following third party component. You should back up your database before changing its prefix.
3. Make sure your host does not allow remote code inclusion in PHP by default. For this purpose log in your Joomla Administrator's panel and navigate to System, System info from the top panel. There go to the PHP Info tab.
- If you are using PHP 5.2, make sure that the directive 'allow_url_include' is set to off;
- If you are using PHP version below 5.2, make sure that the directive 'allow_url_fopen' is set to off.
Joomla is a powerful software that is easy to work with once you have the right host to support you. Before you lose any more time with the wrong host, check out the SiteGround Joomla hosting offer.
