The Blog

Check out our brand new Joomla! Template Club:

Tips and Tricks to enhance Joomla Security

Joomla is becoming one of the most popular websites Content Management System (CMS) with hundreds of millions of Joomla websites and thousands more be built every day, it isn’t surprising if many hackers want to attack it. In fact, there were many Joomla websites which were defaced because of the ignorance of their administrators.

In this tutorial, we will show you several tips and neat tricks, which will keep your Joomla website safely.

1.Backup data

Take time to make a troubleshooting plan before your site visited by hackers. You always remember: “Backup early and often” to protect your data. This gives you the certainty that if something goes wrong with your Joomla website, you can restore it at any time you want. Then you only need to find vulnerabilities on a website.

2.Update Joomla

If your website is running Joomla 1.0 or 1.5, you should upgrade to Joomla 2.5 or 3.0. In the higher versions, there are many security improvements in the core elements of the application. However, you should do with caution “always backup your Joomla before proceeding with the upgrade”. For more information, you can check Joomla tutorial.

3.Careful management of installed extensions.

The extension of third-party make Joomla extremely popular, but it’s also a way to enter your website. In addition, you need to update regularly for each different extension. So, you should consider that expansion is really necessary.

Make sure the following steps:

-Run code review for any extension used.

-Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.

-Update and patch for extensions when it’s necessary.

Remember that an extension, which isn’t safe, can be harmful to your entire website.

4.Remove unused files.

You install many extensions, but don’t use them? This is not only a weakness but also garbage for your website. Please use the uninstall function to totally get rid of the extension to avoid trouble.

5.Password protection:

The hacker usually attacks on weak passwords. You should regularly change your password and use all: uppercase, lowercase, special characters, numbers.

The database is very important. The SQL injection attack or any other attack on the database can make your effort lost. Make sure that your database access is protected at MySQL.

6.Use search engine friendly URLs:

Always use search engine friendly URLs. This not only improves the website's Google ranking but also prevent hackers exploit to use Google’s search results.

7.Change URL for administration security.

Standard Joomla address is In order to secure your site against attack, you can rename it to be something like

8.Use the correct CHMOD for each folder and file

Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:

•PHP files: 644

•Config files: 666

•Other folders: 755

12.Review and action Security Checklist:

These checklists will point you in the right direction and inform you of typical security issues. So, make sure you went through all of the steps.

We hope this blog post was helpful for you. If you have any additional advices/recommendations please share them with us. Thanks!

Ivo Valkov

I'm a front end developer. I love creating things, playing football, snowboarding and so on. I also hope you like all our stuff. We started using Gantry for our projects and honestly, we love it!