Is your Joomla website hacked recently? Is this repeating from time to time? Did your web hosting provider warn you that your account may be suspended if this repeats again?
Even if all your answers are "no", it's still recommended to follow these security steps to make your Joomla website secure.
- Keep your Joomla core up-to-date. Follow our previous tutorial how to upgrade Joomla.
- Keep all your Joomla extensions (components, modules, plugins, templates) up-to-date as well. Follow extensions' websites and upgrade each extension as soon as new version is realized.
- Uninstall all extensions that you don't need.
- Delete superadministrator's account with ID=62, if it exists in your Joomla user manager.
- Change default username of your superadministrator's account from "admin" to something else.
- Use passwords that are combination of lowercase and uppercase letters, numbers and special characters.
- Don't CHMOD files on your server to 777. Use 644 instead. When your need to change some files, CHMOD them to 775 and, once you're done, back them to 644. Use FTP software to CHMOD files.
- When installing Joomla, use DB prefix different from default (jos_). If your current website uses this prefix, you still can change it using phpMyAdmin in your hosting control panel.
- Even if you follow all above instructions, your website still can be hacked. Chances are less, but certainly not 0%. Check with your hosting provider if they make regular server backups. Check if site restoration is included in price. Check how many times you are allowed to make site restorations per month/year. Check how much time you should wait for site restoration.
How your Joomla website is hacked?
Usually, attacker finds security hole in file on your server. It uses this hole to install malicious software. This software allows him to change files on your web space as you can change files on your own computer. They probably don't have interest to delete your files. Most likely, they will change your website and, instead of your content, put their content with advertisements. Malicious software will be hidden somewhere in your web space. When you put your Joomla website back to its normal state, you usually wouldn't find and delete the malicious software. So, they will get back and did the same thing several days later.
We found a nice free Joomla 1.5 component that scans all the files of your web space. When it found some files that are changed or new files are added anywhere, it would send you an email informing you about it. Disadvantage is that it will inform you about all changes, even of those that you made on your Joomla website.
Anyway, we will add one more point, last but not least:
- Download and install Joomla 1.5 native component Eyesite. On download location, you will find detailed PDF instructions how to setup this component and how to add a Cron job for this component. This will make your component to run automatically, in example once a day.