The Most Commonly Known Joomla Security Issues
Below we have listed the most common Joomla Security Issues that will most likely effect your Joomla Powered Website and will impacted your website and your Internet presence. How many of them could effect you?
Weak Joomla Administrator Password
Because the Joomla 2.5 Content Management System asks for a Username and password on installation you should use a 'strong' username and password combination (not the following). The most common way of a 'hacker' gaining access to your Joomla Powered Website is the end user using a 'weak' username and password combination, the following usernames and password combinations and the most common credentials that hackers use on a 'day to day' basis.
- admin - admin
- admin - nimda
- admin - password
- nimda - drowssap
A weak username and password CAN get your website hacked, causing you endless hours restoring your website to 'how it was'. If you are using 'admin' as the username I'm 50% of the way to accessing your website. We know that in the modern world we use so many passwords, we use a number of different password combinations, swapping out letters for numbers, on different sites and services we swap the order of the words, there are only three possible passwords that we can use and if we don't know them, they are going to be difficult for other people / hackers to guess. Software enables hackers to run millions of guesses a second. We can configure your server to block 'brute force password attempts', for the main just setting a strong password is enough.
Giving Away Or Leaving Joomla Login Details Laying Around
You would not believe how many people on the Joomla forum post their login details for the world to see. Leaving machines on in the office or posting their username and password to the world can comprise your website. Remember, keeping your details secret and secure is one of the best ways to secure your website.
Email Accounts Hacked
As a 'web master' you pass passwords around to your fellow colleges so they are able to log in to your website, this is a big mistake. Many hackers try thousands of password combinations a second and they could be trying your email address right now. The best advise is to either talk to each website user in person or write it down on a peace of paper and pass it the end user. Make sure that they change their password as soon as they login!
Out Of Date Joomla Core Files
Joomla is built with a large amount of PHP files behind a MySQL (or MS-SQL) database, these files are constantly being updated on the Joomla's Github page with new updates, features and security patches to the Joomla CMS. At the time of writing this article the Joomla 2.5 branch is now running on version 2.5.6, that means the Joomla core have released 6 updates in since January 2012 which the Joomla 2.5 branch has been available for.
On average the Joomla Core developers release one update every two months, releasing new updates and security patches to the Joomla community.
Keeping core files up to date is one of the best ways you can avoid hacker activity on your site, there are now add-ons that inform you of an update in the administrator area and can update your Joomla website with just a couple of clicks.
A Joomla Backup Routine
I cannot tell you how many times we are contacted by potential clients who have been hacked and when asked if they have a recent clean backup, they answer "my host does that for me, don't they?". No!, unless you pay for an extra service backups are your responsibility, you only 'rent' web space from for hosts and all over responsibility is on you.
A backup routine is essential for every website in the world, you must set one up now!
Cheap Joomla Hosting
Why would you go for the cheapest hosting provider you can find?
Cheap or low cost hosting providers use shared servers that can host up to 1,000 websites. Shared hosting by itself is not bad, but if you pay the minimum amount for your hosting you know it will not be configured for optimal speed or security.
Cheap hosting is sold as a lead generator!
When something goes wrong (and it will) the hosting company will do everything to up-sell you to a more expensive package that they claim is "more secure" - and it isn't, for optimum security, medium hosting providers like ourselves offer the best Joomla hosting packages and look after all of our Joomla hosting clients.