8 Tips to secure Joomla 3.9 website on budget
In general, the most effective method of hacking a website is the easiest and most straightforward. When one begins to study the different ways to take control of a site vulnerable to attack, one can quickly be confused by the number of different approaches and solutions. Most often, the simpler methods are used first. Only if the site is of any interest (economic, political, etc.), it is highly likely that other more complex - but also more time-consuming - methods will be used to force it.
Make no mistake - there are plenty of people out there who would love to get their hands on your passwords and data. Not that the content of your website interests them but simply to resell it. The most conservative estimates estimate that there would be up to fifteen billion stolen passwords available on the dark web. The easiest way to avoid this is to implement proven methods that can if not prevent, at least delay and prevent data on your site from being compromised. For that, there are some simple tips and daily practices that you can do right now to keep your website and data secure. I've selected eight essential practices to incorporate into your web maintenance routine to give you peace of mind and keep your data secure.
1. Use a unique and strong password
Let's start with what seems to me to be the most obvious and easiest solution to implement.
While the vast majority of Internet users are fully aware of the risks associated with using the Internet thanks to the various cases of data breaches that occur each year, millions of people still do not take the security of their passwords seriously.
It cannot be said enough, you NEVER use two identical passwords. NEVER EVER. Whether for your accounts on the Internet, to access your Joomla site or any other use, you must have UNIQUE and STRONG passwords.
Why is it so important?
If you use the same password more than twice, it means that all the accounts, services, and sites you use are potentially compromised. It's a bit like using the same key to lock your house, your office, you car, etc.
In addition, hackers use programs that will test several million possible combinations until their machine finds the right combination. This is called the brute force method. The more complex your password, the more difficult it will be for these programs to crack it and the more secure your Joomla site will be.
The following table shows you the maximum number of attempts required to crack a password depending on its length and composition.
| Password composition |
1 character |
3 characters |
6 characters |
9 characters |
| lowercase |
26 |
17 576 |
308 915 776 |
5,4 × 1012 |
| lowercase and numbers |
36 |
46 656 |
2 176 782 336 |
1,0 × 1014 |
| lowercase, uppercase and numbers |
65 |
238 328 |
5,6 × 1010 |
1,3 × 1016 |
When you read these numbers, you think you are safe having a 9 character password. If we now translate these numbers into duration of resistance to an attack, a 9-character password (like Joomla392), i.e. containing uppercase letters, lowercase letters and numbers, will only withstand 3 days in a brute force program.
How to create a (very) strong password?
The most reliable solution is to use a password generator making sure to take into account all uppercase, lowercase, numbers and special characters, with a minimum length of 12 characters (aim for 14 or 15 characters). Under these conditions, a password such as =*Joomla392-+ will resist 2 million years.
Tool to test the strength of a password
2. Encrypt your login pages
To put it simply, this type of encryption is a sort of process of verifying the user's identity before granting them permission to enter certain pages of the site. One of the easiest ways to do this is to use an SSL certificate, a relatively straightforward technique that allows sensitive data - such as username and password - to be transmitted securely between the browser and the site.
All information entered on a login page will be fully encrypted and scrambled, meaning that anyone who is able to intercept it cannot use it. This approach ensures that hackers will not be able to access your personal data, login credentials and those of your users.
Is it also useful to remain you that Google does not like sites that do not use an SSL certificate? ?
To activate SSL encryption to secure Joomla, all you have to do is activate a parameter in the administration panel (after installing the said certificate on the site server).
You can get low-priced SSL available in the market. As if the site has a single domain then, you do not need to spend too much on your SSL's purchase. RapidSSL certificate, AlphaSSL certificate, Comodo PositiveSSL certificate, Thawte SSL certificate are few low cost SSL certificates, which are ideal for a single domain SSL security.
3. Keep your Joomla site up-to-date
In computing, an obsolete software is equivalent to an unsecured software. Hackers will then target non-updated sites to attack identified security vulnerabilities. This is why it is AB-SO-LU-TLY ESSENTIAL to apply updates to Joomla and third-party extensions that may have been installed on the site.
These updates most often contain fixes and strengthen the overall security of Joomla. As a site owner, it is your responsibility to make sure that Joomla and every extension you use is updated as soon as possible.
44% of CMS attacked in 2018 were not updated. Source : Sucuri - Website Hack Trend Report 2018
4. Choose a secure and reliable host
Not all web hosts are created equal, unfortunately. Some take security seriously and others a little less. When choosing a web host, don't let the pricing fool you but make sure you choose one that has a solid reputation for security. Check (and check again) that the provider you are going to choose is making a conscious effort to protect their customers' websites.
In order to help you choose a quality provider, I offer you this selection of secure Joomla hosters on which you can count.
PlanetHoster, my trustfull and eco-logic hoster
5. Monitor and avoid vulnerabilities
Despite your best efforts, vulnerabilities may still appear where there were none before. It is therefore important to perform regular, in-depth and concise web security scans to monitor and prevent outages.
This should become a reflex to incorporate into your web security policy and should be done on a strict schedule - once a month, for example, or before any new extensions are deployed in your Joomla site.
By itself, Joomla has no vulnerabilities as the latest released version fixes all known flaws at the time of publication. The problems in this area are more to be found on the side of the extensions, some of which are, unfortunately, not always followed by their developers. To check if one of the extensions installed on your site is not vulnerable , you can and should consult the Joomla Vulnerable Extensions List.
6. Clean your Joomla regularly and correctly
No, it is not possible to guarantee that your Joomla site will never be hacked. But that should not prevent you from taking the necessary steps to make it as difficult as possible for those who seek to harm you. Keep in mind that hackers target certain entry points - admin panel, fragile extensions, databases, online forms, etc. - to your Joomla site. These are the places to protect and watch as a priority.
It is also a healthy preventive measure to regularly clean up your Joomla site by deleting anything that is no longer useful to you: files, extensions or applications that you no longer use. Also remember to empty all the bins (articles, modules, categories, menus, etc.). This task will be even faster to perform if you adopt a monthly or weekly routine to secure your Joomla site.
7. Backup your Joomla regularly
Do you regularly back up your Joomla site? You should create and maintain backups of the database and all files on your site as you may need them at any time. Ransomware can take over your site, data can be corrupted or deleted. Ideally, your web host should be able to provide you with backups, but from experience it is a very good practice to do your own backups as well. These days, cloud storage space is cheap and the backup process is straightforward, so there is no serious excuse not to do it.
8. Entrust the security and technical management of your Joomla site to an expert
Most of the security steps and best practices described above are likely to be within your reach. However, there are finer details, subtle vulnerabilities, and new threats that will likely be best addressed by a professional who understands Joomla and its ecosystem. Establishing a long-term, working and trusting relationship with a partner might just be the best decision you've ever made, knowing that hackers are growing in number, armed and warned year after year. By delegating the security and monitoring of your Joomla site to a professional, you can also focus on what is really important to you.
Before concluding...
Since you've been a great audience reading this article so far, I'm going to reveal you one last little secret.
You don't have to be a cybersecurity expert to subscribe to some industry newsletters and blogs. The main benefit of doing this is that you will increase your understanding of the issues involved in protecting and securing a website and its data.
You don't have to be a web security expert to understand the basics of protecting your site and systems. By taking a few simple but effective steps, keeping an eye out for potential vulnerabilities, and keeping up to date with the latest news related to ongoing threats, you'll have an understanding enough to secure your site against a majority of attacks.
If all these explanations and all these tips still do not secure you, do not hesitate to contact me so that we can exchange freely.
8 Tips to secure Joomla 3.9 website on budget
In general, the most effective method of hacking a website is the easiest and most straightforward. When one begins to study the different ways to take control of a site vulnerable to attack, one can quickly be confused by the number of different approaches and solutions. Most often, the simpler methods are used first. Only if the site is of any interest (economic, political, etc.), it is highly likely that other more complex - but also more time-consuming - methods will be used to force it.
Make no mistake - there are plenty of people out there who would love to get their hands on your passwords and data. Not that the content of your website interests them but simply to resell it. The most conservative estimates estimate that there would be up to fifteen billion stolen passwords available on the dark web. The easiest way to avoid this is to implement proven methods that can if not prevent, at least delay and prevent data on your site from being compromised. For that, there are some simple tips and daily practices that you can do right now to keep your website and data secure. I've selected eight essential practices to incorporate into your web maintenance routine to give you peace of mind and keep your data secure.
1. Use a unique and strong password
Let's start with what seems to me to be the most obvious and easiest solution to implement.
While the vast majority of Internet users are fully aware of the risks associated with using the Internet thanks to the various cases of data breaches that occur each year, millions of people still do not take the security of their passwords seriously.
It cannot be said enough, you NEVER use two identical passwords. NEVER EVER. Whether for your accounts on the Internet, to access your Joomla site or any other use, you must have UNIQUE and STRONG passwords.
Why is it so important?
If you use the same password more than twice, it means that all the accounts, services, and sites you use are potentially compromised. It's a bit like using the same key to lock your house, your office, you car, etc.
In addition, hackers use programs that will test several million possible combinations until their machine finds the right combination. This is called the brute force method. The more complex your password, the more difficult it will be for these programs to crack it and the more secure your Joomla site will be.
The following table shows you the maximum number of attempts required to crack a password depending on its length and composition.
| Password composition |
1 character |
3 characters |
6 characters |
9 characters |
| lowercase |
26 |
17 576 |
308 915 776 |
5,4 × 1012 |
| lowercase and numbers |
36 |
46 656 |
2 176 782 336 |
1,0 × 1014 |
| lowercase, uppercase and numbers |
65 |
238 328 |
5,6 × 1010 |
1,3 × 1016 |
When you read these numbers, you think you are safe having a 9 character password. If we now translate these numbers into duration of resistance to an attack, a 9-character password (like Joomla392), i.e. containing uppercase letters, lowercase letters and numbers, will only withstand 3 days in a brute force program.
How to create a (very) strong password?
The most reliable solution is to use a password generator making sure to take into account all uppercase, lowercase, numbers and special characters, with a minimum length of 12 characters (aim for 14 or 15 characters). Under these conditions, a password such as =*Joomla392-+ will resist 2 million years.
Tool to test the strength of a password
2. Encrypt your login pages
To put it simply, this type of encryption is a sort of process of verifying the user's identity before granting them permission to enter certain pages of the site. One of the easiest ways to do this is to use an SSL certificate, a relatively straightforward technique that allows sensitive data - such as username and password - to be transmitted securely between the browser and the site.
All information entered on a login page will be fully encrypted and scrambled, meaning that anyone who is able to intercept it cannot use it. This approach ensures that hackers will not be able to access your personal data, login credentials and those of your users.
Is it also useful to remain you that Google does not like sites that do not use an SSL certificate? ?
To activate SSL encryption to secure Joomla, all you have to do is activate a parameter in the administration panel (after installing the said certificate on the site server).
You can get low-priced SSL available in the market. As if the site has a single domain then, you do not need to spend too much on your SSL's purchase. RapidSSL certificate, AlphaSSL certificate, Comodo PositiveSSL certificate, Thawte SSL certificate are few low cost SSL certificates, which are ideal for a single domain SSL security.
3. Keep your Joomla site up-to-date
In computing, an obsolete software is equivalent to an unsecured software. Hackers will then target non-updated sites to attack identified security vulnerabilities. This is why it is AB-SO-LU-TLY ESSENTIAL to apply updates to Joomla and third-party extensions that may have been installed on the site.
These updates most often contain fixes and strengthen the overall security of Joomla. As a site owner, it is your responsibility to make sure that Joomla and every extension you use is updated as soon as possible.
44% of CMS attacked in 2018 were not updated. Source : Sucuri - Website Hack Trend Report 2018
4. Choose a secure and reliable host
Not all web hosts are created equal, unfortunately. Some take security seriously and others a little less. When choosing a web host, don't let the pricing fool you but make sure you choose one that has a solid reputation for security. Check (and check again) that the provider you are going to choose is making a conscious effort to protect their customers' websites.
In order to help you choose a quality provider, I offer you this selection of secure Joomla hosters on which you can count.
PlanetHoster, my trustfull and eco-logic hoster
5. Monitor and avoid vulnerabilities
Despite your best efforts, vulnerabilities may still appear where there were none before. It is therefore important to perform regular, in-depth and concise web security scans to monitor and prevent outages.
This should become a reflex to incorporate into your web security policy and should be done on a strict schedule - once a month, for example, or before any new extensions are deployed in your Joomla site.
By itself, Joomla has no vulnerabilities as the latest released version fixes all known flaws at the time of publication. The problems in this area are more to be found on the side of the extensions, some of which are, unfortunately, not always followed by their developers. To check if one of the extensions installed on your site is not vulnerable , you can and should consult the Joomla Vulnerable Extensions List.
6. Clean your Joomla regularly and correctly
No, it is not possible to guarantee that your Joomla site will never be hacked. But that should not prevent you from taking the necessary steps to make it as difficult as possible for those who seek to harm you. Keep in mind that hackers target certain entry points - admin panel, fragile extensions, databases, online forms, etc. - to your Joomla site. These are the places to protect and watch as a priority.
It is also a healthy preventive measure to regularly clean up your Joomla site by deleting anything that is no longer useful to you: files, extensions or applications that you no longer use. Also remember to empty all the bins (articles, modules, categories, menus, etc.). This task will be even faster to perform if you adopt a monthly or weekly routine to secure your Joomla site.
7. Backup your Joomla regularly
Do you regularly back up your Joomla site? You should create and maintain backups of the database and all files on your site as you may need them at any time. Ransomware can take over your site, data can be corrupted or deleted. Ideally, your web host should be able to provide you with backups, but from experience it is a very good practice to do your own backups as well. These days, cloud storage space is cheap and the backup process is straightforward, so there is no serious excuse not to do it.
8. Entrust the security and technical management of your Joomla site to an expert
Most of the security steps and best practices described above are likely to be within your reach. However, there are finer details, subtle vulnerabilities, and new threats that will likely be best addressed by a professional who understands Joomla and its ecosystem. Establishing a long-term, working and trusting relationship with a partner might just be the best decision you've ever made, knowing that hackers are growing in number, armed and warned year after year. By delegating the security and monitoring of your Joomla site to a professional, you can also focus on what is really important to you.
Before concluding...
Since you've been a great audience reading this article so far, I'm going to reveal you one last little secret.
You don't have to be a cybersecurity expert to subscribe to some industry newsletters and blogs. The main benefit of doing this is that you will increase your understanding of the issues involved in protecting and securing a website and its data.
You don't have to be a web security expert to understand the basics of protecting your site and systems. By taking a few simple but effective steps, keeping an eye out for potential vulnerabilities, and keeping up to date with the latest news related to ongoing threats, you'll have an understanding enough to secure your site against a majority of attacks.
If all these explanations and all these tips still do not secure you, do not hesitate to contact me so that we can exchange freely.
