Secure Your Site Joomla 3.9 on Budget With These 8 Tips

Secure Your Site Joomla 3.9 on Budget With These 8 Tips

Secure a site powered by Joomla 3.9 is not a complex problem, as long as we respect and follow certain rules. In order to make this subject as accessible to as many people as possible, I suggest you see how to secure a Joomla site effectively but without breaking the bank.

8 Tips to secure Joomla 3.9 website on budget

In general, the most effective method of hacking a website is the easiest and most straightforward. When one begins to study the different ways to take control of a site vulnerable to attack, one can quickly be confused by the number of different approaches and solutions. Most often, the simpler methods are used first. Only if the site is of any interest (economic, political, etc.), it is highly likely that other more complex - but also more time-consuming - methods will be used to force it.

Make no mistake - there are plenty of people out there who would love to get their hands on your passwords and data. Not that the content of your website interests them but simply to resell it. The most conservative estimates estimate that there would be up to fifteen billion stolen passwords available on the dark web. The easiest way to avoid this is to implement proven methods that can if not prevent, at least delay and prevent data on your site from being compromised. For that, there are some simple tips and daily practices that you can do right now to keep your website and data secure. I've selected eight essential practices to incorporate into your web maintenance routine to give you peace of mind and keep your data secure.

1. Use a unique and strong password

Let's start with what seems to me to be the most obvious and easiest solution to implement.
While the vast majority of Internet users are fully aware of the risks associated with using the Internet thanks to the various cases of data breaches that occur each year, millions of people still do not take the security of their passwords seriously.

It cannot be said enough, you NEVER use two identical passwords. NEVER EVER. Whether for your accounts on the Internet, to access your Joomla site or any other use, you must have UNIQUE and STRONG passwords.

Why is it so important?
If you use the same password more than twice, it means that all the accounts, services, and sites you use are potentially compromised. It's a bit like using the same key to lock your house, your office, you car, etc.

In addition, hackers use programs that will test several million possible combinations until their machine finds the right combination. This is called the brute force method. The more complex your password, the more difficult it will be for these programs to crack it and the more secure your Joomla site will be.

The following table shows you the maximum number of attempts required to crack a password depending on its length and composition.

Password composition 1 character 3 characters 6 characters 9 characters
lowercase 26 17 576 308 915 776 5,4 × 1012
lowercase and numbers 36 46 656 2 176 782 336 1,0 × 1014
lowercase, uppercase and numbers 65 238 328 5,6 × 1010 1,3 × 1016

When you read these numbers, you think you are safe having a 9 character password. If we now translate these numbers into duration of resistance to an attack, a 9-character password (like Joomla392), i.e. containing uppercase letters, lowercase letters and numbers, will only withstand 3 days in a brute force program.

How to create a (very) strong password?
The most reliable solution is to use a password generator making sure to take into account all uppercase, lowercase, numbers and special characters, with a minimum length of 12 characters (aim for 14 or 15 characters). Under these conditions, a password such as =*Joomla392-+ will resist 2 million years.

Secure Joomla and test the strength of a password
Tool to test the strength of a password

2. Encrypt your login pages

To put it simply, this type of encryption is a sort of process of verifying the user's identity before granting them permission to enter certain pages of the site. One of the easiest ways to do this is to use an SSL certificate, a relatively straightforward technique that allows sensitive data - such as username and password - to be transmitted securely between the browser and the site.

All information entered on a login page will be fully encrypted and scrambled, meaning that anyone who is able to intercept it cannot use it. This approach ensures that hackers will not be able to access your personal data, login credentials and those of your users.

Is it also useful to remain you that Google does not like sites that do not use an SSL certificate? ?

To activate SSL encryption to secure Joomla, all you have to do is activate a parameter in the administration panel (after installing the said certificate on the site server).

Activate SSL encryption to secure Joomla

3. Keep your Joomla site up-to-date

In computing, an obsolete software is equivalent to an unsecured software. Hackers will then target non-updated sites to attack identified security vulnerabilities. This is why it is AB-SO-LU-TLY ESSENTIAL to apply updates to Joomla and third-party extensions that may have been installed on the site.

These updates most often contain fixes and strengthen the overall security of Joomla. As a site owner, it is your responsibility to make sure that Joomla and every extension you use is updated as soon as possible.

Sucuri Website Hack Trend Report 2018

44% of CMS attacked in 2018 were not updated. Source : Sucuri - Website Hack Trend Report 2018

4. Choose a secure and reliable host

Not all web hosts are created equal, unfortunately. Some take security seriously and others a little less. When choosing a web host, don't let the pricing fool you but make sure you choose one that has a solid reputation for security. Check (and check again) that the provider you are going to choose is making a conscious effort to protect their customers' websites.

In order to help you choose a quality provider, I offer you this selection of secure Joomla hosters on which you can count.

PlanetHoster, mon hébergeur éco-logique

PlanetHoster, my trustfull and eco-logic hoster

5. Monitor and avoid vulnerabilities

Despite your best efforts, vulnerabilities may still appear where there were none before. It is therefore important to perform regular, in-depth and concise web security scans to monitor and prevent outages.

This should become a reflex to incorporate into your web security policy and should be done on a strict schedule - once a month, for example, or before any new extensions are deployed in your Joomla site.

By itself, Joomla has no vulnerabilities as the latest released version fixes all known flaws at the time of publication. The problems in this area are more to be found on the side of the extensions, some of which are, unfortunately, not always followed by their developers. To check if one of the extensions installed on your site is not vulnerable , you can and should consult the Joomla Vulnerable Extensions List.

6. Clean your Joomla regularly and correctly

No, it is not possible to guarantee that your Joomla site will never be hacked. But that should not prevent you from taking the necessary steps to make it as difficult as possible for those who seek to harm you. Keep in mind that hackers target certain entry points - admin panel, fragile extensions, databases, online forms, etc. - to your Joomla site. These are the places to protect and watch as a priority.

It is also a healthy preventive measure to regularly clean up your Joomla site by deleting anything that is no longer useful to you: files, extensions or applications that you no longer use. Also remember to empty all the bins (articles, modules, categories, menus, etc.). This task will be even faster to perform if you adopt a monthly or weekly routine to secure your Joomla site.

7. Backup your Joomla regularly

Do you regularly back up your Joomla site? You should create and maintain backups of the database and all files on your site as you may need them at any time. Ransomware can take over your site, data can be corrupted or deleted. Ideally, your web host should be able to provide you with backups, but from experience it is a very good practice to do your own backups as well. These days, cloud storage space is cheap and the backup process is straightforward, so there is no serious excuse not to do it.

8. Entrust the security and technical management of your Joomla site to an expert

Most of the security steps and best practices described above are likely to be within your reach. However, there are finer details, subtle vulnerabilities, and new threats that will likely be best addressed by a professional who understands Joomla and its ecosystem. Establishing a long-term, working and trusting relationship with a partner might just be the best decision you've ever made, knowing that hackers are growing in number, armed and warned year after year. By delegating the security and monitoring of your Joomla site to a professional, you can also focus on what is really important to you.

Before concluding...

Since you've been a great audience reading this article so far, I'm going to reveal you one last little secret.
You don't have to be a cybersecurity expert to subscribe to some industry newsletters and blogs. The main benefit of doing this is that you will increase your understanding of the issues involved in protecting and securing a website and its data.
You don't have to be a web security expert to understand the basics of protecting your site and systems. By taking a few simple but effective steps, keeping an eye out for potential vulnerabilities, and keeping up to date with the latest news related to ongoing threats, you'll have an understanding enough to secure your site against a majority of attacks.

If all these explanations and all these tips still do not secure you, do not hesitate to contact me so that we can exchange freely.

Daniel Dubois

Daniel Dubois

Passionné par le Web depuis 2007, Daniel défend la veuve et l'orphelin du web en créant des sites respectueux du W3C. Fort d'une expérience de plusieurs années, il partage ses connaissances dans un état d'esprit open source.
Très impliqué dans la communauté Joomla depuis 2014, il est actif au sein de plusieurs projets, conférencier et fondateur du JUG Breizh.