Link: Joomla Administrators Security Checklist
Install official versions of Joomla!
To avoid braking your site, search the forums for reports of incompatible extensions before upgrading to a new version of Joomla.Upgrade to the latest stable version of Joomla! as soon as possible.
Download Joomla! from official sites only, such as JoomlaCode.org, and check the MD5 hash.
Use Joomla Diagnostics to ensure that all files were installed correctly. (Note: the version of Joomla Diagnostics made for the initial release of 1.5 does not work for 1.5.3.)
Install official versions of Joomla!
To avoid braking your site, search the forums for reports of incompatible extensions before upgrading to a new version of Joomla.Upgrade to the latest stable version of Joomla! as soon as possible.
Download Joomla! from official sites only, such as JoomlaCode.org, and check the MD5 hash.
Use Joomla Diagnostics to ensure that all files were installed correctly. (Note: the version of Joomla Diagnostics made for the initial release of 1.5 does not work for 1.5.3.) Change the default administrator username
Change the user name of the default admin user. This simple step greatly increases the security of this critical account by modifying one of the two variables attackers can use to gain admin access. The admin password is the other variable. Change it early and often.
Protect directories and files
Increase the security of the critical configuration.php file by moving it outside of the public_html directory.
Ensure that all configurable paths to writable or uploadable directories (document repositories, image galleries, caches) are outside of public_html. Check third party extensions such as DOCMan and Gallery2 for editable paths to writable directories. There is currently no easy way to move the Joomla! /image and /media directories. The best plan is to make sure open_basedir is properly set for all the user accounts on your server. Check with your host if unsure.
Link: Joomla Administrators Security Checklist
| Następna > |
|---|
