We received an email this morning from Phil-Taylor.com listing security holes in various Joomla components.
I have an awful lot of respect for Phil and his work developing Mambo and now his components. However, I think the tone of the latest email could have been improved. People are understandably jumpy when it comes to security and I think he could have done a better job of pointing people towards freely available solutions rather than to his new security site.
There have always been third-party components with vulnerabilities and I’ve not seen any evidence that security exploits are increasing. What may be increasing is the number of hacker attacks. Some major Joomla sites are being attacked every 60-90 seconds. However, thats not much different from a computer plugged in to the internet.
Its not that difficult to secure your site. Here’s how…
Where to get started with Joomla Security
- Download, install and run Joomla HISA. HISA stands for Joomla! Health, Installation and Security Audit and will help you pinpoint and solve a lot of permission and security problems. Click here to download and click here to read more about HISA.
- Make sure register_globals is OFF. If your host won’t let you, its time to move. If you’re on GoDaddy, instructions are here.
- Make sure you have an .htaccess file that includes lines that block common exploits. Click here to download a copy of ours. Read more at Joomla.org.
What to do if you use an extension on Phil Taylor’s list?
- DocMan and School Info. It may be worth being safer than sorry. If you feel comfortable doing this, backup the files and then delete them from the server. Restore them when a patch is available. The Docman site is here and an update is in the works.
- Slideshow. Phil provided the link to the site which has an update.
- iJoomla Magazine. An update is already available. Head over to iJoomla.com.
How to Recover from ANY hack
- Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Backup. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day. Every Day.
- There are various Joomla components available to allow you to do this.
- Theres a backup recovery procedure available at Joomla.org.