Best Practices to Secure Your Joomla Website

First of all let’s make it clear, that none of websites or servers is safe. There is always a “door” that hackers can break through and get access to sensitive information. This is the worst and most annoying thing that can happen to a website, beside the downtime that is caused by technical issues.

In the last weeks we have seen many news about massive attacks over different websites and platforms such as WordPress and Joomla. In most of the cases hackers can gain access to the backend of your website trough a vulnerable extension or script. Website owners and webmaster may blame Joomla or other cms for the hacks, but in fact it can happen to anyone and every website.

While there is no way to keep hackers away from your website, it is possible to reduce the chances of hacking and restore your site quickly and fix the problem. In this article I will show you some of the best ways to keep your Joomla website secure and remediate any damage caused as soon as possible. This article may also be useful for those who are not running a Joomla site.

Backup your website frequently, prepare for restore

In case you will need to restore your website after it has been hacked, you will need the files. The best way to store your website’s file is to create an archive in a .zip format and save it to your computer or into an online storage, where you can access it easily when it is needed. Do not leave it on the server where your website is hosted, because if the hacker decides to delete all files on your hosting account, you will lose the backup as well.

In you are running a blog and uploading pictures and other document to your site on a daily basis, you probably want to perform a backup every week or maybe every day. Otherwise it is enough to create a copy of the file system once, and every time you update Joomla or an extension.

Joomla stores the information in a MySQL database. Make sure that you always create a copy of your database as well along with the files. The database stores the emails, passwords of users registered to your website, articles and other data that you add to your site. If your website is updated frequently, if you add content regularly or offer the possibility to your visitors to register to your site, having an online forum or running an online shop, probably you should consider backing up the database very often.

It can be a pain to backup files and database manually, but with Joomla it is very easy if you use the Akeeba Backup extension. This Joomla component is free to use, but there is also a paid version available that includes a lot more features. The free version allows you to perform a full backup of your site with a click of a button. The premium version can perform backups automatically and store the files and database outside of the server where your site is currently hosted. There is a lot more to it, you should check their official site for more details.

In the event of a website hack, you want to remediate the problem as quickly as possible. A hacked website creates a very bad impression about your business so you want to be quick and professional. Organize your backups accordingly, so you can restore your website in a very short time. The Akeeba Kickstart is part of the earlier mentioned Joomla component that can restore a preveisous backup with a click of a button. If you think that user information was compromised, ask your users to change their passwords.

If you store very sensitive data in your Joomla website, like credit card information, you should consider implementing an SSL certificate and encrypt the data, making it more difficulty for a hacker to compromise the information.

Update Joomla core and third-party extensions

Joomla is an open source software, which is great, because everyone can modify it to their preference, but the downside of it is that everyone can have access to its source code. Knowing the weaknesses of the system, a hacker can easily break into your website. The Joomla community is very active and constantly working on improving the code; if they find a security hole, they will make the necessary changes and will release a new update. In the new Joomla 3.x version you can see in the administrator panel if there is a new update available. I recommend updating every time it is possible. Also don’t forget to update the third-party extensions; these could also have vulnerable code. It is very good to subscribe to their newsletters and stay up to date with the latest releases, and update them every time is needed.

Get quality web hosting

In most of the cases outdated software is what makes a website vulnerable, but sometimes hackers can break into the server where you files are hosted. Getting a reliable Joomla webhost, which has good reputation in the industry and is recommended for Joomla websites, is also a good way to reduce the chances for a hacker to succeed. For instance, InMotion hosting offers Joomla optimized web hosting, they also have online tutorials and their team is trained to help its customers in case they are having issues with Joomla related sites.

Seek for a Joomla expert

On the official Joomla forum you can get help in case something goes wrong with your website. They are a very friendly and active community and ready to help everyone, especially when their website is hacked. However it is good to be in touch with a person who knows Joomla inside-out, because in case your site is hacked, is not enough to restore the files, you have to also find the root of the problem and fix it. A person, who works with Joomla on a daily basis, can identify the problem in no time and can fix it for you.

Conclusion and final thoughts

It is impossible to make a website 100% bulletproof, but with the above simple tricks you can recover quickly from a hacking or you could make your Joomla site more secure than the average. So I suggest always having a backup of your site, host only with trusted and reliable companies and have a Joomla developer available to help you.


David Cross

David is the chief editor at WebHostingMedia right from the beginning. He has a great passion for building and managing websites and creating helpful content. He is also interested in programming - currently learning python.