<p>Joomla is one of the very popular CMS in the world. As being popular, it is also a subject of all sort of hacking attacks. I can still recall the day when our <a href="https://www.themexpert.com/blog/themexpert-hacked-and-survived">site got hacked.</a> </p>
Yes, you heard it right. It was a tough time for us, and it took much time to recover. We don't want that happen to your site ever.
Hackers search the web for easy targets. When they find one with weak security issues, they start doing their job.
Securing your website means, you have to do a lot of work but, don't worry we'll walk you through every steps we learned from our 10yrs of experience.
In this article we'll cover the inside Joomla part. You can use any of the extensions recommended below to secure your website. There are tons of extensions on JED but we did the hard work for you to select the very best from it.
We'll cover more on our upcoming articles...
For getting protection from hackers, it is recommended to use security extensions.
Disclaimer : We didn't receive any payment from the extension author.
<h2>Admin Tools</h2> <p>Admin tools is another great product of Akeeba Ltd, and also known as true swiss army knife. We know, every Joomla release comes with some security patches, and it is essential to be updated. Admin tools notify you about new releases of Joomla, fixes your directories, file permissions and updates automatically.</p><p> With a single mouse click, <a href="https://www.akeebabackup.com/download/admin-tools.html">Admin tools</a> allow you to change your database prefix, perform database maintenance, set a super administrator ID and password. With the advanced "Web Application Firewall" of Admin tools, you are protected from some common attacks.</p><p><span><strong data-redactor-tag="strong" data-verified="redactor">The key features of Admin tools are :</strong></span></p><ul><li><span>Emergency off-line switch.</span><br></li><li>Maintenance made easy with just a simple click.<br></li><li>Advanced web application Firewall.<br></li><li>Redirects URL directly with parameters.<br></li><li>Change your file permissions without using SSH or FTP.<br></li><li>Protects your site against a vast majority of popular attacks.<br></li><li>PHP file change scanner monitor for any PHP file changes, and lets you know.<br></li><li>Secure <code data-redactor-tag="code" data-verified="redactor">.htaccess</code> file with an easy GUI.</li></ul> <h2>AdminExile</h2> <p>Hackers always search for a way to get into your system. The attacker gets the opportunity easily when he finds the login panel of the website. From that time brute force begins. This brute force attack can be prevented by hiding the login URL of the site.</p>
AdminExile helps to prevent attacks by hiding the login URL. It adds an additional key value in the login URL so that the users who know the key can only reach the URL. If someone tries to enter who does not have the key will be redirected to another URL.
AdminExile allows you to configure the extension to email login link to the system administrator, in case you forget the key. You can flexibly set the re-entry time with this extension. The user can log into the system admin panel without using a key, within the specified re-entry time.
The features of AdminExile are :
- Administrator key and URL protection.
- Administrator session cookie security.
- Lost link recovery.
- Failure logging.
- Brute Force detection and blocking.
- Live data reporting.
- IPv4/6 Whitelist and Blacklist with CIDR capability.
Furthermore, you can restrict user group to log in from the front end. AdminExile gives you the option to make blacklist and whitelist of IP. So, after filtering blocked IP will not get any access to the website.
<h2> <span>jHackGuard</span></h2> <p>jHackGuard, the name explains it all. The main task of this extension is to prevent a website from being hacked. It protects from cross-site scripting, SQL injections, thwart remote code execution, and remote URL or file inclusions. </p>
It is a very user-friendly extension that keeps doing its job without distracting any administrator from their routine work. For filtering users input data, jHackGuard also fine-tunes security configurations.
Features of jHackGuard includes :
- Protection from SQL injection, remote code execution, remote URL/file inclusions, and XSS based attacks.
- Filters user input and implement additional PHP security settings.
- Enhanced User interface.
- Enhanced Security and Performance.
- Better SEO results.
If you are concerned with protection from hacker attacks and protection, RSfirewall is the right Joomla extension for you. RSFirewall blocks every known attack and keeps you safe 24/7.
RSFirewall allows you to set blacklisted and whitelisted IPs with a backend password. It also detects and blocks harmful codes, prevents unauthorized changes of the administrator, thwarts brute-force login attempts. RSFirewall blocks anonymous proxies and stops unauthorized accesses.
Key features of RSFirewall :
- Protection against RCE vulnerabilities.
- Extra security for administrator accounts and folder.
- Finds and fixes insecure files and folder permissions.
- Advanced graphical visual representation of latest attacks.
- Exceptions tab for firewall exception rules.
As attacks on Joomla websites by hackers are increasing, owners might have to suffer a huge loss of data, money and time. To prevent these losses, JomDefender comes with security services that can give you protection from these hacker attacks. This extension decreases the vulnerabilities of your site and close security holes for hackers.
JomDefender has a built-in corePHP filter that can address some known Joomla's weaknesses. Additionally, it provides some extra features such as front end & back end IP blocking, admin login screen, and much more.
The key features of JomDefender :
- IP address access control for the front end and back end both.
- Double layer admin prompt for login security.
- Login, logout CSRF prevention for preventing unauthorized users.
- Automatic removal of Joomla's generator tags, HTML white space, and PHP header.
- File integrity check for unwanted changes in a file.
- Page execution time display and much more.
Open Source Antivirus is the most advanced security tool that allows you to remove any malicious codes from your server site. It uses several techniques for detecting viruses, which gives you maximum protection. It automatically deletes the malicious code, if write access to a file is given.
You can manually set the types of files to be scanned. This extension is automatically updating its virus database continuously, so it detects the most recent viruses detected on the net. OSE antivirus also gives you the option to remove or quarantine the virus manually.
Features of OSE antivirus are :
- Double layered firewall protection.
- Embedded virus scanning function.
- Detailed reporting and blocking reactions
- Several scanning modes.
- Flexible configuration.
- Search engine friendly.
- Anti-Flooding and ClamAV antivirus-virus integration.
OSE antivirus gives you support over several languages with an interactive user interface.
Brute Force Stop
The main activity of this extension is to stop brute force attacks. If any unauthorized person or bot tries to enter your system, it will block the access thus prevent login. The user can set the threshold value for failed access.
Brute Force Stop extension keeps the log of attackers IP address so that you can know the record of failed logins. You can also block or unblock users with this extensions. The log options of this extension are organized so well that you will found every detail in one place.
Features of Brute force stop extension :
- Protection against Brute force attacks.
- PHP 7 and MySQL compatibility.
- IP management with whitelist and blacklist.
- User login safety.
- The threshold value for failed access.
Now you can easily protect your Joomla forms and third-party extensions with EasyCalcCheck Plus extension. It comes with external antispam services like Akismet, Google ReCaptcha, Honeypot project, Mollom, StopForumSpam, Botscout, Bot-trap. It gives protection via a token in the backend so that the admin login page can be opened with the right token.
It also gives you defense against SQL injections and local file inclusion. EasyCalcCheck Plus is a free extension, but if you need support, then you need a subscription first.
Features of ECC+ :
- Arithmetic problem - Addition and Subtraction.
- Antispam services Mollom, Akismet, Google ReCaptcha, Bot-trap, StopForumSpam, Honeypot project.
- Protection from local file intrusion and SQL injection.
- Token generate for the login page.
After the fresh installation of Joomla, some security gaps occur. Securitycheck protects you by closing those gaps. It blocks hacker attacks, unauthorized proxies, and fixes misconfigured permissions. One of its primary features is the web firewall application, which gives protection from 90 different types of SQL injection attacks, cross-site scripting, and local file inclusion.
Securitycheck also provides .htaccess protection, session protection, file management, vulnerability checking, remote management, IP blacklisting and much more. It is a recommended extension after installing Joomla, for new Joomla users.
Some major features of Securitycheck :
- Advanced web Firewall with multiple configurations.
- Malware scanner with the enlarged database.
- Remote management of extensions.
- Geoblock for blocking IP addresses according to its geolocation.
- Vulnerabilities checking.
- Cron plugin and Module info.
For improving your safety and performance, you can use these security extensions according to your need. You can install any extension directly from Joomla extension directory. Always see details of extension before installing or updating.
Sometimes security extensions might not be enough to save from hacking. So it is wise to use a backup software like Akeeba Backup. It performs the backup of your Joomla site automatically and in time of need allows you to recover from the backup.
Do not forget to let us know about your thoughts and ideas. You can give your valuable suggestions and feedbacks in the comment section.