Here is some security tricks in order to improve security on Joomla CMS:
- put a .htaccess file in your “administrator” folder to protect all the files in the folder and subfolders allowing only your ips.
- move configuration.php to a safe directory outside of public_html and rename it whatever you want. We use the name joomla.conf in this example:
#mv configuration.php ../joomla.conf
Create a new configuration.php file containing only the following code:
require( dirname( __FILE__ ) . '/../joomla.conf' );
- change file permisions and attributes:
#chmod 644 configuration.php
#chattr +i configuration.php
- upgrade to the latest version of Joomla which also fixes additional vulnerabilitiesreported by third parties, however, upgrading only Joomla does not fix the whole problem.
- install the Suhosin PHP extension, which comes with a generic
protection against mt_(s)rnad vulnerabilities;
- install ModSecurity2, wich is crucial for having a layer of defense against hackers.
We use Hosting and VPS Hosting, from: www.star-host.org
We like and trust them.
Good prices, high security.