It’s funny to read in the news that someone’s site is hacked, but when the site is yours – that’s not funny at all. Joomla! Is a great CMS that is widely used and because of this, hackers often try to get a way to hack a Joomla! Web site . Here is set of steps that could help you to improve your Joomla! Security and prevent your your Joomla! based site from being hacked. Do not ever forget to make a frequent backup of your internet site and database. If you still get hacked, you can always get back to an older version. Ensure you find out which extension caused the weakness and un-install it.

Change the default database prefix (jos_)

Most SQL injections that are written to hack a Joomla! Internet site, attempt to retrieve information from the jos_users table. This way, they can retrieve the user name and password from the site super admin. Changing the default prefix into something random, will stop most or all SQL injections.

You can set the database prefix when installing your Joomla! Web site. If you have already installed Joomla! and wish to change your prefix, do the following :

First, log on to your Joomla! Back-end.

Then, go to your global configuration, search for the database and change your database prefix ( Example : fdasqw_ ). Don’t forget to Save.

After that access your database through phpMyAdmin, go to export, leave all default values and press Start (please note that exporting the database can take some time). When export is completed, select all code and copy it to notepad (or any other text editor). In phpMyAdmin, select all tables and remove them. Go back to notepad and perform a search & replace ( Ctrl + H ). Set the searchterm to jos_ and change it into new prefix ( Example : fdasqw_ ). Press "Replace all". At the last, select everything in your notepad file and copy it. Then in phpMyAdmin, go to SQL, paste the queries and press Start.

Remove version number / name of extensions

Most security holes are specific for particular release of a particular extension. That’s why if you leave MyExtension version 2.14 visible on your site, that’s bad. You can easily tweak this message to mention only extension name: simply retrieve all extension’s files from your web server, open up Dreamweaver and load any file from the extension that you downloaded to your local machine. Then use the Search function and set the search to Search through specified folder. Navigate to the folder where you downloaded the exploit to, set the key term to "MyExtension version 2.14" and press OK. Six. When appropriate file is found, take away the version number. The only thing that’s left is to upload the modified file to your server and check if the changes are made.

Use a SEF part

Most hackers use the Google in url : command to search for an exposed exploit. Use Artio, SH404SEF or another SEF part to re-write your URL’s and stop hackers from finding the exploits. As an added benefit, your site will get a higher Google rank because of search engine friendly URL’s.

Update Joomla! and extensions frequently

One more blazingly obvious, but still often overlooked step – always check for the most recent versions of Joomla! and the extensions you are using. Many security weaknesses are patched in later versions.

Use the right CHMOD for each folder and file

Setting files or folders to a CHMOD of 777 or 707 is only mandatory when a script wishes to write to that file or catalog. All the other files should have the following configuration :

PHP files : 644

Config files : 666

Other folders : 755

Remove files that are not in use

When you installed an extension that you did not like, don’t set the extension to unbublished. If you do, the exposed files will stay on your site. Use un-install instead in order to completely delete the extension.

Change your .htaccess file

As last step, you could change the .htaccess file to block some most common expoits.

If you’ve got more tips to improve the Joomla! security, feel free to share them at the comments!