Joomla!® CMS Security

Choose a web hosting company with care

Look for a web hosting company which complies with the Security and Technical Requirements published by the Joomla! Project.

We also recommend that you pay close attention to PHP, MySQL and server location.

We can offer friendly impartial advice to customers to help them choose the most appropriate hosting solution for their Joomla! website.

Read more: Choose a hosting company with care.

Check the server is running the latest release of PHP & MySQL

Check the server hosting your website is using the latest available release for a given version of PHP and MySQL.

We tell you how to check and consider which versions to use in this guide.

Read more: About PHP & MySQL.

Keep your Joomla! CMS & its extensions up to date

It is essential then that keep your Joomla! CMS and its extensions up to date.

To not do so will leave your website vulnerable to being compromised by hackerists.

This truth means that regular website maintenance by YOU is essential to protect your website.

We offer guidance, support and coaching.

GUIDANCE: How to update your Joomla! CMS.

SUPPORT: WYNCHCO Joomla! CMS Support.

COACHING: Learn how to keep your Joomla! CMS safe & secure.

Back up your website frequently

Either take or delegate responsibility for drafting a simple Backup and Recovery Plan.

This might be as simple as: once every week AND before updating your Joomla! CMS and its extensions.

IMPORTANT

Always back up before performing updates.

Updates can and do break websites.

Assume they will and you have nothing to fear!

Read more: How to back up your Joomla! CMS.

Avoid using too many Joomla! extensions

When you visit the JED (Joomla! Extensions Directory) you will find thousands of great extensions.

Resist the temptation to grab loads and start installing them on your website without taking precautions.

Some extensions will break your website and not all extensions are well supported.

Some are totally insecure.

The fewer extensions your website uses the better, so get rid of those you are not using.

We use fewer than 10 in our own website.

Read more:  How to uninstall 3rd party extensions.

Avoid using Vulnerable Extensions

Before using an extension, browse the Joomla! Vulnerable Extension List (or VEL).

Subscribe to the VEL Newsletter.

Browse the VEL.

Subscribe to the VEL Newsletter.

Install and configure a Web Application Firewall

If you value your Joomla! website then protect it.

Install, configure and maintain a Web Application Firewall (or WAF).

We believe that NO business should run a website without a Web Application Firewall.

Read more: Web Application Firewall.

Keep yourself informed about new Joomla! releases

Regularly visit the official Joomla! website to check for new releases of the Joomla! CMS.

Read more: www.joomla.org.

Subscribe to the Joomla! Project's Security News Mailing List.

Subscribe: Joomla! Security News Mailing List.

If you use RSS readers, subscribe to the Joomla Security News RSS Feed.

Subscribe: Joomla Security News RSS Feed.

Subscribe to the Joomla! Vulnerable Extension List Newsletter

Subscribe to the VEL Newsletter.

Learn how to keep your Joomla! CMS safe & secure

We are Joomla! Specialists offering PERSONAL and LOCAL Joomla! CMS Support.

We coach managers who have responsibility for Joomla! CMS websites in businesses and organisations across the UK.

Read more: Learn how to keep your Joomla! CMS safe and secure.

Use COMPLEX UNIQUE passwords

Create UNIQUE usernames and COMPLEX UNIQUE passwords for your website control panel and your hosting control panel.

NEVER store passwords in unencrypted form or in your browser's cache.

Read more: Usernames & Passwords.

Add an SSL Certificate to your website

When you add an SSL Certificate to your website's domain your user credentials will be encrypted when you sign into your website's control panel.

We recommend free Lets Encrypt SSL certificates which can be quickly and easily added when you sign into your hosting control panel.

There are some Joomla! and SEO settings that may need to be changed when you add SSL.

Read more: How to add a Lets Encrypt SSL Certificate.

Keep your computer Operating System & Web browser up to date

It is easy to forget about the device you use to connect to your website when thinking about website security.

Keep your device's Operating System and Web Browser up to date.

If not then you risk having your login credentials stolen when you visit your website to sign in and edit its content.

Read more: Protect your device, browser & web connection.