Protect your device, browser & web connection When thinking about website security, it is easy to overlook the:
device (operating system) used to connect to your website, the way you connect (your web browser) to the internet, and how you connect (in the clear or via encryption).
To do so would be a BIG mistake.
After all, where do you log into your website dashboard from?
From your computer device via a web browser, hopefully using a secure encrypted connection (HTTPS).
To use the latest available version and release of operating system and browser is no guarantee that your personal data will not be stolen but it will significantly reduce the risk.
Likewise when you take the time to add an SSL certificate to your website.
DEVICE Operating System (OS) FREQUENTLY check you are using the latest available version and release of of your device's OS.
RECOMMENDED: Sign up for The Hacker News Newsletter when you visit the following link.
Subscribe to The Hacker News Newsletter .
Is your device using an old version of proprietary OS? It is possible that users of older versions of proprietary operating system (OS) will not benefit from the latest available security release.
Users of older versions should check that new OS update announcements apply to their older version.
If not then they should plan to either upgrade to the latest version OR switch to a different OS.
We advocate open source.
Linux Mint is an example of an open source OS.
Search for "how to switch to linux mint" if you would like to try Linux Mint.
Is your device compatible with the latest version of its OS? We know many old computers will not run the latest version of MacOS or Windows 10.
If this is your experience then you should plan to change to a different OS.
We advocate open source.
Linux Mint is an example of an open source OS.
Search for "how to switch to linux mint" if you would like to try Linux Mint.
Tips for users of proprietary operating systems If you use a proprietary operating system then it is essential that you:
turn on User Account Control (UAC), and tweak its settings so that it ALWAYS notifies you when system changes that require administrator level permissions are about to be made; set Automatic Updates to be applied automatically or prompt you when updates become available; regularly scan your computer for malware but don't rely only on your anti-virus package; also scan using a specialised anti-malware application like malwarebytes . WEB BROWSER The web browser you use to surf the web should ALWAYS be the latest available version and release.
Whichever browser you use, we recommend using the DuckDuckGo search engine, in order to protect your privacy when searching the web (see below).
Chrome FREQUENTLY check you are using the latest available release of Chrome.
RECOMMENDED: Sign up for The Hacker News Newsletter when you visit the following link.
Subscribe to The Hacker News Newsletter .
Use Strict Site Isolation
This was an optional security feature in older versions of Chrome,
It is now enabled by default in Chrome 67 and later versions on Windows, Mac, Linux, and Chrome OS.
The image below shows Disable Site Isolation is activated (by default) in the latest version of Chrome.
Strict Site Isolation limits the ability of rogue Javascript programs to steal data when you browse the web.
Chrome Site Isolation isolates the website you are visiting from:
websites open in other browser tabs, websites embedded inside other websites (via iframe).
Activate 'Clear Cookies and Site Data When You Quit Chrome'
Select Hamburger Button at top right of browser.
Select Settings > Privacy & Security > Cookies and other site data.
Select (turn ON) Clear Cookies and Site Data When You Quit Chrome.
See image below.
Protect Your Privacy: Default Search Engine
Select Hamburger Button at top right of browser.
Select Settings > Search Engine.
Change default search engine to DUCK DUCK GO.
See image below.
Simple 1-Click Compromised Password Reset Feature
Check Simple 1-Click Compromised Password Reset Feature is Activated
We recommend NOT saving user credentials (username and password) in the browser cache.
If you do then activate this feature (introduced in 2021).
Firefox FREQUENTLY check you are using the latest available release of Firefox.
RECOMMENDED: Sign up for The Hacker News Newsletter when you visit the following link.
Subscribe to The Hacker News Newsletter .
Enable First Party Isolation
First Party Isolation works in a similar way to Strict Site Isolation in Chrome.
It is NOT enabled by default.
To enable, open Firefox and enter the following in the address bar:
about:config?filter=privacy.firstparty.isolate Click through the warning screen and enter ISOLATE in the search field at the top of the next screen.
If you see:
privacy.firstparty.isolate = TRUE then First Party Isolation is enabled (see image below).
If you see FALSE then you can toggle the setting to change it to TRUE.
When done, close and re-open Firefox.
Activate 'Delete Cookies and Site Data When Firefox Closes'
Select Hamburger Button at top right of browser.
Select Preferences > Privacy & Security.
Select (turn ON) Delete Cookies and Site Data When Firefox Closes.
See image below.
Protect Your Privacy: Default Search Engine
Select Hamburger Button at top right of browser.
Select Preferences > Search.
Change default search engine to DUCK DUCK GO.
See image below.
Site Isolation Security Feature
Check Site Isolation Security Feature is Activated.
We recommend NOT browsing websites using multiple open tabs whilst you are signed into your website control panel.
But if you cannot break this habit then activate this feature (introduced in 2021).
Tips for users of any and all browsers
Turn ON Browser Security Features.
Protect your privacy.
Turn ON Delete Cookies and Site Data When Browser Closes (Firefox) or equivalent in your browser.
Set default search engine as DUCK DUCK GO.
Never let your browser remember passwords.
NEVER trust website pop-ups that tell you to download a browser update.
FREQUENTLY clear the browser cache (short term memory).
SEARCH ENGINE Whatever web browser you use you have a choice of a wide range of search engines.
We like DuckDuckGo because of its privacy settings.
DuckDuckGo automatically blocks FLoC browser technology as well as tracking cookies.
Find out more about the benefits of DuckDuckGo at the following links.
Read more: About DuckDuckGo .
Read more: Block FLoC with DuckDuckgo .
WEB CONNECTION Make sure you always connect to your website and its dashboard by secure encrypted connection when you are administering its content.
The same applies when signing into the Hosting Control Panel provided by your hosting company.
Also, periodically check whether or not your router (or modem) is still being supported with software updates issued by its manufacturer. In 2021 The Hacker Newsletter reported that Cisco had withdrawn security support for some of its older models.
What else should you do?
Check your Router has not been hijacked Router (or DNS) hijack means that someone has intentionally modified the settings on your router without your consent.
The hijacker will be able to:
monitor, control, and redirect your Internet traffic.
For example, if your router is hijacked then the next time you visit a website you might instead be redirected to a fake version of the website.
Routers are more vulnerable to being hijacked if they contain vulnerabilities or have been misconfigured.
FREQUENTLY check your router has not been hijacked using the FREE tool provided by F-SECURE.
Read more: F-SECURE Router Checker .
Learn more about how F-SECURE Router Checker works
And get a second opinion.
Read more: Review of F-SECURE Router Checker by Tom's Hardware .
Read more: Free Tools to Test Scan your Router .
Add an SSL Certificate to your website When you add an SSL Certificate to your website's domain your user credentials will be encrypted when you sign into your website's dashboard.
We recommend free Lets Encrypt SSL certificates which can be quickly and easily added when you sign into your hosting dashboard.
There are some Joomla! and SEO settings that may need to be changed when you add SSL.
Read more: How to add a Lets Encrypt SSL Certificate .
File Transfer NEVER connect to the server hosting your website via an unencrypted connection.
AVOID use of HTTP and FTP.
ONLY use HTTPS and SFTP or FTPS.
NEVER store your user credentials in your Web Browser or FTP Client's cache.
Read more: File Transfer .
EMAIL CLIENT Let CAUTION be your watchword when using your Email Client.
Useful pointers to keep in mind every time you read an email NEVER click on links from sources you neither know or trust.
NEVER reply to spam or click on unsubscribe links unless you trust the sender is genuine. Instead mark the mail as junk.
NEVER assume a known source is the person you think it is.
ALWAYS use caution when clicking on email links, especially shortened URLs.
NEVER open attached files without scanning for viruses and malware.
SUBSCRIBE to 'The Hacker News' newsletter To keep up to speed with the latest security threat affecting your website, operating system and web browser.
You can sign up when you visit the link below.
"The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts."
Read more: About 'The Hacker News' Media .
Make Joomla! CMS Security YOUR #1 Priority
Learn how to manage Joomla! website security .
