Protect your device, browser & web connection
When thinking about website security, it is easy to overlook the:
device (operating system) used to connect to your website,
the way you connect (your web browser) to the internet, and
how you connect (in the clear or via encryption).
After all, where do you log into your website dashboard from?
From your computer device via a web browser, hopefully using a secure encrypted connection (HTTPS).
To use the latest available version and release of operating system and browser is no guarantee that your personal data will not be stolen but it will significantly reduce the risk.
Likewise when you take the time to add an SSL certificate to your website.
DEVICE Operating System (OS)
FREQUENTLY check you are using the latest available version and release of of your device's OS.
RECOMMENDED: Sign up for The Hacker News Newsletter when you visit the following link.
Subscribe to The Hacker News Newsletter .
Is your device using an old version of proprietary OS?
It is possible that users of older versions of proprietary operating system (OS) will not benefit from the latest available security release.
Users of older versions should check that new OS update announcements apply to their older version.
If not then they should plan to either upgrade to the latest version OR switch to a different OS.
We advocate open source.
Linux Mint is an example of an open source OS.
Search for "how to switch to linux mint" if you would like to try Linux Mint.
Is your device compatible with the latest version of its OS?
We know many old computers will not run the latest version of MacOS or Windows 10.
If this is your experience then you should plan to change to a different OS.
We advocate open source.
Linux Mint is an example of an open source OS.
Search for "how to switch to linux mint" if you would like to try Linux Mint.
Tips for users of proprietary operating systems
If you use a proprietary operating system then it is essential that you:
turn on User Account Control (UAC), and
tweak its settings so that it ALWAYS notifies you when system changes that require administrator level permissions are about to be made;
set Automatic Updates to be applied automatically or prompt you when updates become available;
regularly scan your computer for malware but don't rely only on your anti-virus package;
also scan using a specialised anti-malware application like malwarebytes .
WEB BROWSER
Whichever web browser you use, we recommend that you:
Frequently check it is the latest available version and release.
Turn ON Browser Security Features.
Adjust settings to protect your privacy.
Ensure cookies and browser cache is automatically deleted when you close your browser.
Frequently close and re-open your browser to clear cookies and cache.
Disable the storing of usernames and passwords.
Ignore website pop-ups which tell you to download a browser update.
Use the DuckDuckGo search engine to protect your privacy when searching the web (see below).
Chrome
FREQUENTLY check you are using the latest available release of Chrome.
RECOMMENDED: Sign up for The Hacker News Newsletter when you visit the following link.
Subscribe to The Hacker News Newsletter .
Use Strict Site Isolation
This was an optional security feature in older versions of Chrome,
It is now enabled by default in Chrome 67 and later versions on Windows, Mac, Linux, and Chrome OS.
The image below shows Disable Site Isolation is activated (by default) in the latest version of Chrome.
Strict Site Isolation limits the ability of rogue Javascript programs to steal data when you browse the web.
Chrome Site Isolation isolates the website you are visiting from:
websites open in other browser tabs,
websites embedded inside other websites (via iframe).
Visit the link below for how to enable Site Isolation for Chrome (caries across different operating systems).
You will quickly see this is not a straightforward matter.
Another reason why we prefer Firefox (see below).
Read more: How to enable Site Isolation .
Activate 'Clear Cookies and Site Data When You Quit Chrome'
Select Hamburger Button at top right of browser.
Select Settings > Privacy & Security > Cookies and other site data.
Select (turn ON) Clear Cookies and Site Data When You Quit Chrome.
See image below.
Change the Default Search Engine Select Hamburger Button at top right of browser.
Select Settings > Search Engine.
Change default search engine to DUCK DUCK GO.
See image below.
Logins and Passwords De-select the Offer to save passwords option.
And the Auto Sign-in option.
Simple 1-Click Compromised Password Reset Feature
Check Simple 1-Click Compromised Password Reset Feature is Activated
We recommend NOT saving user credentials (username and password) in the browser cache.
If you do then activate this feature (introduced in 2021).
Firefox
FREQUENTLY check you are using the latest available release of Firefox.
RECOMMENDED: Sign up for The Hacker News Newsletter when you visit the following link.
Subscribe to The Hacker News Newsletter .
Enable First Party Isolation
First Party Isolation works in a similar way to Strict Site Isolation in Chrome.
It is NOT enabled by default.
To enable, open Firefox and enter the following in the address bar:
about:config?filter=privacy.firstparty.isolate
Click through the warning screen and enter ISOLATE in the search field at the top of the next screen.
If you see:
privacy.firstparty.isolate = TRUE
then First Party Isolation is enabled (see image below).
If you see FALSE then you can toggle the setting to change it to TRUE.
When done, close and re-open Firefox.
Activate 'Delete Cookies and Site Data When Firefox Closes' Select Hamburger Button at top right of browser.
Select Settings > Privacy & Security.
Select (turn ON) Delete Cookies and Site Data When Firefox Closes.
See image below.
Change the Default Search Engine Select Hamburger Button at top right of browser.
Select Preferences > Search.
Change default search engine to DUCK DUCK GO.
See image below.
Site Isolation Security Feature
Check Site Isolation Security Feature is Activated.
We recommend NOT browsing websites using multiple open tabs whilst you are signed into your website control panel.
But if you cannot break this habit then activate this feature (introduced in 2021).
Un-check Save Logins and Passwords Select Settings > Privacy & Security > Logins and Passwords and un-check the box labelled:
Ask to save logins and passwords for web sites .
Enable Private Browsing
Select Settings > Privacy & Security > History and change Firefox will to Firefox will Use custom settings for history .
This will enable you to Always use Private Browsing Mode.
SEARCH ENGINE
Whatever web browser you use you have a choice of a wide range of search engines.
We like DuckDuckGo because of its privacy settings.
DuckDuckGo automatically blocks FLoC browser technology as well as tracking cookies.
Find out more about the benefits of DuckDuckGo at the following links.
Read more: About DuckDuckGo .
Read more: Block FLoC with DuckDuckgo .
WEB CONNECTION
Make sure you always connect to your website and its dashboard by secure encrypted connection when you are administering its content.
The same applies when signing into the Hosting Control Panel provided by your hosting company.
Also, periodically check whether or not your router (or modem) is still being supported with software updates issued by its manufacturer. In 2021 The Hacker Newsletter reported that Cisco had withdrawn security support for some of its older models.
What else should you do?
Check your Router has not been hijacked
Router (or DNS) hijack means that someone has intentionally modified the settings on your router without your consent.
The hijacker will be able to:
monitor,
control, and
redirect
your Internet traffic.
For example, if your router is hijacked then the next time you visit a website you might instead be redirected to a fake version of the website.
Routers are more vulnerable to being hijacked if they contain vulnerabilities or have been misconfigured.
FREQUENTLY check your router has not been hijacked using the FREE tool provided by F-SECURE.
Read more: F-SECURE Router Checker .
Learn more about how F-SECURE Router Checker works
And get a second opinion.
Read more: Review of F-SECURE Router Checker by Tom's Hardware .
Read more: Free Tools to Test Scan your Router .
Add an SSL Certificate to your website
When you add an SSL Certificate to your website's domain your user credentials will be encrypted when you sign into your website's dashboard.
We recommend free Lets Encrypt SSL certificates which can be quickly and easily added when you sign into your hosting dashboard.
There are some Joomla! and SEO settings that may need to be changed when you add SSL.
Read more: How to add a Lets Encrypt SSL Certificate .
File Transfer
NEVER connect to the server hosting your website via an unencrypted connection.
AVOID use of HTTP and FTP.
ONLY use HTTPS and SFTP or FTPS.
NEVER store your user credentials in your Web Browser or FTP Client's cache.
Read more: File Transfer .
EMAIL CLIENT
Let CAUTION be your watchword when using your Email Client.
Useful pointers to keep in mind every time you read an email
NEVER click on links from sources you neither know or trust.
NEVER reply to spam or click on unsubscribe links unless you trust the sender is genuine. Instead mark the mail as junk.
NEVER assume a known source is the person you think it is.
ALWAYS use caution when clicking on email links, especially shortened URLs.
NEVER open attached files without scanning for viruses and malware.
SUBSCRIBE to 'The Hacker News' newsletter
To keep up to speed with the latest security threat affecting your website, operating system and web browser.
You can sign up when you visit the link below.
"The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts."
Read more: About 'The Hacker News' Media .
Make Joomla! CMS Security YOUR #1 Priority
Learn how to manage Joomla! website security .
To do so would be a BIG mistake.
