Protect your device, browser & web connection

joomla support cheshire manchester merseyside north west uk

When thinking about website security, it is easy to overlook the device used to connect to your website, the way you connect (your web browser) and how you connect (in the clear or via encryption).

The MELTDOWN and SPECTRE security vulnerabilities of January 2018 point up the importance of ensuring that you are using the latest available version and release of:

  • Operating System, and
  • Web Browser.

And that when you sign into any website you do so via an encrypted link (HTTPS).

To use the latest available version and release of operating system and browser is no guarantee that your personal data will not be stolen but it will significantly reduce the risk.

Likewise when you take the time to add an SSL certificate to your website.

Operating System (OS)

The device you use to connect to the web should be using the latest available version and release of OS.

Is your device using an old version of proprietary OS?

It is possible that users of older versions of proprietary operating system (OS) will not benefit from the latest available security release.

Users of older versions should check that new OS update announcements apply to their older version.

If not then they should plan to either upgrade to the latest version OR switch to a different OS.

We advocate open source.

Linux Mint is an example of an open source OS.

Search for "how to switch to linux mint" if you would like to try Linux Mint.

Is your device compatible with the latest version of its OS?

We know many old computers will not run the latest version of MacOS or Windows 10.

If this is your experience then you should plan to change to a different OS.

We advocate open source.

Linux Mint is an example of an open source OS.

Search for "how to switch to linux mint" if you would like to try Linux Mint.

Tip for users of proprietary operating systems

If you use a proprietary operating system then pay close attention to User Account Control (UAC).

Turn on User Account Control

  1. Turn it on!
  2. Tweak its settings so that it ALWAYS notifies you when system changes that require administrator level permissions are about to be made.
  3. Check that Automatic Updates are set to be applied automatically or prompt you when updates become available.

REGULARLY SCAN your computer for malware but don't rely on your anti-virus package; use a specialised application like malwarebytes.

Web Browser

The web browser you use to surf the web should be the latest available version and release.

For increased peace of mind when connecting to websites which you sign into, including the control panel of your website, you might like to try enabling Site or First Party Isolation. See below.

Chrome Site Isolation

Turn on the Site Isolation to limit the ability of rogue Javascript programs to steal data when you browse the web.

chrome site isolation

Chrome Site Isolation isolates the website you are visiting from:

  • websites open in other browser tabs,
  • websites embedded inside other websites (via iframe).

Whilst this feature is designated 'experimental' (see image above) we can report not having experienced any issues when using it.

If you do experience issues then you can simply DISABLE the feature by clicking the blue button (see image).

Read more: Site Isolation and how it works.

Read more: How to turn on Site Isolation.

Firefox First Party Isolation

Firefox users can turn on a feature called First Party Isolation.

It works in a similar way to Site Isolation in Chrome.

As with Site Isolation in Chrome, if you experience issues after enabling the feature you can easily disable First Party Isolation.

Read more: How to turn on First Party Isolation.

Tip for users of any and all browsers

Turn ON Browser Security Features.

Never let your browser remember passwords!

Web Connection

Make sure you always connect to your website and hosting control panel by secure encrypted connection when you are administering its content.

Add an SSL Certificate to your website

When you add an SSL Certificate to your website's domain your user credentials will be encrypted when you sign into your website's control panel.

We recommend free Lets Encrypt SSL certificates which can be quickly and easily added when you sign into your hosting control panel.

There are some Joomla! and SEO settings that may need to be changed when you add SSL.

Read more: How to add a Lets Encrypt SSL Certificate.

File Transfer

Avoid using FTP or File Transfer Protocol to connect to the server hosting your website when you want to upload files in bulk, for example, lots of images or very large PDF files.

Instead sign into the Hosting Control Panel provided by your hosting company and use the File Manager utility.

Reason: the connection to your Hosting Control Panel will be by HTTPS (encrypted).

Your connection via FTP will be in the clear (not encrypted).

In both instances your user credentials could be intercepted as they are sent across the web.

But only in the case of FTP will they be readable.

If you must connect by FTP:

  • use SFTP (Secure File Transfer Protocol) and
  • NEVER save your FTP username and password in your FTP client's cache (or short term memory).

 

Make Joomla! CMS Security YOUR #1 Priority

joomla support cheshire manchester merseyside north west uk

Configuring and getting the most benefit from the Admin Tools WAF can be challenging.

But if you consider website security is as important as we do then we can help.

We offer Joomla! coaching, help and support to businesses and organisations across Cheshire, Manchester, Merseyside, North West England & the UK.

Learn how to keep your Joomla! CMS safe & secure.

Share This

Follow Us