How to secure your Joomla site from Hackers ?

Here we will take you through the steps you need to know so that your Joomla website is as safe and secure as possible online!

Consider a Joomla security audit

Consider having a Joomla security website full audit and you will have taken the first step on the road to online security. A security audit will result in a list of potential security issues being created. The highlighted issues can then be resolved. Sometimes it is the simple things that are missed such as setting file permissions correctly, implementationof strong secure passwords and SSL certificates with data encryption.


Sometimes more complicated issues will be highlighted. For such issues you may be better off if you do have web development skills, if in any doubt though we would recommend that you appoint a professional web developer to avoid potential mistakes!

Secure Joomla hosting

Your website should be hosted on a secure server, so make sure that your hosting provider has implemented a strong security policy into their hosting servers. If they do not then you must move your website to a more secure Joomla hosting provider, this is very important.
The task of securing a website that has been developed using the Joomla development platform can be a tricky job. However, most professional website hosting companies would normally be pleased to help you move your site from one hosting provider to another.
Check they offer the following:

  • Automatic Joomla Updates
  • Multiple layers of Server-side Security Filters
  • Firewall
  • Antivirus
  • Malware detection
  • IP Address blocking where necessary
  • Fast Response to Zero-day Mass Attacks
  • Insistyour Joomla installation and extensions are kept up-to-date

Always keep your Joomla installation updated to the latest version, this helps to make life difficult for both new and old exploits to be utilised by online hackers. Fixes for security issues are included with most Joomla releases.

Many attacks utilise security issues in Joomla extensions than the Joomla 3 core files.

Implement use of Strong passwords/ User names

This may seem obvious but ‘password’ is not a good password and an admin login named ‘admin’ is not a good login name! But you would be amazed how many times these are used! Try to implement the use of logins like £R5UU9(!SSw#88 and passwords like $4FfOq0&b””#k9hh, we are sure you get the idea!

Correctly set your File Permissions

Make sure that you do set the right permissions for your Joomla files and their folders. We would suggest the following permissions settings, in general:

  1. Set Joomla folders permission to 755
  2. Set Joomla Files permission to 644
  3. Never ever set 777 permission – this would allow anyone access!
  4. Set configuration.php file permission to 444

Restrict access to your Admin Page

  • Restrict access to your admin page. Password protect the /administrator folder for your installation.
  • Once done, an additional password will be required for any user to gain access to the admin login form.

Use Joomla security extensions

Joomla security extensions are available such as OSE Secure, JHackGuard and RSFirewall.

Always Back-up your Joomla Site

Ensure that you back-up your full Joomla installation often. Test that your backups are always available and perform periodic test restores to make sure that the process works!
You must ensure that you have a reliable backup and restore recovery procedure should there be the need to back out the current version of your website and/or database etc.