News

Joomla News (16)

13

January
(0 votes)

3 Simple Ways to Keep Your Joomla Site Secure

13 January 2016 Joomla News 0 0 votes

In an age of constant news of security breaches, it’s more important than ever for webmasters of Joomla websites to keep their sites safe and secure. While there’s no one-size-fits all solution for keeping your Joomla site secure, there are some good rules of thumb to follow to help ensure that your site is as secure as possible and it’s not as hard as it may seem.

Keep Your Joomla Installation Up-to-date

This is the biggest area where we see users fail in keeping their site secure and is the easiest pitfall to avoid. With the built-in updater that’s been available since versions following Joomla 1.5, updating is really no more difficult than a few clicks.

We strongly recommend backing up your site before applying any updates. You can easily do so by installing Akeeba backup or using the App manager in the client area of your account at getsimple.net.

Once you successfully backed up your site, you can then proceed to upgrading your site by using the built-in updater or you backup and update all in one step from our App manager.

Keep Your Joomla Extensions Up-to-date

While many users tend to keep their Joomla installations up-to-date, they often ignore all of the wonderful extensions that they have installed, leaving their sites open to attacks.

Start by visiting the extensions > manage area of your Joomla administration area and then click on “update” to review extensions updates that are available to update. After backing up apply any available updates.

There are still plenty of extensions which do not use the updater built into Joomla, so you’ll need to click on “manage” and then compare your list of installed extensions against the Vulnerable Extensions List to find any of your extensions that may be vulnerable. You will want to update any you find pronto.

Lastly, even if you do not have any vulnerable extensions installed, there are likely updates available for your particular extensions. Some 3rd party extension developers have updaters built into the component, which you can utilize to update their extensions and enjoy the benefits of new features and bug fixes. Even if they have no updater available, there still might be newer versions available, which you can download and install via the Joomla extension manager.

Permissions, Passwords, and Protecting Your Administrator Area

File Permissions

You need to use a hosting provider that utilizes something (e.g. suPHP) to keep your file permissions secure while you interact with them. Generally speaking, files should stay at 644 and folders should be 755 to prevent world read/write access.

Passwords

When creating passwords for your users, we recommend that you should always create strong passwords, with letters, numbers–both lowercase and uppercase, and characters with at least 10 digits. Utilize some sort of password manager such as LastPass, 1Password, or Dashlane, to assist with generating strong passwords and managing them.

For additionally security, utilize two factor authentication. Joomla has this built-in which can easily be turned on by visiting your plugins area and searching for "Two Factor Authentication” where you can select frontend, backend, or both options. and enable the plugin to use with google authenticator or a physical YubiKey.

If you don’t have the need for users to sign-up on your site, disable registration. Simply visit Users > Manage > Options and select “No” next to “Allow User Registration”. This will help prevent plenty of issues including, but certainly not limited to, spamming from your site by nefarious users taking advantage of your site.

Protecting Your Administrator Area

Believe it or not, a hacker can gain access to your administrator area if you make it easy for them. Make sure to avoid using usernames like “Admin” or “Administrator”. These will be a hackers first guess.

Strong passwords help, but if a hacker can brute-force attack your administrator area, they’ll eventually get the right combination of usernames/passwords given enough time. So, we recommend making it harder for them by hiding your administrator area from them. The standard Joomla administrator url has always been http://yourdomain.com/administrator/ and hackers know this. There’s a free plugin for Joomla named kSecure that will allow you add a secret key to your administrator url like http://yourdomain.com/administrator-secret to make it even more difficult to access. It also gives you the option to protect your administrator directory through http authentication.

You can find additional tips and resources on securing your Joomla site at the Joomla Security Checklist page.

If you're looking for professional assistance with keeping your Joomla site secure, we do all of these things and more for you with Joomla Hosting Complete. Joomla Hosting Complete is totally managed, end-to-end hosting solution for your Joomla website. 

21

January
(0 votes)

Welcoming all Joomla 1.5 Users

21 January 2014 Joomla News 0 0 votes

Joomal 1.5 forced update to Joomla 2.5

Shared hosting customers of some of the larger web hosting companies out there have started receiving unfriendly notices from their once trusted host. In a nutshell, the notices from JustHost and BlueHost and others state that Joomla 1.5 websites will be automatically updated to Joomla 2.5 in the coming days. Needless to say, this will create all sorts of issues and errors to appear on their customers' websites.

Why are they doing this?

Our guess is that this is a security move by these companies out of sheer ignorance. Joomla 1.5.26 does have some security flaws out of the box that do have patches available. Why not just offer to apply the patch...or even ask that the customer apply the patch by a certain date? We're not sure, but instead these hosts have chosen to send, what amounts to, eviction notices to their Joomla 1.5 hosted customers.

If it's not being done out of ignorance, then it's ambivalence toward 1.5 users, which would make the move all the more sad. 

So, if you've received one of these notices, what are your viable options?


Simple Source is here to help

If you're a soon to be refugee from one of these hosting companies, we would be honored to serve the hosting needs of your Joomla 1.5 website. We've been offering hosting services to our Joomla users since 2007 and have the experience needed to be your reliable and trustworthy hosting partner. We employ a set of stringent security controls that help keep your site running without a hitch and without inconveniencing you as some have chosen as an attempt at security. We proactively maintain all of our servers to ensure optimal performance and monitor services on each service in 5 minute intervals to quickly respond to any issues that may arrise. We're more capable of serving your hosting needs. 

Get Simple and get away from these hosts

We can migrate your sites from these providers free of charge and ensure that the latest patches have been applied to your Joomla 1.5 install. Furthermore, when signing up, use promo code: JOOMLA15REFUGEE to automatically receive 20% off of your order.

Get updated with care

We do a lot of Joomla website updates for our customers and even for people not hosting with us. If you're looking to have your site updated to Joomla 3 or Joomla 2.5, the right way, we can generally get this accomplished for you in as little as a few days to a few weeks for more complicated websites.  If you're choosing to host with us, we even give you a significant discount off of our update service.  

We're sorry you're experiencing the incovenience of this awkwardly forced sitution. Whatever you choose to do, you can rest assured that Simple Source is here to support you in the days ahead.

07

August
(0 votes)

How We Handled the Recent Joomla Vulnerability

07 August 2013 Joomla News 0 0 votes

Joomla Hosting Security ReleaseWhat you have in place to protect your Joomla site is so very important when critical security issues are discovered such as the recent vulnerabilities patched by the Joomla Project with the release of Joomla 3.1.5 and 2.5.14.

Shortly after the release of 3.1.4 and 2.5.13, it was discovered that there was a security hole in the media manager that allowed for an attacker to upload malicious contents via a registered user account. It was also discovered that this vulnerability affected older, no longer supported, Joomla 1.5.x websites. Luckily some great folks in the Joomla Community released a patch for Joomla 1.5 addressing the issue. The vulnerability that these updates patched would grant a hacker access to virtually anything under the vulnerable hosting account, so it's very important that you get your sites updated if you haven't already.

While this this may sound scary to Joomla hosters, the layers of security and options we have in place make us very prepared to take on the task of protecting our customers from such a threat.

Proactive updates for 3.5.x and 2.5.x sites

Our Total Website Maintenance Plan customers never have to wonder if their sites are up-to-date with such releases. Like always, all of their site files and databases were first backed up, and then were updated to the latest version the very same day the updates were released. The same day the community released the patch for Joomla 1.5, our customers with 1.5 sites received the patch. Our maintenance plan customers also enjoy proactive updates as released by the developer to any of their Joomla extensions which have become vulnerable. Just so you're aware, vulnerable extension updates are something that nifty update services simply aren't able to perform.

We understand that some customers don't want us messing with their site files and databases and have good reasons for such, so for customers not on our maintenance plan we provide a tool named installatron to easily roll your own installs and updates. If you're using installation to manage your site with us, we do periodically backup out-of-date scripts and apply minor releases.

Insulation from inattentive site owners

There's no need to fear other customers who never update their sites when you Get Simple. All of our shared hosting accounts have layers of insulation between them and are more than secure. Even those with SSH access are only granted jailed shell access after jumping through some internal security protocols.

Page 1 of 4

Get in Touch

Newsletter