SlideShare a Scribd company logo

Secrets to a Hack-Proof Joomla Revealed

SiteGround.com
SiteGround.com

The recent spike of hack attempts on various Joomla sites has made it more urgent than ever to take actions and secure your Joomla in the best possible way. In this webinar the SiteGround Joomla Performance Guru Daniel Kanchev shows the best practices and shares insightful tricks how to protect your Joomla from getting hacked: - Joomla administrator security settings - Bullet-proof password tips - Vulnerable extensions to avoid - Web application firewall configurations - Recommended server settings - Intrusion detection and protection tools - Disaster recovery plans

Technology
1 of 39
Download to read offline
SECRETS TO A HACK-PROOF JOOMLA REVEALED! Daniel Kanchev Joomla Performance Guru
SiteGround.com - Expert Joomla Hosting BEFORE WE BEGIN... • 7+ years of Joomla! experience • 4 years with SiteGround • Love traveling the world • Addicted to extreme and not secure sports 2 SiteGround.com - Expert Joomla Hosting
SiteGround.com - Expert Joomla Hosting WHO SHOULD CARE ABOUT SECURITY? • Application/Extension developers • Hosting providers/system administrators • YOU (end Joomla users) 3
SiteGround.com - Expert Joomla Hosting WHO SHOULD CARE ABOUT SECURITY? • Application/Extension developers • Hosting providers/system administrators • YOU (end Joomla users) 4 EVERYONE
SiteGround.com - Expert Joomla Hosting Why shouldYOU care? • Be trustworthy by protecting your clients’ data • Have a healthy site - avoid substantial data loss/downtime 5
SiteGround.com - Expert Joomla Hosting How hackers work? 6
SiteGround.com - Expert Joomla Hosting Everyone’s responsible! 7
SiteGround.com - Expert Joomla Hosting Security is a process! KEEP CALM IT’S NOT ROCKET SCIENCE 8
SiteGround.com - Expert Joomla Hosting ISYOUR SERVER SETUP RIGHT? 9
SiteGround.com - Expert Joomla Hosting Server config & tips • Update server software - Apache, ftp, mail, etc • Harden the Linux kernel - grsecurity • Chroot processes • Use Suexec, secure PHP setup (fastCGI) • Provide only restricted shell access • Disable/remove unused services ✓Software solutions: 1H Hive, Better Linux, CloudLinux 10
SiteGround.com - Expert Joomla Hosting Protect your web server with mod_security • OWASP rules - http://goo.gl/rC7Uz • Atomic rules - http://goo.gl/Fv3Vn • Trustwave paid rules - http://goo.gl/9IAaB 11
SiteGround.com - Expert Joomla Hosting PROTECT JOOMLA! 12
SiteGround.com - Expert Joomla Hosting #1: Update Everything! 13
SiteGround.com - Expert Joomla Hosting SiteGround Auto Updates 14
SiteGround.com - Expert Joomla Hosting #2: Do The Basics • Never user admin as username • Use a secure password 15
SiteGround.com - Expert Joomla Hosting Use Bullet-proof Passwords • Avoid password generators • Don’t use common words - love,pass, admin • Avoid personal info, names, significant dates - daniel123 16
SiteGround.com - Expert Joomla Hosting The Perfect Password • Choose a favorite (not famous) movie quote/ large phrase from a book: We all go a little mad sometimes • Add punctuation symbols ( ? ! . : ) and capital letters, remove whitespaces Result:We.all?Go!Alittle1Mad2sometimes 17
SiteGround.com - Expert Joomla Hosting #3: Password ProtectYour Administrator Folder 18 cPanel Password Protect Directories Administrator
SiteGround.com - Expert Joomla Hosting #4: Restrict The Admin Area Access By IP • Step1: Check your IP -> whatismyip.com • Step2: Add this rule in the administrator folder .htaccess file deny from all allow fromYOUR_IP_ADDRESS 19
SiteGround.com - Expert Joomla Hosting #5: Fix your permissions & ownership • Folders: 0755 • Files: 0644 • Configuration.php: 444 • NEVER EVER USE 777 permissions 20
SiteGround.com - Expert Joomla Hosting Fix permissions in cPanel 21 cPanel File Manager
SiteGround.com - Expert Joomla Hosting #6: Keep PHP Scripts In The Right Folders In media, libraries, logs, language folders: <Files *.php> deny from all </Files> 22
SiteGround.com - Expert Joomla Hosting23 How To Do It In File Manager
SiteGround.com - Expert Joomla Hosting #7: Legacy security issues 24 • Change the default admin username • Change the default jos_ DB prefix For Joomla 1.5 or older
SiteGround.com - Expert Joomla Hosting #8: CheckYour Extensions • JoomlaVulnerable Extensions List http://vel.joomla.org/ • NationalVulnerability Database http://web.nvd.nist.gov/view/vuln/search 25
SiteGround.com - Expert Joomla Hosting Stay On Top Of Security Updates • Subscribe to the Joomla feeds: ✓http://feeds.joomla.org/JoomlaSecurityNews ✓http://feeds.joomla.org/ JoomlaSecurityVulnerableExtensions 26
SiteGround.com - Expert Joomla Hosting Build a Joomla security RSS feed How to do it: http://is.gd/Vze1Zo
SiteGround.com - Expert Joomla Hosting #9:Additional protection through .htaccess rules • Remove PHP sensitive information • AvoidVisual Fingerprinting • Block some popular tools used by hackers How to do it: http://is.gd/pGfVXQ 28
SiteGround.com - Expert Joomla Hosting #10: Use Joomla Security Extensions for IDS/IPS • jHackGuard • Akeeba Admin Tools • jomDefender • jSecure 29
SiteGround.com - Expert Joomla Hosting SQL Injection • SQL code + search form screenshot 30 SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't';!!!
SiteGround.com - Expert Joomla Hosting jHackGuard setup • SQL Injections • Remote URL/File Inclusions • Remote Code Executions • XSS Based Attacks Download it here: http://is.gd/01wLhH 31
SiteGround.com - Expert Joomla Hosting #11: Backup! Backup! Backup! --Manual backups --Your host --Akeeba Backups
SiteGround.com - Expert Joomla Hosting NOW WHAT?
SiteGround.com - Expert Joomla Hosting DON’T PANIC!
SiteGround.com - Expert Joomla Hosting DISASTER RECOVERY PLAN 1. Create a copy of the hacked site + all logs 2. Restore from a clean backup 3. Quarantine your site - enable maintenance mode 4. Check the logs for the malicious code 5. Resolve the security issues/Clean malicious code 6. Unquarantine* your site - disable maintenance mode 35
SiteGround.com - Expert Joomla Hosting FEW THINGS TO TAKE AWAY • Security is about making it harder to infiltrate - not making it impossible • Security is an ongoing process • Everyone is involved 36
SiteGround.com - Expert Joomla Hosting QUESTIONS TIME!
SiteGround.com - Expert Joomla Hosting WWW.SITEGROUND.COM/WEBINAR
THANKYOU! Daniel Kanchev daniel.k@siteground.com

Recommended

8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfArthur Kasirye
 
It’s a WIN, WIN: ‘WordPress On Windows’
It’s a WIN, WIN: ‘WordPress On Windows’It’s a WIN, WIN: ‘WordPress On Windows’
It’s a WIN, WIN: ‘WordPress On Windows’Brendan Sera-Shriar
 
WordPress Security
WordPress Security WordPress Security
WordPress Security Christina Hawkins
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 

Recommended

8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfArthur Kasirye
 
It’s a WIN, WIN: ‘WordPress On Windows’
It’s a WIN, WIN: ‘WordPress On Windows’It’s a WIN, WIN: ‘WordPress On Windows’
It’s a WIN, WIN: ‘WordPress On Windows’Brendan Sera-Shriar
 
WordPress Security
WordPress Security WordPress Security
WordPress Security Christina Hawkins
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
The moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaThe moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaMarko Heijnen
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Michele Butcher-Jones
 
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nlJoomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nlPhilip Locke
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureMeagan Hanes
 
Locking down word press
Locking down word pressLocking down word press
Locking down word pressZachary Russell
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Introduction to Backups and Security
Introduction to Backups and SecurityIntroduction to Backups and Security
Introduction to Backups and SecuritySuzette Franck
 
Sucuri Webinar: Beginner's Guide to CDNs
Sucuri Webinar: Beginner's Guide to CDNsSucuri Webinar: Beginner's Guide to CDNs
Sucuri Webinar: Beginner's Guide to CDNsSucuri
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-securityDigamber Pradhan
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Bastian Grimm
 
Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionOtto Kekäläinen
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application securityJames Crowley
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress SiteFrank Corso
 
WordPress Security 101
WordPress Security 101WordPress Security 101
WordPress Security 101Shady A. Sharaf
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press BlogChetan Gole
 
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 201340 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013Bastian Grimm
 
Joomladagen 2015 Joomla Performance
Joomladagen 2015 Joomla PerformanceJoomladagen 2015 Joomla Performance
Joomladagen 2015 Joomla PerformanceSimon Kloostra
 
Presentatie JUG plugin Merka
Presentatie JUG plugin MerkaPresentatie JUG plugin Merka
Presentatie JUG plugin MerkaKarel Mertens
 

More Related Content

What's hot

Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
The moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaThe moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaMarko Heijnen
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Michele Butcher-Jones
 
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nlJoomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nlPhilip Locke
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureMeagan Hanes
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Introduction to Backups and Security
Introduction to Backups and SecurityIntroduction to Backups and Security
Introduction to Backups and SecuritySuzette Franck
 
Sucuri Webinar: Beginner's Guide to CDNs
Sucuri Webinar: Beginner's Guide to CDNsSucuri Webinar: Beginner's Guide to CDNs
Sucuri Webinar: Beginner's Guide to CDNsSucuri
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-securityDigamber Pradhan
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Bastian Grimm
 
Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionOtto Kekäläinen
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application securityJames Crowley
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress SiteFrank Corso
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press BlogChetan Gole
 
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 201340 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013Bastian Grimm
 

What's hot (20)

Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
The moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaThe moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp Sofia
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015
 
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nlJoomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
Introduction to Backups and Security
Introduction to Backups and SecurityIntroduction to Backups and Security
Introduction to Backups and Security
 
Sucuri Webinar: Beginner's Guide to CDNs
Sucuri Webinar: Beginner's Guide to CDNsSucuri Webinar: Beginner's Guide to CDNs
Sucuri Webinar: Beginner's Guide to CDNs
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-security
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
 
Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 edition
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application security
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress Site
 
WordPress Security 101
WordPress Security 101WordPress Security 101
WordPress Security 101
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! website
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press Blog
 
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 201340 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
 

Viewers also liked

Joomladagen 2015 Joomla Performance
Joomladagen 2015 Joomla PerformanceJoomladagen 2015 Joomla Performance
Joomladagen 2015 Joomla PerformanceSimon Kloostra
 
Presentatie JUG plugin Merka
Presentatie JUG plugin MerkaPresentatie JUG plugin Merka
Presentatie JUG plugin MerkaKarel Mertens
 
Templates maken met helix framework Joomla User Group Utrecht 10 november 2014
Templates maken met helix framework Joomla User Group Utrecht 10 november 2014Templates maken met helix framework Joomla User Group Utrecht 10 november 2014
Templates maken met helix framework Joomla User Group Utrecht 10 november 2014Eric Tiggeler
 
How to become a Joomla! Tester
How to become a Joomla! TesterHow to become a Joomla! Tester
How to become a Joomla! TesterMarc DECHEVRE
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 

Viewers also liked (6)

Joomladagen 2015 Joomla Performance
Joomladagen 2015 Joomla PerformanceJoomladagen 2015 Joomla Performance
Joomladagen 2015 Joomla Performance
 
Presentatie JUG plugin Merka
Presentatie JUG plugin MerkaPresentatie JUG plugin Merka
Presentatie JUG plugin Merka
 
Joomla SEO voor JUG's
Joomla SEO voor JUG'sJoomla SEO voor JUG's
Joomla SEO voor JUG's
 
Templates maken met helix framework Joomla User Group Utrecht 10 november 2014
Templates maken met helix framework Joomla User Group Utrecht 10 november 2014Templates maken met helix framework Joomla User Group Utrecht 10 november 2014
Templates maken met helix framework Joomla User Group Utrecht 10 november 2014
 
How to become a Joomla! Tester
How to become a Joomla! TesterHow to become a Joomla! Tester
How to become a Joomla! Tester
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
 

Similar to Secrets to a Hack-Proof Joomla Revealed

Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015kriptonium
 
8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid ThemDaniel Kanchev
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered WebsitePratik Jagdishwala
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itTim Plummer
 
Hidden Secrets For A Hack-Proof Joomla! Site
Hidden Secrets For A Hack-Proof Joomla! SiteHidden Secrets For A Hack-Proof Joomla! Site
Hidden Secrets For A Hack-Proof Joomla! SiteDaniel Kanchev
 
Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Chris Nickerson
 
OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security Akarawuth Tamrareang
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionBeau Bullock
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking DrupalGreg Foss
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Jim Manico
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...nooralmousa
 
Staying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress WebsiteStaying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress WebsiteRaymund Mitchell
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 

Similar to Secrets to a Hack-Proof Joomla Revealed (20)

Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015
 
8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security Basics
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered Website
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
 
Hidden Secrets For A Hack-Proof Joomla! Site
Hidden Secrets For A Hack-Proof Joomla! SiteHidden Secrets For A Hack-Proof Joomla! Site
Hidden Secrets For A Hack-Proof Joomla! Site
 
Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)
 
OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 Edition
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Flipping the script
Flipping the scriptFlipping the script
Flipping the script
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
 
Staying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress WebsiteStaying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress Website
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 

More from SiteGround.com

Accessibilità digitale: come rendere un sito web accessibile a tutti
Accessibilità digitale: come rendere un sito web accessibile a tuttiAccessibilità digitale: come rendere un sito web accessibile a tutti
Accessibilità digitale: come rendere un sito web accessibile a tuttiSiteGround.com
 
WhatsApp Marketing: cos’è e come farlo nel modo giusto
WhatsApp Marketing: cos’è e come farlo nel modo giustoWhatsApp Marketing: cos’è e come farlo nel modo giusto
WhatsApp Marketing: cos’è e come farlo nel modo giustoSiteGround.com
 
Come usare e ottimizzare le immagini per il web
Come usare e ottimizzare le immagini per il webCome usare e ottimizzare le immagini per il web
Come usare e ottimizzare le immagini per il webSiteGround.com
 
5 cose da sapere per fare un sito responsive su WordPress
5 cose da sapere per fare un sito responsive su WordPress5 cose da sapere per fare un sito responsive su WordPress
5 cose da sapere per fare un sito responsive su WordPressSiteGround.com
 
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerceBlack Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerceSiteGround.com
 
Attacchi informatici: cosa sono e come funzionano
Attacchi informatici: cosa sono e come funzionanoAttacchi informatici: cosa sono e come funzionano
Attacchi informatici: cosa sono e come funzionanoSiteGround.com
 
Google Analytics 4: affrontare il cambiamento senza sforzi
Google Analytics 4: affrontare il cambiamento senza sforziGoogle Analytics 4: affrontare il cambiamento senza sforzi
Google Analytics 4: affrontare il cambiamento senza sforziSiteGround.com
 
Yoast SEO: trucchi e consigli per sfruttarlo al meglio
Yoast SEO: trucchi e consigli per sfruttarlo al meglioYoast SEO: trucchi e consigli per sfruttarlo al meglio
Yoast SEO: trucchi e consigli per sfruttarlo al meglioSiteGround.com
 
Webinar SITEGROUNG VENDERE ONLINE.pdf
Webinar SITEGROUNG VENDERE ONLINE.pdfWebinar SITEGROUNG VENDERE ONLINE.pdf
Webinar SITEGROUNG VENDERE ONLINE.pdfSiteGround.com
 
Cookieless World: La Marketing Automation a supporto del business online
Cookieless World: La Marketing Automation a supporto del business onlineCookieless World: La Marketing Automation a supporto del business online
Cookieless World: La Marketing Automation a supporto del business onlineSiteGround.com
 
È meglio la SEO on-page o la SEO off-page?
È meglio la SEO on-page o la SEO off-page?È meglio la SEO on-page o la SEO off-page?
È meglio la SEO on-page o la SEO off-page?SiteGround.com
 
Analytics: Trasforma il tuo sito in uno strumento di business
Analytics: Trasforma il tuo sito in uno strumento di businessAnalytics: Trasforma il tuo sito in uno strumento di business
Analytics: Trasforma il tuo sito in uno strumento di businessSiteGround.com
 
Come e perché ottimizzare il proprio sito per i Core Web Vitals
Come e perché ottimizzare il proprio sito per i Core Web VitalsCome e perché ottimizzare il proprio sito per i Core Web Vitals
Come e perché ottimizzare il proprio sito per i Core Web VitalsSiteGround.com
 
SEM: il centravanti del tuo Marketing Online
SEM: il centravanti del tuo Marketing OnlineSEM: il centravanti del tuo Marketing Online
SEM: il centravanti del tuo Marketing OnlineSiteGround.com
 
10 plugin fondamentali per migliorare il tuo sito WooCommerce
10 plugin fondamentali per migliorare il tuo sito WooCommerce10 plugin fondamentali per migliorare il tuo sito WooCommerce
10 plugin fondamentali per migliorare il tuo sito WooCommerceSiteGround.com
 
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediati
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediatiOttimizzazione e gestione WordPress: Azioni semplici per risultati immediati
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediatiSiteGround.com
 
Crea fantastiche landing page con il nuovo editor WordPress
Crea fantastiche landing page con il nuovo editor WordPressCrea fantastiche landing page con il nuovo editor WordPress
Crea fantastiche landing page con il nuovo editor WordPressSiteGround.com
 
Personal Branding: strategie digitali per il marketing personale
Personal Branding: strategie digitali per il marketing personalePersonal Branding: strategie digitali per il marketing personale
Personal Branding: strategie digitali per il marketing personaleSiteGround.com
 
Le 10 domande più frequenti su WordPress (e le 10 risposte)
Le 10 domande più frequenti su WordPress (e le 10 risposte)Le 10 domande più frequenti su WordPress (e le 10 risposte)
Le 10 domande più frequenti su WordPress (e le 10 risposte)SiteGround.com
 
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...SiteGround.com
 

More from SiteGround.com (20)

Accessibilità digitale: come rendere un sito web accessibile a tutti
Accessibilità digitale: come rendere un sito web accessibile a tuttiAccessibilità digitale: come rendere un sito web accessibile a tutti
Accessibilità digitale: come rendere un sito web accessibile a tutti
 
WhatsApp Marketing: cos’è e come farlo nel modo giusto
WhatsApp Marketing: cos’è e come farlo nel modo giustoWhatsApp Marketing: cos’è e come farlo nel modo giusto
WhatsApp Marketing: cos’è e come farlo nel modo giusto
 
Come usare e ottimizzare le immagini per il web
Come usare e ottimizzare le immagini per il webCome usare e ottimizzare le immagini per il web
Come usare e ottimizzare le immagini per il web
 
5 cose da sapere per fare un sito responsive su WordPress
5 cose da sapere per fare un sito responsive su WordPress5 cose da sapere per fare un sito responsive su WordPress
5 cose da sapere per fare un sito responsive su WordPress
 
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerceBlack Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
 
Attacchi informatici: cosa sono e come funzionano
Attacchi informatici: cosa sono e come funzionanoAttacchi informatici: cosa sono e come funzionano
Attacchi informatici: cosa sono e come funzionano
 
Google Analytics 4: affrontare il cambiamento senza sforzi
Google Analytics 4: affrontare il cambiamento senza sforziGoogle Analytics 4: affrontare il cambiamento senza sforzi
Google Analytics 4: affrontare il cambiamento senza sforzi
 
Yoast SEO: trucchi e consigli per sfruttarlo al meglio
Yoast SEO: trucchi e consigli per sfruttarlo al meglioYoast SEO: trucchi e consigli per sfruttarlo al meglio
Yoast SEO: trucchi e consigli per sfruttarlo al meglio
 
Webinar SITEGROUNG VENDERE ONLINE.pdf
Webinar SITEGROUNG VENDERE ONLINE.pdfWebinar SITEGROUNG VENDERE ONLINE.pdf
Webinar SITEGROUNG VENDERE ONLINE.pdf
 
Cookieless World: La Marketing Automation a supporto del business online
Cookieless World: La Marketing Automation a supporto del business onlineCookieless World: La Marketing Automation a supporto del business online
Cookieless World: La Marketing Automation a supporto del business online
 
È meglio la SEO on-page o la SEO off-page?
È meglio la SEO on-page o la SEO off-page?È meglio la SEO on-page o la SEO off-page?
È meglio la SEO on-page o la SEO off-page?
 
Analytics: Trasforma il tuo sito in uno strumento di business
Analytics: Trasforma il tuo sito in uno strumento di businessAnalytics: Trasforma il tuo sito in uno strumento di business
Analytics: Trasforma il tuo sito in uno strumento di business
 
Come e perché ottimizzare il proprio sito per i Core Web Vitals
Come e perché ottimizzare il proprio sito per i Core Web VitalsCome e perché ottimizzare il proprio sito per i Core Web Vitals
Come e perché ottimizzare il proprio sito per i Core Web Vitals
 
SEM: il centravanti del tuo Marketing Online
SEM: il centravanti del tuo Marketing OnlineSEM: il centravanti del tuo Marketing Online
SEM: il centravanti del tuo Marketing Online
 
10 plugin fondamentali per migliorare il tuo sito WooCommerce
10 plugin fondamentali per migliorare il tuo sito WooCommerce10 plugin fondamentali per migliorare il tuo sito WooCommerce
10 plugin fondamentali per migliorare il tuo sito WooCommerce
 
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediati
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediatiOttimizzazione e gestione WordPress: Azioni semplici per risultati immediati
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediati
 
Crea fantastiche landing page con il nuovo editor WordPress
Crea fantastiche landing page con il nuovo editor WordPressCrea fantastiche landing page con il nuovo editor WordPress
Crea fantastiche landing page con il nuovo editor WordPress
 
Personal Branding: strategie digitali per il marketing personale
Personal Branding: strategie digitali per il marketing personalePersonal Branding: strategie digitali per il marketing personale
Personal Branding: strategie digitali per il marketing personale
 
Le 10 domande più frequenti su WordPress (e le 10 risposte)
Le 10 domande più frequenti su WordPress (e le 10 risposte)Le 10 domande più frequenti su WordPress (e le 10 risposte)
Le 10 domande più frequenti su WordPress (e le 10 risposte)
 
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
 

Recently uploaded

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Recently uploaded (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Secrets to a Hack-Proof Joomla Revealed

  • 1. SECRETS TO A HACK-PROOF JOOMLA REVEALED! Daniel Kanchev Joomla Performance Guru
  • 2. SiteGround.com - Expert Joomla Hosting BEFORE WE BEGIN... • 7+ years of Joomla! experience • 4 years with SiteGround • Love traveling the world • Addicted to extreme and not secure sports 2 SiteGround.com - Expert Joomla Hosting
  • 3. SiteGround.com - Expert Joomla Hosting WHO SHOULD CARE ABOUT SECURITY? • Application/Extension developers • Hosting providers/system administrators • YOU (end Joomla users) 3
  • 4. SiteGround.com - Expert Joomla Hosting WHO SHOULD CARE ABOUT SECURITY? • Application/Extension developers • Hosting providers/system administrators • YOU (end Joomla users) 4 EVERYONE
  • 5. SiteGround.com - Expert Joomla Hosting Why shouldYOU care? • Be trustworthy by protecting your clients’ data • Have a healthy site - avoid substantial data loss/downtime 5
  • 6. SiteGround.com - Expert Joomla Hosting How hackers work? 6
  • 7. SiteGround.com - Expert Joomla Hosting Everyone’s responsible! 7
  • 8. SiteGround.com - Expert Joomla Hosting Security is a process! KEEP CALM IT’S NOT ROCKET SCIENCE 8
  • 9. SiteGround.com - Expert Joomla Hosting ISYOUR SERVER SETUP RIGHT? 9
  • 10. SiteGround.com - Expert Joomla Hosting Server config & tips • Update server software - Apache, ftp, mail, etc • Harden the Linux kernel - grsecurity • Chroot processes • Use Suexec, secure PHP setup (fastCGI) • Provide only restricted shell access • Disable/remove unused services ✓Software solutions: 1H Hive, Better Linux, CloudLinux 10
  • 11. SiteGround.com - Expert Joomla Hosting Protect your web server with mod_security • OWASP rules - http://goo.gl/rC7Uz • Atomic rules - http://goo.gl/Fv3Vn • Trustwave paid rules - http://goo.gl/9IAaB 11
  • 12. SiteGround.com - Expert Joomla Hosting PROTECT JOOMLA! 12
  • 13. SiteGround.com - Expert Joomla Hosting #1: Update Everything! 13
  • 14. SiteGround.com - Expert Joomla Hosting SiteGround Auto Updates 14
  • 15. SiteGround.com - Expert Joomla Hosting #2: Do The Basics • Never user admin as username • Use a secure password 15
  • 16. SiteGround.com - Expert Joomla Hosting Use Bullet-proof Passwords • Avoid password generators • Don’t use common words - love,pass, admin • Avoid personal info, names, significant dates - daniel123 16
  • 17. SiteGround.com - Expert Joomla Hosting The Perfect Password • Choose a favorite (not famous) movie quote/ large phrase from a book: We all go a little mad sometimes • Add punctuation symbols ( ? ! . : ) and capital letters, remove whitespaces Result:We.all?Go!Alittle1Mad2sometimes 17
  • 18. SiteGround.com - Expert Joomla Hosting #3: Password ProtectYour Administrator Folder 18 cPanel Password Protect Directories Administrator
  • 19. SiteGround.com - Expert Joomla Hosting #4: Restrict The Admin Area Access By IP • Step1: Check your IP -> whatismyip.com • Step2: Add this rule in the administrator folder .htaccess file deny from all allow fromYOUR_IP_ADDRESS 19
  • 20. SiteGround.com - Expert Joomla Hosting #5: Fix your permissions & ownership • Folders: 0755 • Files: 0644 • Configuration.php: 444 • NEVER EVER USE 777 permissions 20
  • 21. SiteGround.com - Expert Joomla Hosting Fix permissions in cPanel 21 cPanel File Manager
  • 22. SiteGround.com - Expert Joomla Hosting #6: Keep PHP Scripts In The Right Folders In media, libraries, logs, language folders: <Files *.php> deny from all </Files> 22
  • 23. SiteGround.com - Expert Joomla Hosting23 How To Do It In File Manager
  • 24. SiteGround.com - Expert Joomla Hosting #7: Legacy security issues 24 • Change the default admin username • Change the default jos_ DB prefix For Joomla 1.5 or older
  • 25. SiteGround.com - Expert Joomla Hosting #8: CheckYour Extensions • JoomlaVulnerable Extensions List http://vel.joomla.org/ • NationalVulnerability Database http://web.nvd.nist.gov/view/vuln/search 25
  • 26. SiteGround.com - Expert Joomla Hosting Stay On Top Of Security Updates • Subscribe to the Joomla feeds: ✓http://feeds.joomla.org/JoomlaSecurityNews ✓http://feeds.joomla.org/ JoomlaSecurityVulnerableExtensions 26
  • 27. SiteGround.com - Expert Joomla Hosting Build a Joomla security RSS feed How to do it: http://is.gd/Vze1Zo
  • 28. SiteGround.com - Expert Joomla Hosting #9:Additional protection through .htaccess rules • Remove PHP sensitive information • AvoidVisual Fingerprinting • Block some popular tools used by hackers How to do it: http://is.gd/pGfVXQ 28
  • 29. SiteGround.com - Expert Joomla Hosting #10: Use Joomla Security Extensions for IDS/IPS • jHackGuard • Akeeba Admin Tools • jomDefender • jSecure 29
  • 30. SiteGround.com - Expert Joomla Hosting SQL Injection • SQL code + search form screenshot 30 SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't';!!!
  • 31. SiteGround.com - Expert Joomla Hosting jHackGuard setup • SQL Injections • Remote URL/File Inclusions • Remote Code Executions • XSS Based Attacks Download it here: http://is.gd/01wLhH 31
  • 32. SiteGround.com - Expert Joomla Hosting #11: Backup! Backup! Backup! --Manual backups --Your host --Akeeba Backups
  • 33. SiteGround.com - Expert Joomla Hosting NOW WHAT?
  • 34. SiteGround.com - Expert Joomla Hosting DON’T PANIC!
  • 35. SiteGround.com - Expert Joomla Hosting DISASTER RECOVERY PLAN 1. Create a copy of the hacked site + all logs 2. Restore from a clean backup 3. Quarantine your site - enable maintenance mode 4. Check the logs for the malicious code 5. Resolve the security issues/Clean malicious code 6. Unquarantine* your site - disable maintenance mode 35
  • 36. SiteGround.com - Expert Joomla Hosting FEW THINGS TO TAKE AWAY • Security is about making it harder to infiltrate - not making it impossible • Security is an ongoing process • Everyone is involved 36
  • 37. SiteGround.com - Expert Joomla Hosting QUESTIONS TIME!
  • 38. SiteGround.com - Expert Joomla Hosting WWW.SITEGROUND.COM/WEBINAR