Tuesday, November 20, 2007

Security and Joomla

Recently many Joomla! sites, particularly those that have not performed the 1.0.13 upgrade, have attracted hacker attacks. While using open source software has many advantage and is especially well-suited to non-profit organizations, OSS content management systems like Joomla! require special attention to security.

If you have not upgraded your Joomla! installation to the latest version and checked all your plug-ins for security patches, you may want to do so as soon as possible - hack attacks cost time, and sometimes data as well as users. In addition to upgrading, several server features, like a hardened php.ini (including turning off register globals, magic quotes, and safe mode) and htaccess file, as well as other settings, should be in place. Regular backups outside the www folder should also be part of any good security plan - joomlacloner is a good bet for backups and has a chron tab for scheduling regular backups. Any time you or the webmaster uploads files to the site, he or she should use SFTP not FTP as FTP is not secure.