Written by Peter Bui Follow on
Published: 08 March 2013

There are many extensions out there for Joomla that can be used to keep your site secure or at least make things harder to hackers to exploit your website and server resources.

This blog post series will go through a list of security extensions for Joomla that will help keep your site as secure as possible.

Part 1: AdminTools

AdminTools

Admintools by Nicholas Dinolouplus from AkeebaBackup is by far the best security suite I have seen for Joomla in all the years that I have been using it.

The basic core version of the extension only allows you to update and do simple tweaks to Joomla but the PRO version which can be purchase from AkeebaBackup.com does a whole lot more.

One feature that I find highly useful is the .htaccess file maker.

For those that don’t know, the htaccess file on a server stands for hypertext access and triggers apache web server software when executed. This can change the way your server runs from turning on security features, allowing access to only certain files, restricting access to others and much much more. You can find out more about what htaccess is and what it can do from http://www.htaccess-guide.com/

In terms of Joomla and AdminTools, the .htaccess file maker allows a site administrator to easily create a htaccess file script so lock down and secure your website simply by filling in the form details.

.HTAccess File Maker

One part of the htaccess file maker to take note of is the file and folder exception list. By default the htaccess file maker will block all non Joomla core files from being executed or running. This includes any custom PHP that you may have created or dynamic files that might be generated and called upon in your website. The idea of this is that it will also stop any hacker’s file inclusions that have been added to your website. So if a file has been placed on to your website by a hacker, the htaccess file will not allow it to run.

Perfect, but remember if you’re using dynamic scripts on your website to compress javascript files or CSS on the fly then the htaccess file can also possibly block these files from loading.

You may also have a lot of trial and error in the creation of the htaccess file to get the right combination and settings to work on your site and server. Lastly, it will only work on Apache based servers as htaccess is and Apache server feature.

The second great feature of AdminTools Pro is the “Web Application Firewall”. The WAF, like the htaccess file maker, has a set of configuration within it that will have different affects on your Joomla website.

Query String Logins

Another feature to note is the extra query strong that you can add onto the end of the access URL of your administrator website. For example, you would normally access the administrator area of your website via, http://youwebsite.com/administrator. This features allows you to append a extra random word to the end of making it harder to gain access to the backend of your website. For example yu may have "http://yourwebsite.com/administrator/?iLoveJoomla". Now the only way to get access to the admin area is via the URL with the extra string query /?iLoveJoomla.

Any incorrect string queries will simply redirect the user back to the front end of the website .

It is a perfect way to block automated script attacks to the admin area of your website as well as curious people trying to figure out your passwords.

Auto banning of user IP addresses that attempt to gain access to your website this way is also possible.

Just keep in mind that you may be blocking yourself one day and you will need to know how to unblock yourself from being banned from your own website.

Check for the white list IP addresses when configuring this feature and if you want to know what your current IP address is, go to: http://whatismyip.com where you can see your IP address on the website. The backend of AdminTools under the white list IP address will also detect your IP address for addition into the list.

Part 2: RSFirewall

 

Peter Bui

Peter Bui

An all round web specialist with years of experience in web design, development and open source solutions at PB Web Development

Subscribe to the Podcast

Subscribe to Newsletter

Stay up to date with the latest Joomla news, design, development, marketing and management hints and tips right in your email.

Sub Category Topics Menu

Recent Comments

This site is hosted on

Digital Ocean

Simple Cloud Hosting, Built for Developers.

 

If you don't know how to build
your own server, we recommend

 siteground logo

Fast support, reliable & cost effective

Web Hosting