There are many extensions out there for Joomla that can be used to keep your site secure or at least make things harder to hackers to exploit your website and server resources.
This blog post series will go through a list of security extensions for Joomla that will help keep your site as secure as possible.
Part 1: AdminTools
Admintools by Nicholas Dinolouplus from AkeebaBackup is by far the best security suite I have seen for Joomla in all the years that I have been using it.
The basic core version of the extension only allows you to update and do simple tweaks to Joomla but the PRO version which can be purchase from AkeebaBackup.com does a whole lot more.
One feature that I find highly useful is the .htaccess file maker.
For those that don’t know, the htaccess file on a server stands for hypertext access and triggers apache web server software when executed. This can change the way your server runs from turning on security features, allowing access to only certain files, restricting access to others and much much more. You can find out more about what htaccess is and what it can do from http://www.htaccess-guide.com/
In terms of Joomla and AdminTools, the .htaccess file maker allows a site administrator to easily create a htaccess file script so lock down and secure your website simply by filling in the form details.
.HTAccess File Maker
One part of the htaccess file maker to take note of is the file and folder exception list. By default the htaccess file maker will block all non Joomla core files from being executed or running. This includes any custom PHP that you may have created or dynamic files that might be generated and called upon in your website. The idea of this is that it will also stop any hacker’s file inclusions that have been added to your website. So if a file has been placed on to your website by a hacker, the htaccess file will not allow it to run.
You may also have a lot of trial and error in the creation of the htaccess file to get the right combination and settings to work on your site and server. Lastly, it will only work on Apache based servers as htaccess is and Apache server feature.
The second great feature of AdminTools Pro is the “Web Application Firewall”. The WAF, like the htaccess file maker, has a set of configuration within it that will have different affects on your Joomla website.
Query String Logins
Another feature to note is the extra query strong that you can add onto the end of the access URL of your administrator website. For example, you would normally access the administrator area of your website via, http://youwebsite.com/administrator. This features allows you to append a extra random word to the end of making it harder to gain access to the backend of your website. For example yu may have "http://yourwebsite.com/administrator/?iLoveJoomla". Now the only way to get access to the admin area is via the URL with the extra string query /?iLoveJoomla.
Any incorrect string queries will simply redirect the user back to the front end of the website .
It is a perfect way to block automated script attacks to the admin area of your website as well as curious people trying to figure out your passwords.
Auto banning of user IP addresses that attempt to gain access to your website this way is also possible.
Just keep in mind that you may be blocking yourself one day and you will need to know how to unblock yourself from being banned from your own website.
Check for the white list IP addresses when configuring this feature and if you want to know what your current IP address is, go to: http://whatismyip.com where you can see your IP address on the website. The backend of AdminTools under the white list IP address will also detect your IP address for addition into the list.
Part 2: RSFirewall