Close

More on Joomla Security

OK, so I would like to increase security on a couple of my sites. You’ve probably seen my minimum security post from a few months ago (if not click here to see what I’d do to protect a joomla website as a minimum).

So having browsed the forums and extensions directory I’ve come across the following helpful tools and tips

JomLand Meta Generator – this tool will change that nasty Joomla generator metatag – it’s a dead giveaway that you’re using joomla and will remove the ?tp=1 module position information trick. Click here to download the meta generator plugin — note that this is for Joomla 1.5 only.

JHackGuard – another plugin. This one claims to protect against SQL Injections, Remote URL/File Inclusions, Remote Code Executions and XSS Based Attacks. It has been developed by the folks at hosting company Siteground. Joomla gets pretty bad press from alot of hosters in relation to security so it’s good to see some developing a tool to protect against some common attacks. Get JHackGuard here — works on Joomla 1.5, 1.6 and 1.7.

AdminTools – I’ve mentioned this as one of my top 20 extensions before but can’t mention security or administration without it. AdminTools is an essential (along with it’s sister product Akeeba Backup). It’s primary use (for me) has been to minimise the hassle of updating Joomla via FTP after every patch release but it also contains security tools in the form of a list of htaccess directives. Obviously you can only try this feature out if you’re using Apache (have tried Zeus and it failed as expected – I imagine it would do the same on IIS). It also has a firewall built in – some of the features are shared with JHackguard so I’m unsure whether to run both on the same website at once – will test and report back. For €20 for a multi-site license it’s a steal. Get AdminTools here.

Eyesite – now I’ve heard of this one in the past but because of it’s absence from the JED I’ve avoided/forgotten it. Having just read up on what it does I’m kicking myself that I didn’t install on all of my websites years ago. Basically it takes a snapshot of the file status of your Joomla tree, if someone connects and starts changing files you’ll get an email notice. Think of how handy this would have been in the days of the Gumblar hack attacks. Note: I bet JMonitoring will be adding something similar (one to keep an eye on). Will need to test this one out in case it affects performance, since it needs to genrate an md5 checksum for each file. Many of our sites are on a dedicated server so those should be fine but am wondering if it would cause performance or timeout problems on shared servers. Get Eyesite for Joomla 1.5, 1.6 and 1.7 here.

UPDATE: Here’s one I forgot to mention but do use on a number of websites. JSecure installs in the backend and hides your Joomla administrator url, can email the administrator each time a user tries to login to the backend, provides ip blacklist capabilities and access logs. A very decent addition to your arsenal. More info here.

As with all extensions do have a look at the reviews on extensions.joomla.org before using them. If you find the extension useful leave a review to let others know.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.