Ways to Protect Your Joomla Site from Hackers - JoomShaper
Blog
Tutorials

Ways to Protect Your Joomla Site from Hackers

10 May 2016
Hits 13,799
18 min read
Ways to Protect Your Joomla Site from Hackers

There several ways to make a hacker job as difficult as possible. If you run a Joomla 3.5 (or older) website, you should absolutely take at least basic steps to secure it against intruders. Some facts, according to Sophos Labs,  30,000 new sites a day that is hacked! Yes, that’s a shocking number. I guess you won't be part of this stats.

Some of them (site owner) may say: "It won’t happen to me. I have a small site, shop only.". But for hackers, criminals or extremist, it doesn't matter - they will destroy content or add hidden links because they want and can. We want to help you secure your CMS website from the get-go - prevention is better than cure, so make sure you action these tips to prevent Joomla hacking.

1 - UPDATE YOUR VERSIONS

You would be surprised how many sites have an old version of CMS. It wasn't updates for several reasons: no time (really?), no money (for migration service) and I didn't know this is important. You should always ensure your Joomla is at the latest version, which has fixes for all known security holes. Update all your components, modules and plugins and templates continually. Thousands of websites are hacked daily due to them using outdated extensions or even templates installed on them. In past, we heard about Rocketheme and Gavick issues in security topic.

2 - UPDATE YOUR PHP VERSION

Official support for PHP 5.3 is discontinued since August 2014. PHP 5.5 security support ended July 10th 2016. Also PHP 5.6 was  released more than 3  years ago. These old, obsolete, EXTREMELY INSECURE (= you ARE going to get hacked if you use them) versions also have very significant bugs in the way they handle code optimization. These bugs cause our software to fail when trying to read the permissions of certain files. This is NOT an issue with Joomla! and JoomShaper software, it's an issue with PHP itself. By pure coincidence, these PHP bugs were not triggered by previous versions of our software. This version works around this issue by reordering three lines of code. If you are not using the very latest PHP version your site WILL get hacked because of KNOWN security issues. We strongly recommend using PHP 7.2 or 7.3.

3 - CHECK YOUR SITE AND MAKE BACKUP

Sometimes people want to secure sites which have been already hacked (infected) and they do not know about it. Please first make a full analysis of your website to detect and remove common malware. Read more in our past blog post >here<. Second, the issue is that most website owners using Joomla do not change their default configuration. It means for example rename htaccess.txt into .htaccess, disable registration in User Manager, set short URLs. 

Backup all the files of your website and do a full database backup. It's good idea to have backup component, it doesn't have to Akeeba Backup there are also others which works pretty well.  Important note! Stores these backup files on your computer / remote drive not on your current website. Why? Because in case if hacker get access somehow we will be able to download it too. Besides deleted or broken files on server means no backup - yes.

4 - IS YOUR HOSTING SERVER SECURED

Did you know that over 1/4 websites were hacked through server vulnerabilities. Yes, old PHP version, unsecured folder settings...many small things can lead to point when someone will get into your website code with malware. Many sites are hosted on shared servers. Basically, if one site on a shared server gets infected, every other site is at risk, regardless of how secure the site/shop/blog is otherwise. Cheap hosting services cannot guaranty you nothing else besides space on their servers, no built-in firewalls, or even full backups. Remember that not Joomla or any other CMS is first line of defense from hacker, but hosting does.

5 - HIDE JOOMLA

Most hacking these days is performed as an entirely automated process, with bots searching Google finding vulnerable sites and probing them for exploitation opportunities.  Using short URLs may help. But this is only first step. Second step would be remove Joomla generator metatags. It can be done by using a ByeByeGenerator plugin or RSFirewall which has this option enabled by default. It would be nice also to remove all "power by ..." links. Of course we suggest to buy a PRO version if necessary.  The last "fog" technique is based on rules inside .htaccess file. They can ban several hackers/spammers bots from your site.

Add the following lines before ## Mod_rewrite in use:

<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>

Here is the 2nd part of useful syntax:

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTP_USER_AGENT} ^warning [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^wget [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^linkwalker [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^cosmos [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^moget [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^hloader [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^humanlinks [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^linkextractorpro [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^offline [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^lexibot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^collector [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^intraformant [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^blowfish [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^jennybot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^builtbottough [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^propowerbot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^backdoorbot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^webenhancer [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^tighttwatbot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^suzuran [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^vci [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^webviewer [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^szukacz [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^zeus [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Abonti [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^aggregator [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^AhrefsBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^almaden [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Anarchie [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^asterias [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Bandit [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^BDCbot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^BackWeb [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^BLEXBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Bolt [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Buddy [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^BuiltBotTough [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Bullseye [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^bumblebee [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^BunnySlippers [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ca\-crawler [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^CazoodleBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^CCBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Cegbfeieh [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^CheeseBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^CherryPickerElite [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^CherryPickerSE [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^CICC [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Collector [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Copier [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^CopyRightCheck [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Crescent\ Internet\ ToolPak [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Crescent [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^discobot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^DittoSpyder [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^DOC [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^DotBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Download\ Ninja [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Drip [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^EasouSpider [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ecxi [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^EroCrawler [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Exabot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Fasterfox [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^FeedBooster [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Foobot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^FrontPage [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Genieo [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^GetSmart [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^GetWeb\! [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^gigabaz [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Go\-Ahead\-Got\-It [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^gotit [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Grabber [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^grub\-client [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Harvest [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^heritrix [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^httplib [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^httpdown [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^IDBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^id\-search [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ieautodiscovery [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^InfoNaviRobot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^IstellaBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^InternetSeer [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Iria [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^IRLbot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Java/1\. [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^JennyBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^JustView [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^k2spider [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Kenjin\ Spider [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Keyword\ Density/0\.9 [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^LexiBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^lftp [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^libWeb [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^libwww\-perl [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^likse [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Link\*Sleuth [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^LinkextractorPro [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^linko [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^LinkScan/8\.1a\ Unix [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^LNSpiderguy [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^lwp\-trivial [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Mag\-Net [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^magpie [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Mata\ Hari [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^MaxPointCrawler [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^MegaIndex [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Memo [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^MFC_Tear_Sample [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ URL\ Control [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^MIDown [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^MIIxpc [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Mippin [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Missigua\ Locator [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^MJ12bot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Niki\-Bot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Ninja [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^NPBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Nutch [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Openfind\ data\ gathere [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Openfind [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^panscient\.com [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^PHP/5\.\{ [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^PHPCrawl [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^PingALink [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^PleaseCrawl [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Pockey [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ProPowerBot/2\.14 [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ProWebWalker [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Pump [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Python\-urllib [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^QueryN\ Metasearch [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^QRVA [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Reaper [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Recorder [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^RepoMonkey [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Rippers [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^RMA [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SBIder [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Scooter [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Seeker [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SemrushBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SeznamBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Siphon [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SISTRIX [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.Internetseer\.com [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SlySearch [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Snake [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SnapPreviewBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Sogou [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SpankBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^spanner [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^spbot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Spinn3r [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^sproose [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Steeler [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Stripper [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Sucker [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Szukacz/1\.4 [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro/1\.29 [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Teleport [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^TeleportPro [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Telesoft [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^The\ Intraformant [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^TheNomad [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^TightTwatBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Titan [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^toCrawl/UrlDispatcher [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^True_Robot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^True_Robot/1\.0 [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^turingos [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^TurnitinBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^UbiCrawler [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^UnisterBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^URLy\ Warning [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Vacuum [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^VCI\ WebViewer\ VCI\ WebViewer [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^webalta [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Win32 [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^VCI [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WBSearchBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader/6\.9 [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebBandit [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebBandit/3\.50 [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebCollage [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebCopier\ v4\.0 [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebEnhancer [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebGo [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebHook [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebmasterWorldForumBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebMiner [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebMirror [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Webster\ Pro [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WebZip [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Whacker [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Wotbox [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^wsr\-agent [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WWW\-Collector\-E [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WWW\-Mechanize [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^x\-Tractor [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Xaldon [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Xenu [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^yandex [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Zao [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^zermelo [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ZyBORG [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^coccoc [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Incutio [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^lmspider [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^memoryBot [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^serf [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Unknown [NC]
        RewriteRule ^.* - [F]
    </IfModule>

6 - LIMIT LOGIN ATTEMPTS

Many bots and your hackers tries to login into admin section using brute force attacks until the password is cracked. They're helped immensely when the username is known, so there's a hint not to use that popular old Joomla chestnut, admin. Dictionary attacks , meanwhile, throw A-Z word lists against the password and hybrid attacks  morph brute force and dictionary techniques to crack basic keys such as Tom1980. To prevent it you can use few techniques which increases your Joomla Security with an additional restriction to the administrator url and effectively prevents unauthorised access to the administrator login page.

  •  jSecure Lite - component prevents access to the administration (back end) login page if the user does not use the appropriate access key. Only users who enter the secret key will be able to access your admin area. Pro version have more features like IP or Country Block. 
  • AdminExile - very good plugin which allows you add extra security layers to /administrator section by requiring a specific key to be present in the URL. It has White/Black IP lists, you can define a network range, it has brute force detection and protection.
  • Brute-Force Stop- another good free extenstion who stores information on failed login attempts, so that when reaching a configurable number of such failed login attempts the attacker's IP address can be blocked.
  • RSFirewall - has a option to ban IP of the user/bot if he tried to login too many times.</li> <li style="text-align: justify;">pFirewall - it may prevent any automated activity like brute force login or mysql injection. It supports all popular search engines bots, doesn't block them.
  • Using combination of .htaccess and .htpasswd files you can protect /administrator folder from all attempts also it can stop basics brute force.

Read also previus blog post about hiding admin login.

Protect Against Brute-force

For the past week, We’ve been monitoring activity from a set of IP addresses involved with brute-force login attacks. This kind of login attacks involve systematic guessing of passwords using various common usernames such as "admin" and "qwerty". Each of these IPs continues to attempt brute-force login attacks, and may be successful blocked with  .htaccess file:

# 2016 bruteforce botnet list
	Order Allow,Deny
	Allow from all
	Deny from 79.141.167.19
	Deny from 192.42.116.16
	Deny from 63.141.226.34
	Deny from 128.153.145.125
	Deny from 64.61.155.42
	Deny from 78.32.129.58
	Deny from 79.39.183.124
        Deny from 5.39.76.158
        Deny from 52.59.254.232
        Deny from 85.17.14.21
        Deny from 37.48.80.101
        Deny from 37.187.7.74
        Deny from 77.247.181.165
        Deny from 94.242.222.40
        Deny from 109.237.1.139
        Deny from 128.72.91.30
        Deny from 176.115.124.21
        Deny from 178.238.229.54
        Deny from 185.61.138.125
        Deny from 46.165.208.105 	
        Deny from 149.202.47.181
        Deny from 178.162.198.109
        Deny from 93.120.140.200
        Deny from 185.3.32.23
        Deny from 42.118.62.213
        Deny from 212.74.201.244
	Deny from 80.35.16.63
	Deny from 83.70.178.60
	Deny from 90.182.73.81
	Deny from 94.113.137.129
	Deny from 145.253.122.66
	Deny from 131.109.59.90
	Deny from 151.8.12.213
	Deny from 188.13.39.226
	Deny from 188.219.193.186
	Deny from 212.121.116.65
	Deny from 212.183.165.15
	Deny from 217.7.249.243
	Deny from 217.111.161.229
	Deny from 217.128.175.91

You can block also IP from selected countries as well, use generator from that site: http://www.ip2location.com/free/visitor-blocker

7 - DELETE UNUSED EXTENSIONS & TEMPLATES

If you've finished all main jobs on yours site check if you really need all installed plugins or components. Delete all unused templates (also core ones), components and plugins. Do not download and install templates/plugins/components that are not from trusted marketplaces. Attacker may target extension that vulnerability issues, so if you do not use it, it is not worth keeping. This will protect you from SQL injection vulnerability.

8 - INSTALL A FIREWALL

Prevent Joomla hacking through security plugins or components. There are serveral popular on the market, some developers offers Lite/Free versions as well - if you do not have money right now you can use them, otherwise, strongly recommend the use a PRO / Commercial versions. There are some suggestions:

  • Akeeba Admin Tools Pro
  • RSFirewall
  • Securitycheck Pro
  • DMC Firewall

Note! Above tips are not fool-proof but they do raise your security level over most of the sites! Of course we will update this blog post in near future.

Arun Sasi
Arun Sasi
7 years ago
Great post Joomshaper Team
#811
Arafat Bin Sultan
Arafat Bin Sultan
7 years ago
Thanks, Arun :)
#820
D
Daniel
7 years ago
8. Protect your admin panelCreate a txt file with:deny from allallow from [your.IP.address]Transfert it in your folder "administrator" at the root of your J! website.Rename it as .htaccess (CHMOD 0644)Job is done
#817
Arafat Bin Sultan
Arafat Bin Sultan
7 years ago
Welcome, and thanks for reading :)
#818
Arafat Bin Sultan
Arafat Bin Sultan
7 years ago
Thank you too :)
#819
A
Acevpn
6 years ago
Very informative article.
as I open sites while checking the URL, because a simple and meaningful url is better than useless extensions in the URL.
#4121
H
happydancer
6 years ago
Hi

I have RSFirewall installed and it takes the joomla tags out as per template.

But it still leaves a footprint for bots to find my site using keyword "joomla" as in page source: