How to secure Joomla website and go on holiday - JoomShaper

How to secure Joomla website and go on holiday

03 July 2014
Hits 13,686
3 min read
How to secure Joomla website and go on holiday


It seems that holiday has begun for school children, many parents now thinking about sun and free time with family. Also students have finished their exams, but one question still remains: Will all my Joomla 3.x websites be safe and can I leave them without worries for couple of days? What I should do.

An old proverb says: But when you’re out there partying, swimming, lying on the beach someone out there at the same time is hacking. Sad but true. The world bad people never sleeps, rest but you are not machine you have to. So relax, we will show you few tips.

First some facts, Joomla 3.9.3 is very secure and stable version of CMS. Even without installing additional extensions it should fight off attacks for very long time. The most notable weakness of any CMS (Wordpress, Drupal, Joomla) came from people small negligence or lack of knowledge. You can have the most vaule car in your neighborhood but if you forget to close the door - do not be surprised that someone drove him away.

The vast majority of unauthorized attempts hackers using brute force techniques to get into websites. That’s why you should be ready before; so take some precautions to minimize the risk of your Joomla website getting broken into:

  • In User Manager check usernames of all Super Users accounts - they shoudn't use "admin" or any so short name. Most hackers try to get your password by trying to bruteforce your admin username.
  • Disable New User Registration in User Manager – if you don’t need new users added from front-end.
  • Rename htaccess.txt to .htaccess – because it include some rewrite rules to block out some common exploits.
  • Turn on Search Engine Friendly URLs (in Global Configuration) – this will hide typical Joomla URLs.
  • Install and enable plugin ByeByeGenerator - it allows you to change the generator tag, it means  "no more" Joomla meta tag in HTML code.
  • If you have old modules or components that you’re not using anymore – uninstall them, especially if they haven’t been updated or right now they have bad reviews on JED. Because many extensions (from different sources) contain vulnerable code.
  • Disable showing errors (Global configuration settings).
  • It is best to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access, or to create specific folders with less restrictions for the purpose of doing things like uploading files. Never leave permissions for a directory set to 777: this allows everybody to write data (including exploits) to it.
  • Scan all your files to find malicious code - you can use for it Wemahu ( - which is a crowd powered malware scanner component for Joomla! 3.x.
  • There are many plugins and services that can act as a firewall for your website. Some of them work by modifying your .htaccess file and restricting some access at the Apache level, before it is processed by Joomla. Check those ‘ Anti-Hacker’ extensions:
    jHackGuard (, Akeeba Admin Tools Pro ( or RSFirewall! ( to protect against the most popular hacking attacks – SQL Injections, Remote URL/File Inclusions, Remote Code Executions and XSS Based Attacks! Especially those commercial ones firewalls lets experienced users fine-tune protection settings.
  • Back up your CMS data, including your MySQL databases.



Sven Taow
Sven Taow
4 years ago
Hi Paul,
Thanks for the tips. I'm currently using a few of them already. I've been considering Updown io and Pingdom that can help me keep an eye on my website. What should I choose? Also: should I make a backup before I set the Joomla Update System?
Sven Taow
Paul Frankowski
Paul Frankowski
4 years ago
Yes, you should install Akeeba Backup > Click backup, and stop adding links here.

Sign up for our newsletter

Don’t miss any updates of our new templates and extensions and all the astonishing offers we bring for you.