10 Tips to Prevent Malware on Joomla

Joomla is one of the most popular content management systems (CMS) out there, being overcome only by WordPress and placing ahead of others like Drupal in most of market share results. When a CMS like this one is used by millions of sites, it ends up being the target of a lot of hackers and malicious third parties, who resort to any kind of tool or method to infect a Joomla site. Today we are going to share with you 10 Tips to Prevent Malware on Joomla.

How can I Prevent Malware on Joomla ?

There are lot of ways to improve a Joomla security to avoid being infected with malware and all kind of virus, and today we are going to show you some of the best security practices for this task. Let’s begin.

Secure your Login data

Joomla’s weakest point regarding security is probably the default login data, including the main administrator user, which is “admin”. The best you can do in this case is change the default login data that Joomla provides. You shold change that information to something more secure, like another admin user and set a stronger password, which should include letters, simbols and numbers.

Secure your Login Access

Is possible to protect the URL of Joomla’s admin panel using different methods, for example through .htaccess, which can be used to deny all conections from all IPs, except ours (this is useful only if you have a static IP address on your local network). You can do this using the following code in the folder’s .htaccess file:

Replace 10.0.0.1 with your real IP, of course.

You can also place an additional security layer using htpasswd, that way a small popup asking for additional login data will appear when someone tries to access the admin’s directory. Thanks to this, anyone who tries to login into your Joomla will need two sets of login credentials: one for htpasswd and another one for the Joomla admin panel.

You can easily add this kind of security layer using cPanel:

  • First enter your site’s cPanel.
  • Now go to “Directory Privacy”.
  • Now click on the folder that you wish to password-protect (administrator is the default one).

10 Tips to Prevent Malware on Joomla

  • Tick the box that says “Password protect this directory” and place a description for it. Now just click on “Save”.
  • Now go back to the previous screen and pick a user and a passwrod. Click on “Save”.
  • And that’s it, now our Joomla’s admin directory is fully protected. To remove this security layer you only need to untick the box that says “Password protect this directory” and save the change.

Enable Two Factor Authentication

This is probably the best way to protect the access to Joomla’s admin panel, and therefore one of the best practices to prevent malware on Joomla. In version 3.2, released 3 years ago, the 2FA / Two Factor Authentication feature was released for Joomla. This is one of our favorite ways to protect the access to this kind of systems, and now you’ll see why.

Thanks to the Two Factor Authentication feature, you will get an additional security layer for your site. If someone steals your Joomla’s admin login credentials and tries to access your site, thanks to the 2FA you will still be protected. The system will ask the user for a code after login, a code that only you will be able to see because it will be in only one place: your mobile phone. That’s right, thanks to this feature you will receive a code after the login data is used, and this code has to be used in a new prompt to gain full access to the admin panel.

Let’s see how to enable this feature:

  • First login into Joomla as an admin and go to Users > Manage.

10 Tips to Prevent Malware on Joomla

  • Now click on one user you wish to protect with 2FA.
  • Click on the “Two Factor Authentication” tab.
  • Now choose “Google Authenticator” as the authentication method.

10 Tips to Prevent Malware on Joomla

  • Now install Google Authenticator in your mobile phone.
  • Scan the provided QR code using the app: thanks to this the user will be added to the Google Authenticator app.
  • Place the code provided by the app in “Step 3 – Activate Two Factor Authentication”.
  • Now just save the changes. That’s it, 2FA is now active.

Backups, always backup

Backups? Yeah, backups. You may not know it, but the backups are one of the best ways to keep your Joomla site safe. In case you modify something that leaves your site exposed to third parties, you can use a backups to restore your site and avoid being hacked.

In another scenario, for example if your site is compromised, you can use the backup to restore it and then you can patch the exploit that was used to break your security.

Having backups will save your day more than once, believe me. And remember to make backups often, it’s not very useful if you make only monthly backups for example, because you can lose and entire month of work!

Let’s see how to make some backups using the Akeepa Backup extension for Joomla, or you can also use cPanel’s backup, if that’s available for you.

How to install and use Akeeba Backup:

  • Go to Akeeba Backup’s official website.
  • Download the latest version for Joomla.
  • Login into your Joomla admin.
  • Go to Extensions > Manage > Install
  • Click on tab Upload Package File.
  • Now use the “Select file” button to select the Akeeba Backup file you downloaded minutes ago.

10 Tips to Prevent Malware on Joomla

  • Now click on “Upload & Install” to upload and install the Akeeba Backup extension.
  • After the installation, go to Components > Akeeba Backup to access the Akeeba Backup administrator panel.

10 Tips to Prevent Malware on Joomla

  • If you want to backup your site now use the option “Backup Now”.
  • On the new window you can add a description for this backup. Once you’re ready just click on “Backup Now!”
  • The bigger your site is, the longer the process will take to complete, so be patient.
  • When the backup is ready go back to Akeeba Backup’s panel and click on “Manage Backup”.

10 Tips to Prevent Malware on Joomla

  • Here you can use the “Restore” feature to restore a backup, or you can use “Download” to download a backup to your local computer.

How to create backups in cPanel:

  • Login into your site’s cPanel.
  • Click on the tool labeled “Backup”.

10 Tips to Prevent Malware on Joomla

  • In this new window click on “Download a Full Website Backup”.
  • Pick “Home Directory” for the “Backup Destination” option, y and place your email address in the box labeled “Email Address”, thanks to this the system will send you an email once the backup is ready.
  • To create the new backup click on “Generate Backup”.
  • Once the backup is ready click on “Download a Full Website Backup” using the “Backup” tool.
  • Now you will see your new backup ready for download, just click it and the download will start.

10 Tips to Prevent Malware on Joomla

 

Security scan

In the world of web hosting there are lot of tools that can be used to scan a site to look for malware and other kinds of malicious content, you can even look for vulnerabilities on you site’s code. In the case of Joomla, you can do this using tools like OWASP Joomla! Security Scanner or online tools like the Joomla Security Scan by HackerTarget.

In the picture below you can see an example of HackerTarget’s tool:

10 Tips to Prevent Malware on Joomla

Keep Joomla Updated

This is something very important and that a lot of people seem to forget about: content management systems must be updated as soon as the new update is available, and this goes for Joomla too. Is a very important task if we want to have a secure site to prevent Malware on Joomla.

Running an old version of Joomla is like leaving you home front door open, waiting for someone to get inside. Updates are very important, they provide new features but also help you to have a more secure site, because the provide patches for bugs, fix for security exploits and more.

Every time an update is available, a message will appear on the admin panel, providing a button to install the new updated. This is a fast process and shouldn’t take a longer than a minute or two.

10 Tips to Prevent Malware on Joomla

10 Tips to Prevent Malware on Joomla

After installing a new update we suggest to clean the sites caché, both from the app side and from the browser side. Also, remember to always create a backup before installing a new update, in case something goes wrong.

Check your Themes and Extensions

The themes and the extensions installed on your site can be used by a hacker to break trough Joomla’s security, that’s why you have to carefully choose the extensions and themes you use.

Always remember to use themes and extensions that come from official sources, and, if possible, created by developers with good reputation. We don’t suggest to download theme or extensions from freeware sites, because they could be infected with malware and then infect your site on you install them.

Check your Files & Directory Permissions

Permissions have a very important role in Unix and Linux system, and they’re also very important to avoid malware in Joomla. If you hosting provider is running a PHP handler like suPHP, then you shouldn’t have any directories running on 777 permissions. If the handler is other like DSO for example, then you may have to set some directories or files to have full permissions, which is bad for security because any user can modify your content.

Malware can get really easily into your files if you run insecure permissions. This is a must for all those who need to prevent malware on Joomla.

Running suPHP you will only need permissions 755 for folders and 644 for files, Joomla should run perfect with that. If your Web Hosting company is a good one, they will never run PHP in DSO mode, instead they will use suPHP, PHP-FPM, CGI or FastCGI, that are way more secure then DSO.

Run a local PC Antivirus/Antimalware Scan

This tip goes for those that use Windows PCs, but those who don’t should also keep it in mind. Is very important to scan your local PC often, once a week for example, looking for malicious files or content like troyans, keyloggers and so on. These virus can be used to steal important information, including Joomla login data if you’re storing it in your PC or in your local browser.

Virus and malware can also capture your FTP login credentials and use that information to upload malicious content, this is a very important point to have in account when you are looking for ways to prevent malware on Joomla.

Join Joomla Security Forums

At Joomla’s official site you can find a great security forum where both users and admins share their knowledge on Joomla’s security, helping other members of the community to build safer sites.

You can check the forums often to see what’s new or just check the main threads to see some of the main security tasks you can perform to make Joomla safer, some of which are already explained here.

Conclusion

Today we’ve seen that there’s a lot of ways to make your Joomla site a lot more secure, avoiding malware and virus. You can use stronger login credentials, protect your admin panel using tools like htpasswd and 2FA, you can also use backups & run updates often, check where your extensions and themes comes from, look for malware on your local PC and, of course, follow the tips of those that have more knowledge on the task.

Put in practice these 10 Tips to Prevent Malware on Joomla to have a extremely secure website. Let us know if you know other ways to secure and prevent malware on Joomla.

Joomla is one of the most popular content management systems (CMS) out there, being overcome only by WordPress and placing ahead of others like Drupal in most of market share results. When a CMS like this one is used by millions of sites, it ends up being the target of a lot of hackers and malicious third parties, who resort to any kind of tool or method to infect a Joomla site. Today we are going to share with you 10 Tips to Prevent Malware on Joomla.

How can I Prevent Malware on Joomla ?

There are lot of ways to improve a Joomla security to avoid being infected with malware and all kind of virus, and today we are going to show you some of the best security practices for this task. Let’s begin.

Secure your Login data

Joomla’s weakest point regarding security is probably the default login data, including the main administrator user, which is “admin”. The best you can do in this case is change the default login data that Joomla provides. You shold change that information to something more secure, like another admin user and set a stronger password, which should include letters, simbols and numbers.

Secure your Login Access

Is possible to protect the URL of Joomla’s admin panel using different methods, for example through .htaccess, which can be used to deny all conections from all IPs, except ours (this is useful only if you have a static IP address on your local network). You can do this using the following code in the folder’s .htaccess file:

Replace 10.0.0.1 with your real IP, of course.

You can also place an additional security layer using htpasswd, that way a small popup asking for additional login data will appear when someone tries to access the admin’s directory. Thanks to this, anyone who tries to login into your Joomla will need two sets of login credentials: one for htpasswd and another one for the Joomla admin panel.

You can easily add this kind of security layer using cPanel:

  • First enter your site’s cPanel.
  • Now go to “Directory Privacy”.
  • Now click on the folder that you wish to password-protect (administrator is the default one).

10 Tips to Prevent Malware on Joomla

  • Tick the box that says “Password protect this directory” and place a description for it. Now just click on “Save”.
  • Now go back to the previous screen and pick a user and a passwrod. Click on “Save”.
  • And that’s it, now our Joomla’s admin directory is fully protected. To remove this security layer you only need to untick the box that says “Password protect this directory” and save the change.

Enable Two Factor Authentication

This is probably the best way to protect the access to Joomla’s admin panel, and therefore one of the best practices to prevent malware on Joomla. In version 3.2, released 3 years ago, the 2FA / Two Factor Authentication feature was released for Joomla. This is one of our favorite ways to protect the access to this kind of systems, and now you’ll see why.

Thanks to the Two Factor Authentication feature, you will get an additional security layer for your site. If someone steals your Joomla’s admin login credentials and tries to access your site, thanks to the 2FA you will still be protected. The system will ask the user for a code after login, a code that only you will be able to see because it will be in only one place: your mobile phone. That’s right, thanks to this feature you will receive a code after the login data is used, and this code has to be used in a new prompt to gain full access to the admin panel.

Let’s see how to enable this feature:

  • First login into Joomla as an admin and go to Users > Manage.

10 Tips to Prevent Malware on Joomla

  • Now click on one user you wish to protect with 2FA.
  • Click on the “Two Factor Authentication” tab.
  • Now choose “Google Authenticator” as the authentication method.

10 Tips to Prevent Malware on Joomla

  • Now install Google Authenticator in your mobile phone.
  • Scan the provided QR code using the app: thanks to this the user will be added to the Google Authenticator app.
  • Place the code provided by the app in “Step 3 – Activate Two Factor Authentication”.
  • Now just save the changes. That’s it, 2FA is now active.

Backups, always backup

Backups? Yeah, backups. You may not know it, but the backups are one of the best ways to keep your Joomla site safe. In case you modify something that leaves your site exposed to third parties, you can use a backups to restore your site and avoid being hacked.

In another scenario, for example if your site is compromised, you can use the backup to restore it and then you can patch the exploit that was used to break your security.

Having backups will save your day more than once, believe me. And remember to make backups often, it’s not very useful if you make only monthly backups for example, because you can lose and entire month of work!

Let’s see how to make some backups using the Akeepa Backup extension for Joomla, or you can also use cPanel’s backup, if that’s available for you.

How to install and use Akeeba Backup:

  • Go to Akeeba Backup’s official website.
  • Download the latest version for Joomla.
  • Login into your Joomla admin.
  • Go to Extensions > Manage > Install
  • Click on tab Upload Package File.
  • Now use the “Select file” button to select the Akeeba Backup file you downloaded minutes ago.

10 Tips to Prevent Malware on Joomla

  • Now click on “Upload & Install” to upload and install the Akeeba Backup extension.
  • After the installation, go to Components > Akeeba Backup to access the Akeeba Backup administrator panel.

10 Tips to Prevent Malware on Joomla

  • If you want to backup your site now use the option “Backup Now”.
  • On the new window you can add a description for this backup. Once you’re ready just click on “Backup Now!”
  • The bigger your site is, the longer the process will take to complete, so be patient.
  • When the backup is ready go back to Akeeba Backup’s panel and click on “Manage Backup”.

10 Tips to Prevent Malware on Joomla

  • Here you can use the “Restore” feature to restore a backup, or you can use “Download” to download a backup to your local computer.

How to create backups in cPanel:

  • Login into your site’s cPanel.
  • Click on the tool labeled “Backup”.

10 Tips to Prevent Malware on Joomla

  • In this new window click on “Download a Full Website Backup”.
  • Pick “Home Directory” for the “Backup Destination” option, y and place your email address in the box labeled “Email Address”, thanks to this the system will send you an email once the backup is ready.
  • To create the new backup click on “Generate Backup”.
  • Once the backup is ready click on “Download a Full Website Backup” using the “Backup” tool.
  • Now you will see your new backup ready for download, just click it and the download will start.

10 Tips to Prevent Malware on Joomla

 

Security scan

In the world of web hosting there are lot of tools that can be used to scan a site to look for malware and other kinds of malicious content, you can even look for vulnerabilities on you site’s code. In the case of Joomla, you can do this using tools like OWASP Joomla! Security Scanner or online tools like the Joomla Security Scan by HackerTarget.

In the picture below you can see an example of HackerTarget’s tool:

10 Tips to Prevent Malware on Joomla

Keep Joomla Updated

This is something very important and that a lot of people seem to forget about: content management systems must be updated as soon as the new update is available, and this goes for Joomla too. Is a very important task if we want to have a secure site to prevent Malware on Joomla.

Running an old version of Joomla is like leaving you home front door open, waiting for someone to get inside. Updates are very important, they provide new features but also help you to have a more secure site, because the provide patches for bugs, fix for security exploits and more.

Every time an update is available, a message will appear on the admin panel, providing a button to install the new updated. This is a fast process and shouldn’t take a longer than a minute or two.

10 Tips to Prevent Malware on Joomla

10 Tips to Prevent Malware on Joomla

After installing a new update we suggest to clean the sites caché, both from the app side and from the browser side. Also, remember to always create a backup before installing a new update, in case something goes wrong.

Check your Themes and Extensions

The themes and the extensions installed on your site can be used by a hacker to break trough Joomla’s security, that’s why you have to carefully choose the extensions and themes you use.

Always remember to use themes and extensions that come from official sources, and, if possible, created by developers with good reputation. We don’t suggest to download theme or extensions from freeware sites, because they could be infected with malware and then infect your site on you install them.

Check your Files & Directory Permissions

Permissions have a very important role in Unix and Linux system, and they’re also very important to avoid malware in Joomla. If you hosting provider is running a PHP handler like suPHP, then you shouldn’t have any directories running on 777 permissions. If the handler is other like DSO for example, then you may have to set some directories or files to have full permissions, which is bad for security because any user can modify your content.

Malware can get really easily into your files if you run insecure permissions. This is a must for all those who need to prevent malware on Joomla.

Running suPHP you will only need permissions 755 for folders and 644 for files, Joomla should run perfect with that. If your Web Hosting company is a good one, they will never run PHP in DSO mode, instead they will use suPHP, PHP-FPM, CGI or FastCGI, that are way more secure then DSO.

Run a local PC Antivirus/Antimalware Scan

This tip goes for those that use Windows PCs, but those who don’t should also keep it in mind. Is very important to scan your local PC often, once a week for example, looking for malicious files or content like troyans, keyloggers and so on. These virus can be used to steal important information, including Joomla login data if you’re storing it in your PC or in your local browser.

Virus and malware can also capture your FTP login credentials and use that information to upload malicious content, this is a very important point to have in account when you are looking for ways to prevent malware on Joomla.

Join Joomla Security Forums

At Joomla’s official site you can find a great security forum where both users and admins share their knowledge on Joomla’s security, helping other members of the community to build safer sites.

You can check the forums often to see what’s new or just check the main threads to see some of the main security tasks you can perform to make Joomla safer, some of which are already explained here.

Conclusion

Today we’ve seen that there’s a lot of ways to make your Joomla site a lot more secure, avoiding malware and virus. You can use stronger login credentials, protect your admin panel using tools like htpasswd and 2FA, you can also use backups & run updates often, check where your extensions and themes comes from, look for malware on your local PC and, of course, follow the tips of those that have more knowledge on the task.

Put in practice these 10 Tips to Prevent Malware on Joomla to have a extremely secure website. Let us know if you know other ways to secure and prevent malware on Joomla.




Website Security is our top priority
Check out our Server Security service
ORDER NOW



Lets keep in touch


Copyright © 2016 Glator.com