SlideShare ist ein Scribd-Unternehmen logo
1 von 17
Downloaden Sie, um offline zu lesen
Joomla! security 101,[object Object],What to do before disaster strikes,[object Object]
That’s me,[object Object],I am Nicholas K. Dionysopoulos, the lead developer of Akeeba Backup and contributing author at the Joomla! Community Magazine.,[object Object]
The basics,[object Object],…or what you are supposed to do and rarely remember to do it,[object Object]
Backup, backup and backup,[object Object]
Update, yesterday,[object Object]
Multifactor back-end authentication,[object Object],Password protection,[object Object],Secret URL parameter,[object Object],Use your host’s Control Panel, or .htaccess,[object Object],Best protection,[object Object],Doesn’t cost,[object Object],More difficult to setup,[object Object],Use jSecure Authentication,[object Object],Very easy to setup,[object Object],Costs money,[object Object],Doesn’t protect against direct access to files,[object Object]
Permissions must make sense,[object Object],Should I 0777 anything?,[object Object],[object Object]
Better enable Joomla!’s FTP layer.
Only required by badly written extensions.
tmp, logs, cache and administrator/cache directories.
If you do that, make sure you install this .htaccess in each and every of them:order deny, allowdeny from all,[object Object]
The advanced stuff,[object Object],…which every site builder should do on every site he builds,[object Object]
We are all sitting ducks,[object Object],Known prefix,jos_ and known ID62 make me say,[object Object],what the quack…?!,[object Object]
The prefix matters,[object Object]
62 reasons to fire your Super Admin,[object Object]
Only a ninja can kill another ninja,[object Object],Crash course to .htaccessKung-Fu,[object Object]
Visual fingerprinting,[object Object],RewriteCond %{QUERY_STRING} (&|%3F){1,1}tp= [OR],[object Object],RewriteCond %{QUERY_STRING} (&|%3F){1,1}template= [OR],[object Object],RewriteCond%{QUERY_STRING} (&|%3F){1,1}tmpl= [NC],[object Object],RewriteRule^(.*)$ - [R=404,L],[object Object]

Weitere ähnliche Inhalte

Andere mochten auch

Sales Challenges Holding You Back?
Sales Challenges Holding You Back?Sales Challenges Holding You Back?
Sales Challenges Holding You Back?kdtemple
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceAnaren, Inc.
 
Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016Djrey78
 
Today's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's ChallengesToday's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's ChallengesScott Chapin
 

Andere mochten auch (6)

Sales Challenges Holding You Back?
Sales Challenges Holding You Back?Sales Challenges Holding You Back?
Sales Challenges Holding You Back?
 
Industries
IndustriesIndustries
Industries
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile device
 
Mobile Sniffer
Mobile SnifferMobile Sniffer
Mobile Sniffer
 
Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016
 
Today's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's ChallengesToday's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's Challenges
 

Ähnlich wie Joomla! security 101

WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটিWordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটিFaysal Shahi
 
Heavy Web Optimization: Backend
Heavy Web Optimization: BackendHeavy Web Optimization: Backend
Heavy Web Optimization: BackendVõ Duy Tuấn
 
Tips on Securing Drupal Sites
Tips on Securing Drupal SitesTips on Securing Drupal Sites
Tips on Securing Drupal Sitescgmonroe
 
Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Maurizio Pelizzone
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5Wim Godden
 
Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Jason Morrison
 
Drupal Deployment Troubles and Problems
Drupal Deployment Troubles and ProblemsDrupal Deployment Troubles and Problems
Drupal Deployment Troubles and ProblemsAndrii Lundiak
 
Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101Ted Kulp
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Projectxsist10
 
Good practices for PrestaShop code security and optimization
Good practices for PrestaShop code security and optimizationGood practices for PrestaShop code security and optimization
Good practices for PrestaShop code security and optimizationPrestaShop
 

Ähnlich wie Joomla! security 101 (20)

WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটিWordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
 
Heavy Web Optimization: Backend
Heavy Web Optimization: BackendHeavy Web Optimization: Backend
Heavy Web Optimization: Backend
 
Tips on Securing Drupal Sites
Tips on Securing Drupal SitesTips on Securing Drupal Sites
Tips on Securing Drupal Sites
 
Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress
 
PhpBB meets Symfony2
PhpBB meets Symfony2PhpBB meets Symfony2
PhpBB meets Symfony2
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5
 
Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.
 
Download It
Download ItDownload It
Download It
 
Symfony2 - OSIDays 2010
Symfony2 - OSIDays 2010Symfony2 - OSIDays 2010
Symfony2 - OSIDays 2010
 
Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010
 
Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010
 
Dc kyiv2010 jun_08
Dc kyiv2010 jun_08Dc kyiv2010 jun_08
Dc kyiv2010 jun_08
 
Drupal Deployment Troubles and Problems
Drupal Deployment Troubles and ProblemsDrupal Deployment Troubles and Problems
Drupal Deployment Troubles and Problems
 
Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101
 
Web Security
Web SecurityWeb Security
Web Security
 
Symfony 1, mi viejo amigo
Symfony 1, mi viejo amigoSymfony 1, mi viejo amigo
Symfony 1, mi viejo amigo
 
Mojolicious
MojoliciousMojolicious
Mojolicious
 
Php tutorial
Php tutorialPhp tutorial
Php tutorial
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Project
 
Good practices for PrestaShop code security and optimization
Good practices for PrestaShop code security and optimizationGood practices for PrestaShop code security and optimization
Good practices for PrestaShop code security and optimization
 

Mehr von vdrover

Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017vdrover
 
Joomla, open source and the power of volunteers
Joomla, open source and the power of volunteersJoomla, open source and the power of volunteers
Joomla, open source and the power of volunteersvdrover
 
Cracking the inbound marketing code joomla!dagen 2014
Cracking the inbound marketing code   joomla!dagen 2014Cracking the inbound marketing code   joomla!dagen 2014
Cracking the inbound marketing code joomla!dagen 2014vdrover
 
What's coming in Joomla 4 - Joomla Day Budapest 2013
What's coming in Joomla 4 - Joomla Day Budapest 2013What's coming in Joomla 4 - Joomla Day Budapest 2013
What's coming in Joomla 4 - Joomla Day Budapest 2013vdrover
 
Adding and modifying LESS in your web site templates
Adding and modifying LESS in your web site templatesAdding and modifying LESS in your web site templates
Adding and modifying LESS in your web site templatesvdrover
 
Joomla SEO Overview featuring sh404SEF
Joomla SEO Overview featuring sh404SEFJoomla SEO Overview featuring sh404SEF
Joomla SEO Overview featuring sh404SEFvdrover
 
SEO Optimizing your Content Management System
SEO Optimizing your Content Management SystemSEO Optimizing your Content Management System
SEO Optimizing your Content Management Systemvdrover
 
Fixing Joomla's SEO problems with sh404SEF
Fixing Joomla's SEO problems with sh404SEFFixing Joomla's SEO problems with sh404SEF
Fixing Joomla's SEO problems with sh404SEFvdrover
 
Rethinking internationalization in Joomla 2.5 and beyond
Rethinking internationalization in Joomla 2.5 and beyondRethinking internationalization in Joomla 2.5 and beyond
Rethinking internationalization in Joomla 2.5 and beyondvdrover
 
There is no spoon 2
There is no spoon 2There is no spoon 2
There is no spoon 2vdrover
 
J upgrade presentation
J upgrade presentationJ upgrade presentation
J upgrade presentationvdrover
 
Chad Windnagle - Joomla Tips, Tricks & Must-have Extensions
Chad Windnagle - Joomla Tips, Tricks & Must-have ExtensionsChad Windnagle - Joomla Tips, Tricks & Must-have Extensions
Chad Windnagle - Joomla Tips, Tricks & Must-have Extensionsvdrover
 
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...vdrover
 
Jeff Channell - Secure PHP Coding Practices
Jeff Channell - Secure PHP Coding PracticesJeff Channell - Secure PHP Coding Practices
Jeff Channell - Secure PHP Coding Practicesvdrover
 
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...vdrover
 
Jug joomla 1.6
Jug joomla 1.6Jug joomla 1.6
Jug joomla 1.6vdrover
 
Tour of sh404SEF - SEO and security for Joomla
Tour of sh404SEF - SEO and security for JoomlaTour of sh404SEF - SEO and security for Joomla
Tour of sh404SEF - SEO and security for Joomlavdrover
 

Mehr von vdrover (17)

Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017
 
Joomla, open source and the power of volunteers
Joomla, open source and the power of volunteersJoomla, open source and the power of volunteers
Joomla, open source and the power of volunteers
 
Cracking the inbound marketing code joomla!dagen 2014
Cracking the inbound marketing code   joomla!dagen 2014Cracking the inbound marketing code   joomla!dagen 2014
Cracking the inbound marketing code joomla!dagen 2014
 
What's coming in Joomla 4 - Joomla Day Budapest 2013
What's coming in Joomla 4 - Joomla Day Budapest 2013What's coming in Joomla 4 - Joomla Day Budapest 2013
What's coming in Joomla 4 - Joomla Day Budapest 2013
 
Adding and modifying LESS in your web site templates
Adding and modifying LESS in your web site templatesAdding and modifying LESS in your web site templates
Adding and modifying LESS in your web site templates
 
Joomla SEO Overview featuring sh404SEF
Joomla SEO Overview featuring sh404SEFJoomla SEO Overview featuring sh404SEF
Joomla SEO Overview featuring sh404SEF
 
SEO Optimizing your Content Management System
SEO Optimizing your Content Management SystemSEO Optimizing your Content Management System
SEO Optimizing your Content Management System
 
Fixing Joomla's SEO problems with sh404SEF
Fixing Joomla's SEO problems with sh404SEFFixing Joomla's SEO problems with sh404SEF
Fixing Joomla's SEO problems with sh404SEF
 
Rethinking internationalization in Joomla 2.5 and beyond
Rethinking internationalization in Joomla 2.5 and beyondRethinking internationalization in Joomla 2.5 and beyond
Rethinking internationalization in Joomla 2.5 and beyond
 
There is no spoon 2
There is no spoon 2There is no spoon 2
There is no spoon 2
 
J upgrade presentation
J upgrade presentationJ upgrade presentation
J upgrade presentation
 
Chad Windnagle - Joomla Tips, Tricks & Must-have Extensions
Chad Windnagle - Joomla Tips, Tricks & Must-have ExtensionsChad Windnagle - Joomla Tips, Tricks & Must-have Extensions
Chad Windnagle - Joomla Tips, Tricks & Must-have Extensions
 
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
 
Jeff Channell - Secure PHP Coding Practices
Jeff Channell - Secure PHP Coding PracticesJeff Channell - Secure PHP Coding Practices
Jeff Channell - Secure PHP Coding Practices
 
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
 
Jug joomla 1.6
Jug joomla 1.6Jug joomla 1.6
Jug joomla 1.6
 
Tour of sh404SEF - SEO and security for Joomla
Tour of sh404SEF - SEO and security for JoomlaTour of sh404SEF - SEO and security for Joomla
Tour of sh404SEF - SEO and security for Joomla
 

Joomla! security 101