Because Joomla is easy to install and configure, many Web masters are lax when it comes to implementing proper security. Although the Joomla system does everything it can to prevent hacker breaches, it is important for any Web administrator to understand the basics of security and for you to understand the particulars of ensuring that your Joomla system can withstand an attack.
Because Joomla uses four interlocking server technologies (Apache, PHP, MySQL, and Joomla), you must maintain security protection at each link of the chain. For example, poorly handled PHP security can leave Joomla wide open to penetration even if Joomla, MySQL, and Apache are secure. This chapter examines each of the servers and how maximum security can be put into place to minimize the danger from the "Wild Wild West" environment of the Internet.
To minimize security problems you should perform a regular update of all your server software, including Joomla. New security problems are found all the time, and the developers of each software package patch the applications to close loopholes. By keeping your versions updated, you will be less vulnerable to attacks.
Entire books have been written on aspects of hacking attacks, so a complete list is beyond the scope of this book. Nonetheless, there are a number of common attack methods (password, SQL Injection, cross-site scripting, and so on) that are extremely widespread. Any Web master should have at least a passing ...