Chapter 20. Security
If you’re tempted to pass over this chapter, don’t. The idea of security scares a lot of people. Would you rather deal with security issues now or after your website has been hacked? Ben Franklin once said, “An ounce of prevention is worth a pound of cure.” We couldn’t agree more. While we feel Joomla is a secure platform, we recommend that you take the proper precautions. Also, if your client is paying you to manage their website, it’s your obligation to ensure that they are set up as securely as possible.
Importance of Security and the JSST
If you discover a vulnerability, also called an exploit, in Joomla’s core code, please email any and all information you have about it to the Joomla! Security Strike Team (JSST) at security@joomla.org. This email address should not be used to ask for help restoring your website or to report vulnerabilities in third-party extensions. Vulnerabilities in third-party extensions should be reported to the developer of that extension. For other security questions, it is best to visit the official Joomla Security Forum found at http://forum.joomla.org/viewforum.php?f=432.
Note
Do not post vulnerabilities on the Joomla forums. If the vulnerability is in fact a threat, it is best to give the Security Team time to release a patch before the rest of the world knows about it. Also, if you have been hacked and have questions, don’t mention the name of the attacker. Hackers crave publicity and mentioning their name along with the site they ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access