Best Practices

We probably should explain the title of this section. The best practices discussed in this chapter are not a foolproof list of items on how to protect your server. It is impossible to write a chapter, or even a book, that covers every way to prevent a hacker from attacking your website. In fact, we would go so far as to say that the only server that is impossible to penetrate is one that is turned off, unplugged from a power source, and disconnected from the Internet. If your server is on the Internet, it is vulnerable. If someone has the skills and wants in bad enough, they will get in.

When discussing certain types of exploits and ways of keeping your server secure, we won’t be explaining how to compromise a system. This isn’t a chapter on how to hack Joomla sites.

This list is not in any order of importance—they’re all important practices.

Keep Joomla Updated

It sounds obvious, but it is very important to keep your Joomla installation up-to-date. When Joomla is alerted that a vulnerability exists in the core code, as soon as it is verified, you will almost always see a patch within 24–48 hours. Do not think of updates as mere typos and minor bug fixes. When an update comes out, there are usually moderate to severe issues that have been fixed.

Consider subscribing to the Announcements Forum on the official Joomla Discussion Forum. The forum can be found at

Once logged in, click the Subscribe forum link. Joomla averages about ...

Get Using Joomla now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.