A quick security checklist for your website, whether you’re running Joomla, Zencart or a bespoke content management system.
- Choose a complicated password, at least 10 characters alpha-numeric including letters, numbers and upper-and-lower-case. Use Goodpassword.com to generate it
- Create a new login for each person that needs to administer the site and don’t share login details. That way you have an audit trail to track down the source of the compromise
- Use encrypted connections for accessing server files, such as FileZilla which supports SFTP or WinSCP
- Create a administrator user account with unique name and delete your administrator user
- Rename your administrator or admin folder to something unique and include numbers in the name
- Once your content management system is configured, change the configure.php file to chmod 444 (read only)
- On folders you’d like to protect from being accessed, for example the images folder, use a .htaccess to stop browsing with the following code:
Options -Indexes
- Keep all files CHMOD 644. If you need to edit the files, set to read-write before making changes.
- Keep all folders CHMOD 755
- Stay up-to-date with the latest software and patches for your CMS
- Check log files for suspicious activity regularly
- Remove unneeded templates
- Backup regularly
