Joomla! User Network Twin CitiesJoomla! User Network Twin Cities

Here are some of the items we talked about at our June 2017 meeting.

Sharing Topic

Your 'most used' extensions

Joomla News/Updates

Main Topic / Focus

Joomla Security (Presented by Chris Paschen)

  • Review the Joomla Security Documentation Page
  • Use a PRIVATE server account (not shared hosting) on reliable hosting company that 'knows' Joomla (CloudAccess, Rochen, Siteground)
  • Ensure PHP Security
  • Backup your site regularly to an OFF-SITE location (automated, not server-based) [ AkeebaBackup std or pro]
  • Keep your extensions safe
  • Use an auditing service to regularly scan for any 'problems' [ myJoomla.com - just won 4th #joscar]
  • Tighten security on site / Web Application Firewall [Akeeba Admin Tools ]
    • Add .htaccess file
    • Password Protect Admin Side
    • Use unique admin URL
    • Change your SuperAdmin ID
    • Fix permissions of all files and directories
    • Protect against file injection attacks
  • General Configurations
    • Use HTTPS for all site activity (not JUST eCommerce) [ LetsEncrypt SSL - free HTTPS]
    • Only use ONE (or as few as possible) SuperAdmin accounts, use ONLY when absolutely necessary (and change the username - do NOT use "admin")
    • Use (and require) well-formed passwords (note - 'cryptic' passwords aren't necessarily best)
    • Keep session time setting to standard 15-
  • Prevent DDOS & other malicious bandwidth-hog issues - use a CDN (Content Delivery Network) [ CloudFlare ]

Other Topics/Notes

 Next Meeting - Tuesday, July, 25 (No meeting in August)

 

Housekeeping and community items

Click here for the live video screen sharing during the meeting.