Joomla! User Network Twin CitiesJoomla! User Network Twin Cities

Here are some notes from previous meetings

Here are some of the items we talked about at our June 2017 meeting.

Sharing Topic

Your 'most used' extensions

Joomla News/Updates

Main Topic / Focus

Joomla Security (Presented by Chris Paschen)

  • Review the Joomla Security Documentation Page
  • Use a PRIVATE server account (not shared hosting) on reliable hosting company that 'knows' Joomla (CloudAccess, Rochen, Siteground)
  • Ensure PHP Security
  • Backup your site regularly to an OFF-SITE location (automated, not server-based) [ AkeebaBackup std or pro]
  • Keep your extensions safe
  • Use an auditing service to regularly scan for any 'problems' [ myJoomla.com - just won 4th #joscar]
  • Tighten security on site / Web Application Firewall [Akeeba Admin Tools ]
    • Add .htaccess file
    • Password Protect Admin Side
    • Use unique admin URL
    • Change your SuperAdmin ID
    • Fix permissions of all files and directories
    • Protect against file injection attacks
  • General Configurations
    • Use HTTPS for all site activity (not JUST eCommerce) [ LetsEncrypt SSL - free HTTPS]
    • Only use ONE (or as few as possible) SuperAdmin accounts, use ONLY when absolutely necessary (and change the username - do NOT use "admin")
    • Use (and require) well-formed passwords (note - 'cryptic' passwords aren't necessarily best)
    • Keep session time setting to standard 15-
  • Prevent DDOS & other malicious bandwidth-hog issues - use a CDN (Content Delivery Network) [ CloudFlare ]

Other Topics/Notes

 Next Meeting - Tuesday, July, 25 (No meeting in August)

 

Housekeeping and community items

Click here for the live video screen sharing during the meeting.