Download - Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Page 1: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Joomla! Security 101

version 6.0

Page 2: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Mission: ImpossibleTalking in-depth about Joomla! security in 30 minutes or less... but I’ll try!

Page 3: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Put your pens awaySit back and enjoy

Page 4: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Updated server softwarePHP, MySQL, Apache, FTP Server...

Page 5: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Permissions & ownershipWho can do what and where

Page 6: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Sane ownership & permissions

All files and folders owned by the FTP user

Use Joomla!’s FTP mode on shared hosts

Folders 0755 permissions • Files 0644 permissions

If you “must” use 0777 (don’t!), protect with .htaccessorder deny, allowdeny from allallow from none

Better yet, use suPHP or FastCGI

Page 8: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Update, yesterdayJoomla! & extensions

Page 9: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Think before installingDon’t be the mouse in the trap!

Page 10: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Length matters

Page 11: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Your Password’s length matters

Page 12: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

A terrifying thoughtPassword hacking super-computer: 2,700 USD(back in 2010; much cheaper now)

Page 13: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

How safe is your password?

Password Bits Iterations Time to crack15082005




horse correct battery stapler

13,6 12416 0.00038 msec

15,9 61147 0.00185 msec

67,7 2,39e+20 228.95 years

88,2 3,55e+26 340 million years

107,2 1,86e+32 178179 billion years

Page 14: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Derive from a sentence

Page 15: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Derive from a sentence


Page 16: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Derive from a sentence



Page 17: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Derive from a sentence




Page 18: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Derive from a sentence





Page 19: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Derive from a sentence






Page 20: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Derive from a sentence


Page 21: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Still unsure? Write it downAnd keep it ON YOUR PERSON!


Page 22: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Use a password managerAnd keep it on your person (mobile device)

Page 23: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Lock it downNothing on my site runs unless I say so

Page 25: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Armor upProtect your site

Page 26: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

BackupsFrequent, automated, off-site backups

Page 27: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Use myJoomla.comDead easy site auditing – and fixing!

Page 28: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

In spite of it all…

Page 29: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Dammit!You got hacked, now what?

Page 30: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013


Page 31: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

We’ve got instructions

Unhacking your site

You do have backups, right?

You did use, right?

Make sure you read the instructions before getting hacked.

Page 32: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013


Page 33: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Download this presentation

Page 34: Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Thank you for listening!Image credits for copyrighted images:; istockphoto.comCoprights of the logos and screenshots of software displayed in this presentaiton is owned by their respective companies