Most importent and fruitful aspects of web2.0 are the great open source projects like joomla,drupal and millions of similar types .There is no doubt that joomla is the best CMS on php and has a very large community of developers and users .

Joomla is also very secure in itself but there are several techniques by which you can enhance your site security at the zenith. {rokbox title=|Webkul Security Expertise | text=|WebKul| size=|561 350|}images/stories/powered_by.png{/rokbox} having a very good experience in joomla security. i'll explain some very awesome  concept on joomla security step by step ,so here we go

Basic Security:

Change The default UserName and Password:

This is very common but very important caz every brute force attack came out through this. So its a string advice from  {rokbox title=|Webkul Security Expertise | text=|WebKul| size=|561 350|}images/stories/powered_by.png{/rokbox} that choose a strong password and username

File,Directory and Config file permission: Permission is also a very basic but important issue with the site security. Your should have permission like this

Folder permission : 755

Config permission : 666

files permission :644

Here files means like PHP files htaccess file and TXT files etc . Personally i hate shared server, but if you are having shared server ,make sure that the file permission are correct specially check the logs and temp folder permisson .

Secure FTP:

First of all ensure that your FTP is safe personally {rokbox title=|Webkul Security Expertise | text=|WebKul| size=|561 350|}images/stories/powered_by.png{/rokbox}  suggests for the SFTP(Secure File Transfer protocol ) and SSL connection .

Use Security Images (Captcha):

Anywhere where you are using Form , you must have an habit to use captcha .There are several open source captcha plug-ins like ReCaptcha

Advance Security :

So its time to digg more things on Joomla security . There are dozens of things to explain here .I'll explain Step by Step

Critical Files: {rokbox title=|Webkul Security Expertise | text=|WebKul| size=|561 350|}images/stories/powered_by.png{/rokbox} suggests that dont put your very critical files inside your Public_html folder .critical files likes configuration.php , just place all the critical files outside the public_html

Default database prefix: This is very important Step, genrally SQL injection takes place in joomla through the Jos_users(Its predefined in every joomla ) table . Any hacker can use this table to retrive the username and password of the super Admin(If you are using any buggy extension, otherwise it is safe ). So, {rokbox title=|Webkul Security Expertise | text=|WebKul| size=|561 350|}images/stories/powered_by.png{/rokbox} strongally recommands that change the prefix the joomla database

How to change the prefix of the joomla databse :

Its very simple ,but please follow us step by step

1- First go to Your phpmyadmin

2- Export Your database as .sql file .

3- Open that file i any editor like notepad++

4- Fine and Replace jos_ with secure_ Prefix .(Here secure is just an option you can put any string here )

5- Import your new database.

Make sure you put the same prefix in your Joomla database admin configuration

{rokbox title=|WebKul Joomla Security :: Web Security Expertise| size=|561 350|}images/stories/webkul-joomla.jpg{/rokbox}

Use SEF Extension: Always have a habit to use A SEF extension like Artio , hackers can use google inurl to find the loophole in the site .One more advantage of SEF extension is You are improving tour site SEO .

Remove Unwanted Extension: This is also very important aspect of the joomla security dont use the buggy extension and disabling is not the solution of the extension .The fix solution is  Remove/Uninstall those extension ,caz every time when site loads these disabled modules also loads

Change the .htaccess FIle: For more security add these lines to  your .htaccess file as per the following .please read the comment line before using .If you are a newbie we'll suggest to avoid to play with .htaccess

1. ########## Begin - Rewrite rules to block out some common exploits
2. # Block out any script trying to set a mosConfig value through the URL
3. RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
4. # Block out any script trying to base64_encode crap to send via URL
5. RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
6. # Block out any script that includes a < script> tag in URL
7. RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
8. # Block out any script trying to set a PHP GLOBALS variable via URL
9. RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
10. # Block out any script trying to modify a _REQUEST variable via URL
11. RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
12. # Block out any script that tries to set CONFIG_EXT (com_extcal2 issue)
13. RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR]
14. # Block out any script that tries to set sbp or sb_authorname via URL (simpleboard)
15. RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR]
16. RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D)
17. # Send all blocked request to homepage with 403 Forbidden error!
18. RewriteRule ^(.*)$ index.php [F,L]
19. ########## End - Rewrite rules to block out some common exploits

We are not done yet on joomla secuirty there is still a lot on security this is just start . Thanks for enjoying this article ,If you have any question or suggestion please drop a mail in our mailbox or just comment on the post . enjoy ;)

{rokbox title=|Webkul Security Expertise | text=|WebKul| size=|561 350|}images/stories/powered_by.png{/rokbox}