Webinova Online Customer Support > Webinova Help Desk > Knowledgebase

Search help:

How to secure additionally Joomla?


Before taking extra steps to secure Joomla, you should make sure its core code and any additional components / modules are up to date. Then you can take advantage of the next extra security measures:

1. Secure your administrator’s area. This will prevent simple brute-force attacks. Along with that, all components and modules code inside this directory will be safe. For this purpose:

- Place an .htaccess inside Joomla’s ‘administrator’ directory. It should contain:

Deny from all
Allow from YourIP*

* You can find your IP* by going to sites such as

- In case your IP changes, you should try securing the directory with Password Protection

2. Change the default database prefix jos_. This will trick all MySQL injection attempts. For this purpose you can use the following third party component. You should back up your database before changing its prefix.

3. Make sure your host does not allow remote code inclusion in PHP by default. For this purpose log in your Joomla Administrator’s panel and navigate to System, System info from the top panel. There go to the PHP Info tab.

- If you are using PHP 5.2, make sure that the directive ‘allow_url_include’ is set to off;

- If you are using PHP version below 5.2, make sure that the directive ‘allow_url_fopen’ is set to off.

Was this article helpful? yes / no
Article details
Article ID: 313
Category: General Joomla FAQ
Date added: 2012-12-11 15:49:28
Views: 17
Rating (Votes): Article rated 3.0/5.0 (6)

« Go back

Powered by Help Desk Software HESK - brought to you by Help Desk Software SysAid