5 essential security tips
A couple of basic security measurements can prevent enormous chaos on your site.
1. Change jos_prefix
Scripts are searching for "jos_" database prefixes and that is a vulnerability. Read this article on the Joomla magazine site and download Admintools this extension will do the job for you. You just enter "newprefix_" and the extension does the rest for your in nanoseconds. Remove the extension after you have used it. (security)
2. Change admin id 62/63/64/65 Read this article You do not have to do this as difficult as described...It is actual very simple and requires the change of settings in 2 database tables.
You open in phpmyadmin the database table "prefix_user" (where prefix is the prefix of the table such as "jos_" see above!) You click the "browse button" and you see the users. Find those with id no. 62 (and 63/64/65) and click the edit button (pencil). Change the value 62 (and 63/64/65) into 32 (and 33/34/35) and click "go"
Next open the table "prefix_core_acl_aro" You will see here the same values. Change here also 62 (and 63/64/65) into 32 (and 33/34/35) You have now successfully changed the user id's and secured your site way better.
Note make a backup of your database before you do this!
3. Install Jsecure: go to http://gws-desk.com/administrator and see what it means. Your admin access is hidden! Commercial extension (cheap though!) but it is an important security tool GWS takes these 3 measurements on all (client) sites automatically. You are stimulated to do this to all your existing or new sites
4. Backup your site and download the backup. Use Akeebabackup which is free and will do the job nicely for you! Backup!
5. Last but not least: Do not store your passwords in your ftp-client (!) Most ftp-clients do not store the passwords encrypted but in plain text.....Easy to grab for bots/scripts. Read this related sticky post, written by our MD Leo Lammerink, on the Joomla forum for more info