Security
From Joomla! Documentation
Recommended Reading
- Getting Started
- Hosting and Server Setup
- Testing and Development
- Joomla Setup
- Site Administration
- Site Recovery
- You have been Hacked
More Information
List of articles that belong to the category "Security"
- Security and Performance FAQs
- Top 10 Stupidest Administrator Tricks
- What are these strange (URL-Encoded) characters doing in your code?
- How to add CSRF anti-spoofing to forms
- Category:Security FAQ
- Htaccess examples (security)
- How do you block direct hot linking to image files using htaccess?
- How do you recursively adjust file and directory permissions?
- Backup Basics for a Joomla! Web Site
- How do you block directory scans using htaccess?
- How do you convert an htaccess.txt file into a .htaccess file?
- How do you password protect directories using htaccess?
- How do you restrict directory access by IP address using htaccess?
- Secure coding guidelines
- Archived:Vulnerable Extensions List/Archive
- Taking the website temporarily offline
- Security Checklist
- Security/Guide
- Delete Installation folder
- How do Windows file permissions work?
- How do UNIX file permissions work?
- How do phpSuExec file permissions work?
- Verifying permissions
- Archived:Global configuration
- J3.x:Global configuration
- Security hotfixes for Joomla EOL versions
- How do you convert an htaccess.txt file into a .htaccess file?/en
- How do you convert an htaccess.txt file into a .htaccess file?/ca
- Taking the website temporarily offline/en
- Security hotfixes for Joomla EOL versions/en
- Security/en
- Security Checklist/en
- Delete Installation folder/en
- How do you block directory scans using htaccess?/en
- J3.x:Two Factor Authentication
- J3.x:Two Factor Authentication/en
- Backup Basics for a Joomla! Web Site/en
- J3.x:Two Factor Authentication/de
- Backup Basics for a Joomla! Web Site/pt-br
- Security Checklist/fa
- Security/ru
- Security Checklist/ar
- J3.x:Taking the website temporarily offline
- J3.x:Taking the website temporarily offline/en
- J3.x:Taking the website temporarily offline/de
- Security Checklist/th
- Discover The Joomla Versions On Your Server
- Backup Basics for a Joomla! Web Site/bn
- J3.x:Joomla 3.8.8 notes about the changed default settings
- J3.x:Joomla 3.8.13 Security Notes
- J3.x:Updating to Joomla 3.8.13 and 3.9.0 as non-superuser
- J3.x:Joomla 3.9.3 Security Notes
- J4.x:Http Header Management
- Security Checklist/el
- Taking the website temporarily offline/it
- File:Enable HTTPS In Global Config-en.png
- Enabling HTTPS on your site
- Magic quotes and security
- Securing Joomla extensions
- Secure coding guidelines/en
- Updating PHP
- WebAuthn Passwordless Login
- Backup Basics for a Joomla! Web Site/ru
- Help4.x:Components Joomla Update
- J3.x:Taking the website temporarily offline/ru
- J4.x:Joomla Update Problems
REMEMBER
- There's no one right way! Due to the variety and complexity of modern web servers, security issues can't be resolved with simple, one-size-fits-all solutions. You, or someone you trust, must learn enough about your web server infrastructure to make valid security decisions.
- There's no substitute for experience! To secure your web site, you must gain real experience , or get experienced help from others.
- It's not as hard as it looks: The following checklist may seem intimidating, but you don't have to deal with all of it at once. As you become more familiar with GNU/Linux, Apache, MySQL, PHP, HTTP, and Joomla, you'll add refinements to your combination of security tactics. Security is a moving target, so today's expert might be tomorrow's victim. Good luck!...
Please read Joomla! Administrators Security Checklist for more information.
See all documents in the Security Category.