[Cialug] Slight OT: Joomla & Security

Kenneth Younger kyounger at gmail.com
Thu May 24 16:33:28 CDT 2012


As for WordPress, there are plugins that will auto-update your install as
soon as new versions come out.

Sure, there are risks to that, but if you aren't doing anything terribly
fancy, and using well-maintained plugins/themes, then you can get away with
this auto-update feature. I use that for when I set up a friend's basic
site, so I don't have to check on a daily basis if I need to click a single
link to update things. I figure -- I have backups, and the chance that
something is going to break from an update is small, so it's the more
convenient route.

-Kenny

On Thu, May 24, 2012 at 4:25 PM, Matthew Nuzum <newz at bearfruit.org> wrote:

> On Thu, May 24, 2012 at 2:25 PM, jrnosee <jrnosee at gmail.com> wrote:
>
> > Yeah, it's the locking down part I need to learn.  Both of these were
> > "installed" from an akeeba backup and I had to jump through hoops to get
> > them working on this host.
> >
> > I still need to figure out proper registration security too.  good thing
> > I'm set up to require admin approved registration.  Either joomla's
> > ignoring captcha on registration or bots have no problem fooling it.
> >
>
> A prime way for people to hack websites is to find an open source software
> version with a vulnerability and then scan the web for sites running that
> version. Joomla, Wordpress and Drupal are three examples of such open
> source software that is so popular that they're easily targeted.
>
> One of the best ways to keep your site secure is to make sure you're up to
> date on the software. This includes the themes and plugins that you use.
>
> I don't use Joomla but I do use Drupal so I'll use it for illustrative
> purposes. I subscribe to the Drupal announcement list so that I get
> notified whenever a security update for Drupal is announced. I install as
> few modules as possible and those I do install I ensure that I only use
> "released" (not beta nor dev) versions. That way the update report feature
> of Drupal can successfully notify me if an update to the module is
> available.
>
> Good luck on this. Alas, I've learned the hardway like you are now. It's a
> pain. If you have the option to wipe and start clean, you may find it
> beneficial.
>
>
> --
> Matthew Nuzum
> newz2000 on freenode, skype, linkedin and twitter
>
> ♫ You're never fully dressed without a smile! ♫
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
> --
> Kenneth Younger III
> Founder, Sheer Focus Inc.
> e: <http://cialug.org/mailman/listinfo/cialug>kenny at sheerfocus.com
> p: (515) 367-0001
> t: @kenny <http://twitter.com/kenny>
>
>


More information about the Cialug mailing list