From my years of experience with pro development and hosting of Joomla sites, I would boil it down to this general advice and considerations:
Since you state that you have had several custom extensions developed
via Joomla! http://ift.tt/1xpIeth
- find a decent, secure and responsive hosting provider, choose wisely. Without secure and up-to-date hosting environment - nothing else matters
- check your hosting provider's policies regarding security - do they scan the websites for malware for you, what else they do to insure your websites security?
- check your hosting provider's policies regarding critical situations protocols , and do they just lock you website down when you have the problem and leave you "dead in the water"
- user-isolated hosting enviroments, like VPS or dedicated servers are preferred
- mod_security and other proven app firewalls are advisable
- read (and learn) security articles and advisories: http://ift.tt/1fHfC6i
- update Joomla regularly and on time, subscribe to security announcements http://ift.tt/192gUCb
- regularly check VEL - Vulnerable Extension List - http://vel.joomla.org/ and subscribe to notifications about new/resolved VE
- (re)check where you are getting any of the extensions or templates from. If it is not the original author's website or directly from JED, then make sure you download the original version again and replace all the files with original ones. That's especially valid if you downloaded from "warez" websites
Since you state that you have had several custom extensions developed
- ensure constant developers care of all custom extensions - not maintained extensions are mostly used "backdoors" for hackers
- (if your budget allows) order an PHP code audit for your custom code, provided by 3rd-pty PHP security professionals
Statistics: Posted by Bernard T — Sat Sep 06, 2014 3:58 pm
via Joomla! http://ift.tt/1xpIeth
No comments:
Post a Comment