Security Checklist/You have been hacked or defaced. You have been hacked/defaced ? We are sorry for any basic language used in this document. Before you post in the Joomla! Security Forum please read this checklist summary, then use it as a post template. On Line Action List Take your website offline (We recommend the htaccess method) Run the forum post assistant and security tool The simple Instructions are available here. //administrator/components/com_extension/admin.extension.php? Or ../../../../../../../../../../../../../../../.. Review and action Security Checklist to make sure you've gone through all of the steps (please note some steps are optional, but please review them all). Chmod and cron IF you have permissions to access SSH (secure shell) via putty you can chmod the files and directories. For files use: find /home/xxxxxx/domains/xxxxxxx.com/public_html -type f -exec chmod 644 {} \; and for directories use: find /home/xxxxxx/domains/xxxxxxx.com/public_html -type d -exec chmod 755 {} \; Monitoring for File Changes 777 Permissions.
Security Checklist/Site Recovery. Security Checklist/Site Administration. Actions Security Checklist/Site Administration From Joomla! Documentation < Security Checklist Site Administration Use well-formed passwords Change passwords regularly and keep them unique. Consider using 2 factor authentication For superusers (and perhaps other powerful users) consider using 2 factor authentication. Maintain a strong site backup process Never rely on others' backups. Monitor crack attempts VPS and dedicated server users can run TripWire or SAMHAIN. Perform automated intrusion detection Use an Intrusion Prevention/Detection Systems to block/alert on malicious HTTP requests. Google search Perform manual intrusion detection Regularly check raw logs for suspicious activity.
Stay current with security patches and upgrades Apply vendor-released security patches ASAP. Review the vulnerable extensions Proactively seek site vulnerabilities Perform frequent web scanning. Google Search Proactively seek SQL injections vulnerabilities Use shell scripts to automate security tasks Joomla! Security Checklist/Hosting and Server Setup. Choose a Qualified Hosting Provider The most important decision Probably no decision is more critical to site security than the choice of hosts and servers. However, due to the wide variety of hosting options and configurations, it's not possible to provide a complete list for all situations. Check this unbiased list of recommended hostswho fully meet the security requirements of a typical Joomla site.
(FAQ) Shared server risks If you are on a tight budget and your site does not process highly confidential data, you can probably get by with a shared server, but you must understand the unavoidable risks. Avoid sloppy server configurations For a real eye-opener, read this report on thousands of sites that allowed Google to index the results of phpinfo(). Configuring Apache Use Apache .htaccess Block typical exploit attempts with local Apache .htaccess files. Joomla ships with a preconfigured .htaccess file, but *you* need to choose to use it.
PHP Being Run as an Apache Module. Using phpSuExec 1. Security Checklist/Joomla! Setup. Configuring Joomla! Install official versions of Joomla! To avoid breaking your site, search the forums for reports of incompatible extensions before upgrading to a new version of Joomla. Upgrade to the latest stable version of Joomla! As soon as possible. Download Joomla! From official sites only, such as downloads.joomla.org, and check the MD5 hash. Use Web Page Diagnostic Tools, i.e. Change the default administrator username Change the user name of the default admin user. Protect directories and files Ensure that all configurable paths to writable or uploadable directories (document repositories, image galleries, caches) are outside of public_html. In the Back-End Global Configuration, change the log path. In the Back-End Global Configuration, change the temp folder path. If the log and temp paths are changed and PHP open_basedir configuration directive is set, make sure that the new paths fall within the scope of open_basedir.
There is currently no easy way to move the Joomla! User beware! Security Checklist/Testing and Development. Actions Security Checklist/Testing and Development From Joomla! Documentation < Security Checklist Secure Testing and Development Develop locally, deploy globally Develop and test your site on a local machine first. Use an IDE Consider using an Integrated Development Environment (IDE). Use a versioning system Be able to roll back to an earlier version of your site using a modern version control system, such as CVS, Subversion, or git.
More suggested tools Check out the Joomla! Setup a backup process first The most important rule Thou shalt at all time be able to return your site to a previous working state through regular use of a strong, off-site backup and recovery process. Be sure your backup and recovery process is ready and tested BEFORE your site goes live. This is the single best way (and often the only way) to recover from such inevitable catastrophes as: A compromised/cracked site. Verifying permissions. Recommended settings The following information refers to Unix/Linux based server. If your web server is a Microsoft Windows based server(IIS), you should read:How do Windows file permissions work?. Then apply the applicable recommended settings below to your Windows based server. Depending on the security configuration of your Web server the recommended default permissions are: 755 for directories 644 for files Don't use extensions that require 777 permissions!
Note: On file permissions, in general never use 777 if you don't know what you are doing. How to Locate them There are a variety of methods to view the permissions of your website's files. Depending on what you are using, you should see something like this image. Again, depending on what method you are using, changing the permissions. Correct file permissions Learning the numbers Each octal digit corresponds to a group of three letters in a specific group. Remember Meaning of the numbers r = Read = 4 w = Write = 2 x = Execute = 1. jQuery: The Write Less, Do More, JavaScript Library. Joomla! Use Joomla! 1.6 on your own computer. It has been suggested that this article or section be merged with Xampp174.
(Discuss). Proposed since 6 months ago. This page is tagged because it NEEDS TECHNICAL REVIEW. You can help the Joomla! [Expand] Articles in this Series It is very useful to be able to learn and experiment on your own machine. Who is it written for? Not everyone using this Manual will have enough experience to feel comfortable doing this. Know where to find files on your computer and be able to create folders Be able to download something from a Web site and save it in an appropriate place You will not panic if you do not understand a concept! Experienced developers and people with programming experience will be fine. If in doubt - follow the instructions and try it! Summary There are three basic stages in doing this:- Downloading and installing some software that Joomla! Download and install XAMPP Important note on versions of XAMPP - as at March 4th 2011.
Before download Use Windows Explorer Download XAMPP Click Save File. jSeblod CCK - Joomla CCK - Content Construction Kit For Joomla. How to Convert a Static Website to Joomla Tutotiral. If you have a static website built in FrontPage or DreamWeaver for example, this tutorial will show you how to convert it to Joomla 1.5 Managing a static website can be a challenging task. To change a simple text in a static website you may have to make the changes locally and then upload the new files to your hosting account. On the other hand, a Joomla based website has all the flexibility a CMS application provides. This is why many people consider converting their static websites to Joomla. The conversion process can be divided into two parts - adding your actual data and recreating the design of your website.
You should begin with adding your data first because later it will be much easier to make your design with the real information on your pages. Adding your data consists of two main steps - creating your pages and creating your menus. Let's start with the creation of your Main Menu and a Home item that will show the content of your front page. Step 6 Type "Home" in the title field. Joomla Convert. How to Install WordPress on a Local Computer - WordPress on Windows. This tutorial describes how you can install WordPress on your local computer in 5 minutes using the free Web Installer from Microsoft. You don’t have to be a geek and the process of installing WordPress is as simple as installing another Windows application. You don’t have to be a geek to install WordPress on your own computer because the process is as simple as installing any other native Windows Application (e.g.
Microsoft Office). Before we get into the actual installation process, let’s look at some reasons why you may want to install a copy of WordPress on your local computer: #1. . #2. . #3. How to Setup WordPress on your Computer Though it takes only a couple of easy steps to install the main WordPress software, it can be a bit tricky to install the different services that are required to run WordPress – these include PHP and MySQL. Luckily, there’s a much simpler solution in town. Once the basic installation is done, you will be asked for specific information about your website. Installing WordPress. Languages: English • Español • Deutsch • বাংলা • Français • Italiano • Nederlands • 日本語 • 한국어 • Português • Português do Brasil • Русский • Slovenčina • Српски • ไทย • 中文(简体) • 中文(繁體) • (Add your language) WordPress is well-known for its ease of installation. Under most circumstances, installing WordPress is a very simple process and takes less than five minutes to complete.
Many web hosts now offer tools (e.g. Fantastico) to automatically install WordPress for you. However, if you wish to install WordPress yourself, the following guide will help. Now with Automatic Upgrade, upgrading is even easier. The following installation guide will help you, whether you go for the Famous 5 Minute Installation, or require the more detailed installation guide. Things to Know Before Installing WordPress Before you begin the install, there are a few things you need to have and do. These are: Things You Need to Do to Install WordPress Begin your installation by: Famous 5-Minute Installation That's it! A. B. Installing WordPress Locally Under Windows XP. In the past few weeks, I've tested a few blogging platforms for the upcoming launch of Geeksaresexy.net, and right now, I hesitate between 2 alternatives: WordPress and Textpattern. I'll be fooling around with both in coming weeks to familiarize myself with them.
I have now been running Wordpress for a week or so, and I must say that I am quite impressed by its ease of installation. Running a local version of your blog is very useful because it lets you fool around with themes and plugins to your heart's desire without having to risk breaking your live blog. Here's a little guide that will help you install and run Wordpress locally on your XP box in less then 10 minutes: 1- Get XAMPP lite for Windows. Choose the exe version, and install it at the root of your C drive. 2- Browse to C:\xampplite and double click setup_xampp.bat 3- Once that is done, double click xampp-control.exe and start the Apache and Mysql services. 4- Open your browser and go to this address:
Widgets. WordPress Widgets WordPress Widgets add content and features to your Sidebars. Examples are the default widgets that come with WordPress; for post categories, tag clouds, navigation, search, etc. Plugins will often add their own widgets. Widgets were originally designed to provide a simple and easy-to-use way of giving design and structure control of the WordPress Theme to the user, which is now available on properly "widgetized" WordPress Themes to include the header, footer, and elsewhere in the WordPress design and structure. Example of the WordPress Widget Panel Widgets require no code experience or expertise. They can be added, removed, and rearranged on the WordPress Administration Appearance > Widgets panel. Some WordPress Widgets offer customization and options such as forms to fill out, includes or excludes of data and information, optional images, and other customization features.
The Widgets SubPanel explains how to use the various Widgets that come delivered with WordPress. Site Design and Layout. Languages: English • Español • Bahasa Indonesia • 日本語 • 한국어 • Polski • Русский • ไทย • 中文(简体) • 中文(繁體) • (Add your language) Basics of WordPress Theme Design Theme Design WordPress and CSS CSS - Overview of CSS within WordPress, and list of resources related to CSS and WordPress Know Your Sources - External resources on HTML, PHP, and CSS in general CSS Coding Standards - Best practices for coding CSS CSS Troubleshooting - Examining and debugging CSS Right-to-Left Language Support - Working with RTL text using CSS Themes, Templates, and Customization Using Themes - Best starting point for learning about Themes Templates - Comprehensive list of theme and template resources Plugins - Comprehensive list of plugin resources WordPress Plugins and Customization - Other resources related to customizing WordPress.