I’m hearing a lot of people with the Joomla 1.5 web sites are being hacked lately my advice would be to upgrade to the latest stable release as soon as you can latest version of Joomla.
After doing that there are a few other things that you could do to minimize being hacked.
- Follow the Joomla Administrator’s Security Checklist
The joomla.org dev team have put together a Joomla Administrator’s Security Checklist – you can use this information to secure your Joomla web site as much as possible using their guidelines.
- Recommended plugin: jSecure AuthenticationBecause every Joomla admin panel has the same URL. By installing a security plugin, you can add a suffix to your admin panel URL. If the incorrect suffix is entered to the URL the site will redirect to home page or a 404 (not found) page. The plug-in is worth the $4.99 price.
jSecure Authentication plugin here
- Recommended plugin:Joomla Admin ToolsUpdate your Joomla! site. Perform maintenance tasks. Protection against hackers. Optimize your site. All in one, neat bundle. Download Joomla Admin Tools
- Avoid useing the jos_ prefixThe standard prefix for Joomla database tables are jos_. Many security exploits depend on your database tables being named jos_xxx.
Simply by using a diffrent prefix you would be protected from these exploits.
Make sure this is unique for all your sites.
You can read more about this in Brian Teeman blog.
- Don’t use default admin userEvery fresh install Joomla site ID for the admin user in Joomla 15 2.5 is always 62, and this can be used by hackers. Do the following to avoid this:
- Create a new super-administrator with an original user name and strong password
- Log out and back in with new super-admin account
- In user accounts change the original admin user to a registered and save (as you are not allowed to delete a super-administrator).
- Now, delete the original admin user (user ID 62).
- Always use a unique and strong password
Create a unique passwords from a combination of upper- and lowercase letters, numbers and symbols. For instance [email protected]_#7
You can use the Online Password Generator to create strong passwords
- Change your username and password frequently
At least every 2 to 4 months.
- You should always update to the version of Joomla