CMS powered websites had always and will always be a target of attacks. Usually for the purpose of SEO poisoning, Joomla is no stranger to this attacks.
Constant vigilance in updating Joomla and its installed components ( from reliable component providers
of course ) provides some level of security to the Joomla website.
Installing security components further hardens the Joomla CMS through the component's security measures and its integration of a Web Application Firewall ( WAF ) .
One of the better security components for Joomla in the market right now is Akeeba's Admin Tools. Commercial it maybe, it provides a lot of features to harden both your Joomla's front-end and back-end sites.
Below are a few of its cool features :
If you are using Joomla's htaccess, it already comes with htaccess rules to block Joomla common
Using the htaccess maker of Akeeba's Admin Tools, you can further add rules such as securing access
to directories and files, protecting against clickjacking, blocking access from specific user agents ... by
just clicking a button.
Yes, you don't even need to see those alien looking htaccess regex rules. Just select the rules you want
and Admin Tools will assemble it on the htaccess file.
3 layer administration site security access
1) 1st level
- administrator site can be only be accessed by adding a GET string on the administrator site URL
2) 2nd level
- administrator site is directory password protected
3) 3rd level
- administrator login page will only be displayed when level 1 and 2 are passed
Three protection levels to access the Joomla's administration site. Can't asked for more.
visual fingerprinting protection
Search engines can identify if your site is running Joomla through Joomla's
meta generator tag. And of course, this can be exploited by attackers crawling specifically for Joomla sites.
Joomla currently doesn't have an off switch for this, and though you can remove by editing the Joomla's
core template, it is easy as a button click again on Admin Tools.
implement HTTP:BL filtering
This allows you to integrate with Project Honeypot's spam fighting services. Through the project's
database and its threat-algorithm, it can determine if an IP accessing your website is spammer, and
depending on the IP's threat level, Admin Tools may block it from accessing your site.
This should help in reducing spam access to the website which messes up SEO reports.
Well, these are just a few of the security features that Akeeba Admin Tools provides. There are still a lot which you can check out at - https://www.akeebabackup.com/documentation/admin-tools/ .
On part two, we will install Akeeba Admin Tools and check out how to configure its security measures.