University Web Developers

University Web Developers

We've found several issues when it comes to security of opensource PHP CMSs, particularly with Joomla and PostNuke. Since Joomla and the PHP engine are so widely used they seem like big targets of attack. Patching all of our Joomla installations every time a hole is fixed can be time consuming. What are some of the ways in which you protect Joomla? What alternatives are you using that might not be as vulnerable? Are there any other programming platforms you are using for your site that might be more secure than PHP?

Views: 34

Reply to This

Replies to This Discussion

Hi there,

a few things I do:

1) Hide the fact that your site is indeed a Joomla site - this can be done by removing the generator tag, removing any links pointing to joomla.org from templates. Doing this alone will keep you off the radar of 'script kiddies'. Do not use standard Joomla urls (of course you would want to do that for seo reasons anyway)

2) Use an extension like sef404 which not only handles sef urls but also has various security features and reporting built in

3) Do not EVER just install a 3rd party extension because it looks useful, always check on the joomla site (and via general googling) if there are any know security issues. 4 out of 5 of the people that I know that have had Joomla sites hacked, were the product of installing poorly written (free) extensions

4) Make sure your host is on the case with security, I know that there have been issues for a number of people on shared hosting packages, especially when cpanel is used - I beleive there is a potential security issue on the cpanel config file generated if you let it install Joomla for you (rather that via a straight/standard browser based install).

5) Re patching, if you use Joomla multisite (which is pretty cheap) you only need to patch one instance of Joomla and the rest are auto updated which is a nice time saver

Hope this helps!

4)
One thing you could do is look into an IDS/IPS like StrataGuard (it is free for servers up to 20Mbps last time I checked). You can build in rules for intrusion detection that can take care of a lot of the ways bots and hackers will make initial checks for vulnerabilities.

I like that as an answer, because ultimately I'd argue no language is particularly more "secure" than another. They are only as secure as the person writing the code, and if you are relying on someone else's code, then you really shouldn't ever just trust them to be right. The third party IDS/IPS route kind of helps by adding that extra layer.

RSS

Elsewhere

Latest Activity

Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Does your college or university website meet the new WCAG 2.1 accessibility standards? http://bit.ly/2JBXD3s"
Friday
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Eric Turner from Mt. San Antonio College, who will share easy steps to make your website GDPR compliant. http://bit.ly/2zhdcIt"
Jul 10
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"It is always important to make a good first impression! Join Aaron Blau from Converge Consulting as he covers ways to make your web content attractive to your target audience and create an authentic brand message. http://bit.ly/2zhdcIt"
Jun 19
Jon Shaw posted a discussion

email obfuscation

Anyone using a javascript or php email obfuscation library that is effective for spam defense?See More
Jun 11
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Kelly Bostick from University of Arkansas who will provide some great tips on ways to ensure that all of your digital content is accessible. http://bit.ly/2zhdcIt"
Jun 6
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Creating and producing website content is just the tip of the iceberg. In our latest white paper, learn how to manage that content to help your website reach its fullest marketing and recruiting potential. http://bit.ly/30WJ0PW"
May 30
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"A college or university website redesign is the most effective and cost-efficient way to attract and recruit new students. Download our ultimate guide to get started on your redesign today! http://bit.ly/30MmcSQ"
May 28
Cody Bryant is now a member of University Web Developers
May 20
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Rachael Frank from Gravity Switch to learn how to organize your content and messaging for a website redesign. http://bit.ly/2zhdcIt"
May 16
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Capitalize on content by creating an editorial calendar for your college or university website. Here’s how: http://bit.ly/2WCauaY"
May 9
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"A soft launch of your website redesign is well worth the extra time. Find out why. http://bit.ly/2LfeigX"
May 2
Linda Faciana posted a blog post

Webcast - Website Redesign | The importance of using content inventories

Join us for our next webcast with Laura Lehman from Eastern Mennonite University to learn how to effectively use Google Sheets during a website redesign and migration! http://bit.ly/2zhdcItSee More
May 1
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"What are characteristics of the best CMS for colleges and universities? Read our guide to find out: http://bit.ly/2Vt519j"
Apr 24
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Caroline Roberts from iFactory who will be providing tips on how to improve your SEO by finding and wisely using the keywords and phrases that matter most! http://bit.ly/2zhdcIt"
Apr 18
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"If your college website is not reaching your audience, but still meets most technical and accessibility requirements, there are a number of ways to fine-tune its performance. http://bit.ly/2KO08U8"
Apr 18
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Before you click the launch button on your newly redesigned website, it pays to doublecheck the details: http://bit.ly/2D9v5vr"
Apr 11
Laurie Trow replied to Jessie Groll's discussion Thoughts on "part-time work from home" for a web developer?
"I do work from home a few days a week. Depending where you're located, this would definitely be a perk. I've found plenty of higher ed jobs, but it's not often where working from home is an option. I find this odd since the higher ed…"
Apr 4
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Take a look at these award-winning higher ed digital marketing campaigns to see what’s working for them – and what you can implement to make your school’s digital marketing campaign one of the best. http://bit.ly/2JlzLiq"
Apr 3
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Do you have a plan in place to ensure your redesigned website is a success? Read our new white paper for the steps needed to successfully launch your website so that it is effective, informative, and gets noticed. http://bit.ly/2HZt73Z"
Mar 29
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"The better you pay attention to these small SEO details, the higher your website will rank in searches. http://bit.ly/2I6Yo1C"
Mar 28

UWEBD has been in existence for more than 10 years and is the very best email discussion list on the Internet, in any industry, on any topic

About

© 2019   Created by Mark Greenfield.   Powered by

Badges  |  Report an Issue  |  Terms of Service