hardening the famous PHP-CMS Joomla!

I’m not a big fan of Joomla! but a client wanted to use it and so I had a closer look on it, to make it a bit securer.
For the moment I work with the 1.0.14 version and read that the Joomla1.5 work with safe mode on and has some nice security features.
Here are some tips which you can also use if you aren’t a Joomla head.

- always upgrade to newer stable versions, you can check if there is an upgrade for your Joomla! in your Admin panel System->Version Check
- put a .htaccess file in your “administrator”-folder to protect all the files in the folder and subfolders
- change your administrator login, default is “admin” to another name and make sure the password is strong enough
- change the permissions of your config file

chmod 644 configuration.php

- if you can use SSL without any pain use it.
- delete temporary installation files and images you don’t need from Joomla!’s subdirectories
- if you plan to install and use extensions, take a look at security lists for it, like http://secunia.com/search/?search=Joomla and keep them fresh

all changes in the php.ini are global so be careful with changes!
- disable function that could be a security risk with “disable_functions”

disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open

- Magic quotes for incoming GET/POST/Cookie data again SQL injections

magic_quotes_gpc = On

- Turn off your Register Globals

register_globals = Off