The Problem
Hackers who know or suspect your site is hosted in joomla! only have to type /administrator after your url to get to your admin login page. Hackers thrive on finding the (often short, often based around your name and other personal details) phrases needed to login and mess up your site.
Allan has had his site hacked in the past and had to spend a very long time restoring it.
It may be tempting to ask why hackers would bother to hack your site, especially if it's small. Well there are two sorts of hackers. First is the bloody-minded who think they are on a mission, providing a public service, like burglars who argue they are just testing people's alarms systems. They will do it "to teach you a lesson about web security". The second is more serious - organised criminals and international terrorists looking to use other people's web resources to make their own activities more difficult to trace.
Allan's Solution
JSecure Authentication is a simple plugin that requires someone to know an access key before they can see that login page. It's not bombproof but it's a useful extra layer and it's free and simple.
How I did it
- Download the plugin from the Joomla! extensions database
- Login as administrator
- Extensions | Install
- Browse - find the file you jsut downloaded - it's a zip but you don't need to unzip it.
- Click "Upload File and Install"
- Extensions | Plugin Manager find JSecure Authentication and click to edit
- Set the Enabled option to "Yes"; change the key and REMEMBER WHAT YOU CHANGED IT TO!
Your key is vital - don't make it anyone's name, your place of birth or any word out of any dictionary. You should also change it regularly. But you know all that stuff because people are always telling us.
'Til next time
Dave
My site is here.
Joomla! is based here.
Allan is actually Alan!
ReplyDelete