Joomla! is a well-known content management system, mature enough to be used by thousands of amateur and professional Web portals. Installation is a breeze and consists of six click-next steps. However, a default Joomla! installation is not necessarily a secure one, so let’s see how we can protect our portal from potential attackers.
The first rule of security when it comes to Joomla! is “update frequently,” because whenever a new version comes out, it usually comprises several user-reported bug and security fixes. If your host allows it, use PHP5 instead of PHP4, because it’s more advanced and offers better security.
Once your site is ready to be launched, make sure to set your configuration.php file to read-only — a critical step that most users neglect. Change file and directory permissions —
chmod 644 for files and
chmod 755 for folders — but be sure to keep temporary and cache directories writable, lest you get a site error.