Joomla Security- How to Secure Joomla Website from Hackers

Secure Joomla Website from Hackers

Joomla security is a primary concern for every Joomla website admin. Exclusive tutorial on how to secure your Joomla website from hackers.

Every day many websites getting hacked is your website running on Joomla, then make your website secure with the following techniques.

Joomla is a popular CMS for this reason hackers try to hack your website frequently. Learn about Joomla’s security issues, extensions and how to fix them.


Always keep Joomla and it’s extensions up to date. Older versions files may have many bugs. In every new version of Joomla and extensions, the code will get clean and fix critical bugs to prevent your site from hackers. First Update Joomla to update version and also look on Joomla extensions to upgrade them to the latest versions.


By default, the username will be Admin, which helps hackers to easily hack your Joomla website. So prefer to use strong username and password.

Some of commonly used passwords and techniques to select a strong password :

  1. Your Password should include special characters, numbers and capital letters, so it’s very difficult to guess.

  2. Don’t use commonly used words as your Joomla website passwords like 12345, Love, Old password, New password, qwerty,  iloveyou, monkey, 111111, 123123, etc.

  3. Don’t use your name and family name in the password.


Don’t allow users to upload files on your website or server. In your C panel use proper file permissions to prevent your website from hackers.

Recommended permissions to Joomla files, Folders and config PHP file:

  1. Assign 644 for Joomla files
  2. Assign 755 for Joomla folders
  3. And assign 444 for your Joomla website config.php file.


Edit .htaccess file to block some Joomla security issues. Add the following code snippets at the end of your Joomla .htaccess file.

########## Begin - Rewrite rules to block out some common exploits
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a < script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script that tries to set CONFIG_EXT (com_extcal2 issue)
RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR]
# Block out any script that tries to set sbp or sb_authorname via URL (simpleboard)
RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR]
RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D)
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
########## End - Rewrite rules to block out some common exploits

Use a Secure Web Hosting

Keep in mind one thing, nothing can make your efforts to secure Joomla effective if your website is hosted on outdated hosting infrastructure. That said, you should choose a durable and protected hosting platform to store your site data for seamless operations. No doubt, SiteGround the robust host out there offering outstanding services at cheap rates.

However, you can also consider checking the Digital Ocean cloud platform to avail virtual cloud server at a reasonable pricing tag. Though they are developer-friendly and require a few technical skills to maintain your server. If you’re one of those who prefer to have a cloud-based host, then check out following DigitalOcean competitors to get a reliable cloud server with easy to use dashboard and friendly customer support.


This is the best and accurate way to improve the security of your Joomla websites. Install best Joomla security extension to prevent your website from hackers.J Hack Guard is a popular Joomla security extension developed by Site ground.

  1. jHackGuard
  2. Akeeba Admin Tools
  3. jSecure


Backup your Joomla website files and database frequently, if something happens upload this data to get back your website.

If you don’t know, how to back up the Joomla website, contact your web hosting provider. Or simply install and configure best Joomla backup extension “Akeeba Backup” to back up files and data directly from the Admin panel.