Joomla just released version 1.5.6. of its Open Source CMS.
This release is an security fix that fixes a leak that "will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id)".
So if you run a Joomla 1.5.x website, make sure you update soon! asap would be fine :-)
For the rest, you can read that even a seasoned Joomla administrator sometimes forget to put a basic security practice in place.
Here are some tips to make your Joomla site just a little safer:
- create some new users after installation and give one of them super-administrative rights, make sure you know the user-name and password to login.
Then Login under this user-name and delete the first user called Admin.
- Set your configuration.php file permissions to 644, or even 604 to prevent php injections and overwriting your configuration.php. Do the same with your index.php file.
- Make sure your administration directory is secured by .htaccess and password, the easiest way you can realize this is mostly done by the cpanel of your hosting company.
Otherwise there is a good tutorial on Joomla Add-ons
- Make a proper backup of your website after your last changes or at least on a weekly base.
Also have a copy of your configuration.php and index.php files on your local PC.
From an SEO point of view a hacked website can get you into trouble because Google will take you out of the Index (may take some days, depending on your crawl frequency) and you have to do a re-inclusion request once the site is backup again.
If you want to keep an eye on your website, use a program like http://mon.itor.us/ or the one I use Site24×7, both can send you an warning email if something goes wrong.
And both will give you the possibility of a free account and don’t overcharge for their service.
