Two-Factor Authentication is an extra security layer that requires not only a username and password from the user but also require something (typically a device, like your smartphone) that only the given user can posess/access. This can be one of a large variety of devices/solutions, but the common ground here is that the user will be authenticated ONLy if have simultaneously BOTH authorization elements: the Joomla password and the second authentication attribute.
Secure Joomla
Joomla is safe!! - you can heard in every forums. Is indeed safe enough? Yes, the core Joomla, if properly configured and deployed is a reasonably secure environment. The difference can be made by several factors. and first of these factors is YOU, the webmaster. But there are others, like the hosting environment, the addons used, and couple of others. Watch your back! And keep your site safe!
The most comprehensive analysis of trends in the website security finally is out. There are couple of interesting fact worth highlighting.
Most important is something we expected: Joomla is emerging as the most secure CMS.
Joomla, as most CMS's excells by making it easy to manage a website page. Offers a pretty easy way to manage Web-based publishing, format management, history editing and version control, indexing, search, and retrieval. Joomla has an impressive suite of features, but these features require some special considerations.
As I write this, both Joomla 1.5 and 2.5 have reached their EOL (End Of Life) for long time, and are not developed or supported anymore. This is a huge security risk, so the best advice here is to upgrade your Joomla site to the latest version. But what if you don't have the time/funds to do it right now?
Clickjacking is a browser security issue and is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. The hacker installs an invisible layer over the existing site, hijacking the user's clicks. The suspicious-less user will perform this way actions they never intended to, from apparently inoffensive ones, as following someone on Twitter, to really nasty things, like password, credit card information theft, and anything else you might (not want to) do on a webpage.
Choose your extensions wisely - one basic rule when you develop a Joomla site. And same applies to you, weekend webmasters! Your site is a sitting duck, waiting for hackers (especially script kiddies. Well, easy to say it, but what can be seen as "wise" choice here?
- Avoid easy Joomla version detection
- Joomla update warnings via Google Webmaster Tools
- Help, I was (almost) hacked!
- Disable the user name "admin"
- Change the file and folder permissions automatically
- Block unwanted visitors using their IP address on your Joomla site?
- Enhance your security with .htaccess rules
- Keep your Joomla core up to date!
- Moving the location of admin login
- Change the default Joomla database prefix