Chapter 20. Security
If youâre tempted to pass over this chapter, donât. The idea of security scares a lot of people. Would you rather deal with security issues now or after your website has been hacked? Ben Franklin once said, âAn ounce of prevention is worth a pound of cure.â We couldnât agree more. While we feel Joomla is a secure platform, we recommend that you take the proper precautions. Also, if your client is paying you to manage their website, itâs your obligation to ensure that they are set up as securely as possible.
Importance of Security and the JSST
If you discover a vulnerability, also called an exploit, in Joomlaâs core code, please email any and all information you have about it to the Joomla! Security Strike Team (JSST) at security@joomla.org. This email address should not be used to ask for help restoring your website or to report vulnerabilities in third-party extensions. Vulnerabilities in third-party extensions should be reported to the developer of that extension. For other security questions, it is best to visit the official Joomla Security Forum found at http://forum.joomla.org/viewforum.php?f=432.
Note
Do not post vulnerabilities on the Joomla forums. If the vulnerability is in fact a threat, it is best to give the Security Team time to release a patch before the rest of the world knows about it. Also, if you have been hacked and have questions, donât mention the name of the attacker. Hackers crave publicity and mentioning their name along ...
Get Using Joomla now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
