Off the Cup
Over the past six months or so, the open-source CMS community has sounded the alarm about a continual wave of attacks against Wordpress and Joomla sites by nefarious individuals attempting to gain access to admin pages. Most of the time, this involves "dictionary" attacks at the login page. This means that hackers use programs that simply go down a long list of potential passwords until they get to the one that works. Once inside, they may do nothing or they may wreak all kinds of havoc with your content.
In my experience, I've seen hacks that have inserted otherwise invisible code that links to Viagra sites and worse. If they have access to your server, they can completely disable or take over your site.
As expected, the Joomla community has responded with security patches and some very good extensions to protect your site and its content. Over the next few weeks, I will review your site to make sure we have applied all the latest updates and I plan to install an extension called AdminExile.
AdminExile does two things I find useful to help insure against invaders. First, it notifies the admin whenever an attack takes place and second, it can "hide" your admin page URL. I normally only keep the former feature active for a short time. One site endured so many attacks that the emails became a nuisance, but it gave me a good idea that the site required added security.
To cloak your Admin URL, AdminExile requires the use of a secret word that gets appended to the end of the address. It looks something like this:
I will likely recommend that all sites I administer apply this feature, and I will notify all our clients individually when I do.
Keep in mind that this only applies to Joomla sites version 2.5 or higher, which includes most of the sites we deploy. Wordpress sites require other measures and Joomla 1.5 sites are no longer supported by the community.
Finally, please keep in mind that none of this is a bullet-proof solution. The sad fact remains that Web security is an ongoing battle and that if you depend upon it for marketing your brand, then you must remain diligent and take proactive steps to protect your site. So far, the open-source community in general and Joomla's in particular has done an excellent job staving off hackers.
If you have a hosting agreement with Coffee Cup Media, then security maintenance and software upgrades are included with your fee.
As always, if you have any questions about anything here, feel free to contact me anytime.