How do you setup a secure demo site?
From Joomla! Documentation
In /includes/version.php look for:
/** @var string Whether site is a production = 1 or demo site = 0 */ var $SITE = 1; /** @var string Whether site has restricted functionality mostly used for demo sites: 0 is default */ var $RESTRICT = 0;
For a demo site it is advised to following:
/** @var string Whether site is a production = 1 or demo site = 0 */ var $SITE = 0; /** @var string Whether site has restricted functionality mostly used for demo sites: 0 is default */ var $RESTRICT = 1;
$SITE = 0 // Allows multiple user logins with only one account. By default Joomla! // allows only one active session per account as a security feature.
$RESTRICT = 1 // Disables those logging in, both Front-end and Back-end from changing // user details - like password and username
These settings are used on the official demo site http://demo.joomla.org
You should also make all files and folders nonwriteable - especially the configuration.php file. Also recommend you setup an automatic cron job that refreshes the database at a set interval (in our case 60mins) from a db script.