Difference between revisions of "Security Checklist/Getting Started"
From Joomla! Documentation
< Security Checklist
| Line 10: | Line 10: | ||
== Read Me First! (OK, Second!) == | == Read Me First! (OK, Second!) == | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
===There's no free lunch!=== | ===There's no free lunch!=== | ||
Revision as of 02:28, 22 October 2008
Before You Begin[edit]
- Are you aware of this important link: Joomla Security News ? Have you subscribed?
- The number one cause of compromised Joomla installs is users failing to keep up to date with security patches. Are YOU running the latest secure version?
- The number two reason is insecure hosting setups. Is your hosting secure?
Once you have passed the two tests above, you are ready to begin.
Read Me First! (OK, Second!)[edit]
There's no free lunch![edit]
- Don't be fooled by Joomla's award winning ease-of-use. Maintaining a secure, dynamic Web site on the open Internet is not easy. Adequate security requires skill, knowledge, constant watchfulness, good backups, and continual effort.
There's no one right way![edit]
- Due to the variety and complexity of modern web systems, security issues can't be resolved with simple, one-size-fits-all solutions. You, or someone you trust, must learn enough about your server infrastructure to make valid security decisions.
There's no substitute for experience![edit]
- To secure your web site, you must gain real experience (some of which will be bitter), or get experienced help from others.
Rise above the herd[edit]
- The Security Forums are filled with "Help! I've been hacked" posts by people who did NOT follow standard security practices (this author included). If you decided to study documents such as this before your site is attacked, congratulation, you're already above the herd.
It's not as hard as it looks[edit]
- The following checklist may seem intimidating, but you don't have to deal with all of it at once. As you become familiar with tools of modern Open Source Web development, such as GNU/Linux, Apache, MySQL, SQL, PHP, HTTP, CSS, XML, RSS, TCP/IP, FTP, Subversion, JavaScript, Joomla!, you'll add refinements to your set of security tactics.
- All complex, dynamic, and open systems require powerful error checking and recovery methods. Web sites are no different. Strong security is a moving target. Today's expert might be tomorrow's victim. Welcome to the game...
Getting Started[edit]
Are you ready?[edit]
- Can you administer a dynamic, 24x7, world-accessible, database-driven, interactive, user-authenticated web server?
- Do you have the time and resources to respond to the flow of emerging Internet security issues? The Top 10 Stupidest Administrator Tricks is a comic/tragic look at what can go wrong. Don't learn these tricks the hard way! Depending on your recent experience, reading the Stupidest Tricks will either make you laugh or cry.
Stay informed of security issues[edit]
- Given the complexity of web servers, new vulnerabilities and conflicts are discovered all the time. To stay in the loop, subscribe to Joomla Security Announcements.
Check the FAQs.[edit]
- The most helpful posts in the Joomla! Security Forum are converted into Security and Performance FAQs. Many of the items on this list are explained in much greater detail in the FAQs.
Learn from the pros[edit]
- Hunt down the many nuggets of wisdom found in the Joomla! Forums.