- Can you navigate to www.yoursite.co.uk/administrator and get to the Administrator screen?
Yes? This should be hidden and/or password protected, to stop people accessing your administrator portal without the appropriate credentials. Consider using a plugin such as JSecure to resolve this.
No? Great, your administrator portal is hidden from public view!
- Is there a Super Administrator with the username ‘admin’ and with the ID #62 (go to User Manager to view the user ID)
Yes? This is the default username and ID number for the site super administrator. If someone knows this information it is much easier to gain access to your website, particularly if you have any other vulnerabilities such as being out of date with your Joomla! installation. This account should be disabled and an alternative administrator account created - preferably with a hard to guess ID (i.e. not #63, which would be my next guess!) and a unique username.
No? Great, make sure your default super administrator account with ID of #62 is disabled in User Manager.
- Are your website addresses really long and ‘geek speak’? (e.g. www.yoursite.co.uk/index.php?option=com_content&task=view&id=5&Itemid=6)?
Yes? URL’s should be made ‘Search Engine Friendly’ so that they contain keywords and the content of the page/article, so people know what they are looking at, and can tell someone else easily how to reach the page – e.g. www.yoursite.co.uk/About-Us/About-My-Company. We'll be writing an article on Search Engine Friendly URL's in Joomla! in the near future.
No? Do your URL’s contain words which are not your keywords, such as www.yoursite.co.uk/content/section/12/162/ ? If so, you may have the default Joomla! Search Engine Friendly URL’s enabled. While this is better than nothing, it isn’t helping your Search Engine Optimisation much, and could be far improved to include keywords relating to the page or article. Consider whether you may want to use a component to give you further control over your URL's.
- Are you running an out of date, unsupported version of Joomla!? If you go to www.yoursite.co.uk/administrator do you see a screen like this:
- If you see this screen, you are using an old and no longer supported version of Joomla! – this version was deprecated almost a year ago! While it is still stable (providing you are running version 1.0.15 which you can find at the bottom of the page when you log in – any lower versions are a serious security risk) it is strongly advised to upgrade to at least Joomla! 1.5, which looks like this:
- Is your Joomla! site using the most up to date version? In Joomla! 1.0.x (first image above) when you log in, it shows at the bottom of the site. In Joomla! 1.5.x (second image above) it shows on the right hand side when logged in. The latest versions are:
- 1.5.23 (Latest patch released on 4th April 2011)
No? If you are running versions other than those specified above you are potentially at very serious risk of being hacked, as many of the updates are security patches which cover ‘holes’ that are discovered – in much a similar way as Microsoft Updates do.
- Does your site have the following features
- Google Analytics
- Metadata tools to help with your Search Engine Optimisation
- Backup systems to take regular updates
- Anti-spam systems to stop spam coming through your contact/registration forms
Yes? Great to hear, is there anything else you want to add in? With Joomla! the modular extensions system makes it easy to bolt on just about anything - whatever you want to do pretty much can be achieved!
No? These are basic add-on extensions which can be invaluable to your website!
You can download this check list as a PDF here.