Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Best Practices for Joomla Agencies

Vic
November 08, 2019
Technology
0
750

Security Best Practices for Joomla Agencies

Joomla users tend to know a lot about securing their websites. But website security best practices is literally the tip of the web agency security pyramid. In this presentation, Victor will discuss the three levels of this pyramid. He will put website security in context with the other levels of security that are recommended for successful agencies that are highly trusted by their clients.

https://www.joomlashack.com/conference/

Vic

November 08, 2019
Tweet

More Decks by Vic

See All by Vic
Getting "up to speed" with CloudFlare
vicdrover
0
33
Five tough lessons I learned managing a remote team
vicdrover
0
76

Other Decks in Technology

See All in Technology
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
Flutterによる 効率的なAndroid・iOS・Webアプリケーション開発の事例
recruitengineers
PRO
0
100
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
140
強いチームと開発生産性
onk
PRO
34
11k
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
マルチプロダクトな開発組織で 「開発生産性」に向き合うために試みたこと / Improving Multi-Product Dev Productivity
sugamasao
1
310
Engineer Career Talk
lycorp_recruit_jp
0
170
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
Taming you application's environments
salaboy
0
190
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
2
610
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
520

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
How to Ace a Technical Interview
jacobian
276
23k
How GitHub (no longer) Works
holman
310
140k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Building Your Own Lightsaber
phodgson
103
6.1k
Practical Orchestrator
shlominoach
186
10k
Become a Pro
speakerdeck
PRO
25
5k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k

Transcript

  1. Security Best Practices for Agencies

  2. @VicDrover Panama Papers

  3. @VicDrover Joomla implicated in data loss

  4. @VicDrover Threats keep coming

  5. @VicDrover JED Server Security Incident

  6. @VicDrover Levels of website security

  7. @VicDrover Levels of website security

  8. @VicDrover Levels of website security

  9. Client Passwords

  10. None

  11. @VicDrover Agency Passwords

  12. None

  13. @VicDrover Trust extends to your team

  14. @VicDrover Email security

  15. @VicDrover Staff

  16. Staff

  17. @VicDrover Disaster Response Plan

  18. @VicDrover Initial response Who, What, When Emergency contact info Service

    provider info 1-time use passwords

  19. Agency 7

  20. Agency 7

  21. @VicDrover Security policy Email usage Resource access Password strength Password

    duration Account sharing Team composition Disaster planning Continuing Education

  22. @VicDrover Levels of website security Local Remote

  23. @VicDrover Website: one piece of the puzzle

  24. @VicDrover PHP Usage

  25. @VicDrover Webserver security

  26. @VicDrover Heartbleed

  27. @VicDrover ssllabs.com/ssltest/ SSL Report: joomla.org

  28. @VicDrover Let’s Encrypt

  29. @VicDrover Other local issues SSH on non-default port, encryption keys

    Disable FTP Strong database password Enable logging Disable magic_quotes Disable register_globals

  30. @VicDrover Levels of website security Local Remote

  31. @VicDrover Remote services - email

  32. @VicDrover Remote services - DNS

  33. @VicDrover Remote services - reverse proxy

  34. @VicDrover Remote services - reverse proxy

  35. @VicDrover Levels of website security

  36. @VicDrover Well-known Joomla best-practices Unique administrator account Disable guest registration

    Remove Joomla installation directory No FTP password storage Disable Error Reporting

  37. @VicDrover YourSites MySites Best Practice Scanners

  38. None
  39. None

  40. @VicDrover Enforce strong passwords

  41. @VicDrover Password control

  42. @VicDrover Password expiry

  43. After activation you may login to your website using the

    following username and password:
  44. None

  45. @VicDrover Other site tips Prevention Software firewall (Admin Tools, RS

    Firewall) Protect admin areas with a password/token Don’t store credit card data locally Don’t share user accounts!!! Log User Activity
  46. None

  47. @VicDrover Apply update early & often

  48. None
  49. None