Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Best Practices for Joomla Agencies

Vic
November 08, 2019
Technology
0
690

Security Best Practices for Joomla Agencies

Joomla users tend to know a lot about securing their websites. But website security best practices is literally the tip of the web agency security pyramid. In this presentation, Victor will discuss the three levels of this pyramid. He will put website security in context with the other levels of security that are recommended for successful agencies that are highly trusted by their clients.

https://www.joomlashack.com/conference/

Vic

November 08, 2019
Tweet

More Decks by Vic

See All by Vic
Getting "up to speed" with CloudFlare
vicdrover
0
31
Five tough lessons I learned managing a remote team
vicdrover
0
75

Other Decks in Technology

See All in Technology
コードや知識を組み込む / Incorporate Code and knowledge
ks91
PRO
0
160
生成AIと産業向けソフトウェアの自動生成 〜 ハノーバーメッセ2024より〜
kioto
2
250
自らを知り外と繋がる、日経のエンジニア採用とDevRel活動/devreljp92
nishiuma
2
190
Handling focus in 2024
tahia910
0
610
M5stackで使用できるpHセンサの開発
shinrinakamura
1
290
kcp: Kubernetes APIs Are All You Need #techfeed_live / TechFeed Experts Night 28th
ytaka23
1
160
生成AIの変革の時代に、 直近1年で直面した課題とその解決策
ktc_wada
1
790
データベース03: 関係データモデル
trycycle
0
110
Cloud Service Mesh に触れ合う
phaya72
1
310
One engineer company with Ruby on Rails
rstankov
2
470
.NET Profiler in 2024.
kkamegawa
2
2.6k
Secrets of a PowerShell "Guru"
guyrleech
1
110

Featured

See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
17
2.7k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
Creatively Recalculating Your Daily Design Routine
revolveconf
211
11k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Into the Great Unknown - MozCon
thekraken
15
1k
Documentation Writing (for coders)
carmenintech
60
4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
22
1.6k
Building a Scalable Design System with Sketch
lauravandoore
457
32k
Design by the Numbers
sachag
274
18k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
KATA
mclloyd
16
12k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
9
1.3k

Transcript

  1. Security Best Practices for Agencies

  2. @VicDrover Panama Papers

  3. @VicDrover Joomla implicated in data loss

  4. @VicDrover Threats keep coming

  5. @VicDrover JED Server Security Incident

  6. @VicDrover Levels of website security

  7. @VicDrover Levels of website security

  8. @VicDrover Levels of website security

  9. Client Passwords

  10. None

  11. @VicDrover Agency Passwords

  12. None

  13. @VicDrover Trust extends to your team

  14. @VicDrover Email security

  15. @VicDrover Staff

  16. Staff

  17. @VicDrover Disaster Response Plan

  18. @VicDrover Initial response Who, What, When Emergency contact info Service

    provider info 1-time use passwords

  19. Agency 7

  20. Agency 7

  21. @VicDrover Security policy Email usage Resource access Password strength Password

    duration Account sharing Team composition Disaster planning Continuing Education

  22. @VicDrover Levels of website security Local Remote

  23. @VicDrover Website: one piece of the puzzle

  24. @VicDrover PHP Usage

  25. @VicDrover Webserver security

  26. @VicDrover Heartbleed

  27. @VicDrover ssllabs.com/ssltest/ SSL Report: joomla.org

  28. @VicDrover Let’s Encrypt

  29. @VicDrover Other local issues SSH on non-default port, encryption keys

    Disable FTP Strong database password Enable logging Disable magic_quotes Disable register_globals

  30. @VicDrover Levels of website security Local Remote

  31. @VicDrover Remote services - email

  32. @VicDrover Remote services - DNS

  33. @VicDrover Remote services - reverse proxy

  34. @VicDrover Remote services - reverse proxy

  35. @VicDrover Levels of website security

  36. @VicDrover Well-known Joomla best-practices Unique administrator account Disable guest registration

    Remove Joomla installation directory No FTP password storage Disable Error Reporting

  37. @VicDrover YourSites MySites Best Practice Scanners

  38. None
  39. None

  40. @VicDrover Enforce strong passwords

  41. @VicDrover Password control

  42. @VicDrover Password expiry

  43. After activation you may login to your website using the

    following username and password:
  44. None

  45. @VicDrover Other site tips Prevention Software firewall (Admin Tools, RS

    Firewall) Protect admin areas with a password/token Don’t store credit card data locally Don’t share user accounts!!! Log User Activity
  46. None

  47. @VicDrover Apply update early & often

  48. None
  49. None