Joomla is a great CMS platform, but like all software, if not properly configured and protected, Joomla can be hacked. At ContiCreative we have been working on the web for well over 20 years. In fact, some in our team worked in or with Internet technologies well before Sir Tim Berners-Lee invented the World Wide Web more or less in the format we know it today.
Over the years we have learned a few tricks ion how to keep our websites secure. Most of it is simple, common sense advice. A bit of it is trickier and some of it is downright hard.
For obvious reasons, we are not going to discuss our security tools in specifics on this page, but if you Contact Us we'll be happy to discuss any security concerns you may have in person.
Step 1: Backup
Most of our clients, if they follow our advice, will never be hacked. However, hacking is not the only danger out there. Things can always go wrong. The first resource we give our clients is a Custom Backup Policy to safeguard the specific client's interest. Some clients, such as vanity web sites or some company sites that change only rarely, will need at the most a weekly automated backup and one each time the website is updated.
Most clients would do well with a daily backup to keep them safe and online. A minority of clients, e-commerce clients with heavy traffic for example, may need backups as frequently as every 15 minutes. In those instances, we tailor the backup and the client's own operations to minimize file size and overhead on the site's workings.
Step 2: Server based protection, SSL, CDN
Most reputable web hosts will offer third party security options. These include backup, firewalls and CDN (Content Delivery Networks). These options help make a website a lot less palatable to hackers.
Step 3: Website based protections
In case the server based protection are somehow not sufficient we also add security tools at the website level. These prevent hackers from injecting scripts, reach the site's login area, shut down certain traffic and so on. In the case of web security, redundancy is desirable.
Step 4: Client Awareness
All the steps above will be rendered null and void if a client uses an easily guessed password at any point, be it server or website level. We discuss security with our clients and their habits and make sure that the extra security policies do not negatively impact their business.
"When you hire ContiCreative you are going to be working with a trusted partner that will understand where you are coming from, where you are now and were you want to be next."