How to back-up a Joomla site


2013-07-01_014329

Thankfully, there is a option that makes life a lot easier. It’s called Akeeba Backup and it basically automates the whole process outlined above, there’s also a utility that lets you ‘unpackage’ the back up onto your server if there’s a problem with your site.

It’s a great way to speed up the process and there’s plenty of documentation and a free download here. A word of caution though – whilst Akeeba is very good, we’d always recommend taking a manual back up from time to time, just in case there’s a problem.

12 tips and tricks to enhance Joomla Security


1. Backup data
Take time to make a troubleshooting plan before your site visited by hackers. You always remember: “Backup early and often” to protect your data. This gives you the certainty that if something goes wrong with your Joomla website, you can restore it at any time you want. Then you only need to find vulnerabilities on a website.
2. Update Joomla
If your website is running Joomla 1.0 or 1.5, you should upgrade to Joomla 2.5 or 3.0. In the higher versions, there are many security improvements in the core elements of the application. However, you should do with caution “always backup your Joomla before proceeding with the upgrade”. For more information, you can check Joomla tutorial.
3. Careful management of installed extensions.
The extension of third-party make Joomla extremely popular, but it’s also a way to enter your website. In addition, you need to update regularly for each different extension. So, you should consider that expansion is really necessary.
Make sure the following steps:
– Run code review for any extension used.
– Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.
– Update and patch for extensions when it’s necessary.
Remember that an extension, which isn’t safe, can be harmful to your entire website.
4. Remove unused files.
You install many extensions, but don’t use them? This is not only a weakness but also garbage for your website. Please use the uninstall function to totally get rid of the extension to avoid trouble.
5. Password protection:
The hacker usually attacks on weak passwords. You should regularly change your password and use all: uppercase, lowercase, special characters, numbers.
The database is very important. The SQL injection attack or any other attack on the database can make your effort lost. Make sure that your database access is protected at MySQL.
6. Use URLs search engine friendly:
Always use URLs search engine friendly. This not only improved the website’s Google ranking but also prevent hackers exploit to use Google’s search results.
7. Change URL for administration security.
Standard Joomla address is http://www.yoursite.com/administrator. In order to secure your site against attack, you can rename it to be something like http://www.yoursite.com/administrator?wewroi4459
8. Remove version number, name of extensions.
Most of vulnerabilities only occur in a specific release of a specific extension. This is why you should remove the information about the version number of any extension is installed. Remove the version number may prevent an attack before it can happen.
Showing My Extension version 2.5 is really bad thing. You can modify this message with only the name of the extension by doing the following:
– Retrieve all files of the extension from your server
– Open up Dreamweaver.
– Load any file from the extension that you just downloaded to your local machine
– Use the Search function and set the search to Search through specified folder. Navigate to the folder where you downloaded the exploit.
– Set the search term to “My Extension version 2.5” and press OK.
– When found the correct file, remove the version number.
– Upload the changed file to your server and check if the changes are made.
9. Use the correct CHMOD for each folder and file
Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:
• PHP files: 644
• Config files: 666
• Other folders: 755
10. Change your .htaccess file:
########## Begin - Rewrite rules to block out some common exploits
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a < script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script that tries to set CONFIG_EXT (com_extcal2 issue)
RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR]
# Block out any script that tries to set sbp or sb_authorname via URL (simpleboard)
RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR]
RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D)
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

11. Turn off Register_globals
You should turn off Register_globals, however, you must know that it can disable PHP script to work and maybe affect other programs that you are using on the website.
To make it, you just edit the php.ini file in the root directory of your domain name.
12. Review and action Security Checklist:
These checklists will point you in the right direction and inform you of typical security. So, make sure you went through all of the steps.

How to install joomla step 2


Now we will show you Install step By step .At first Extract joomla file in  test folder and open browser and  type http://localhost/test and fill step by step Below picture Step by step.

Fill all Main Configuration -> Click next

Select Database type->Type Host Name->type Username it will be always  root in local server.->Password will be Blank if you are not use it before in XAMPP security .->Database name ‘test’. Go to next

If you want Blank website then click next if not then check blog Or anything you want.Click next and wait.

Click Remove Installation folder and wait then Go to Administrator Site.

How to install joomla step 1


At first download and install server software.Like XAMPP , WAMP .I would like to teach you in XAMPP serve.when it will install complete .you can see a control panel Like below picture.

Start Apache and MySQL and if you want test your mail send option then you need to start Mercury.
Now you need to go server folder Click Explore on your XAMPP control panel.

You will go to this link G:\xampp\htdocs and Create one folder named Test as you want.Copy, paste and Exract  your JOOMLA installation folder and all file. Download Joomla! 3.0.x from here.

Now we need to open Browser then  http://localhost/xampp/  click this link and Click phpMyAdmin  then you will go to MySQL

Click phpmyAdmin-> Database

Below Create Database->type database name->Click Create