Change your Joomla database prefix
By default the prefix for your Joomla database is jos_. Hackers will utilize this knowledge and attempt a variety of attacks using this little default tidbit.
Quick security tip for your Joomla site
Have you ever heard of people talking about a SQL Injection? Rest assured it has nothing to do with your doctor, and more to do with you and your site getting hacked.
“Crap, now I am scared, what do I do?”
Don’t get too upset, there is a solution. When you are setting up a new Joomla site you can select whatever prefix you want. jos_ is set as the default, but you can change it to anything you like within reason. (Try to stick with 3 digits and the underscore.)
You are in control…or should be!
If you are still using Fantastico or letting your webhost do a Joomla setup for you, it’s time to put on your big boy/girl pants and do a standard Joomla install once in a while.
You will have more control over your Joomla install, have a better understanding of Joomla, and won’t sound like a tool when somebody asks you a simple question about your install. You can also change your database prefix in the second step….the reason I brought this topic up in the first place.
Already have an existing install and just cannot start over?
That’s no problem, there are many different ways to change your prefix. If you are familiar with your database already and how to admin it, I won’t get into details. There are lot’s of results in Google on how to do this.
If databases and words are scary, then there is always the option of using a Joomla component for this change. There are a few components out there that can do this for you from your Joomla back-end, including this one from Dave Thomas. I haven’t used them personally, but they seem pretty straight forward.
Make a note!
The only other big issue to consider when changing your default prefix is to remember you did it. Some poorly written components might assume you are using jos_. Some bridges and/or integrations with other scripts might assume you used jos_.
Just make a mental note in your head or put it on your clients spec sheet, and don’t forget you changed from the default, and you will be good to go.
Happy Joomla’ing. :)
Tags: Extensions, Hosting and Security, Joomla
And while you are at it make sure you delete userid 62 and make sure you don’t have any user accounts called “admin”.
With these three you will defeat most sql hacks.
See http://brian.teeman.net/tips-and-tricks/secure-your-joomla-admin.html for instructions
Brian Teeman´s last blog ..Joomla Developers Showdown – Begins
Good point Brian :) I love that in Joomla 1.6 we now have the ability to change the default admin username. I see the userid in 1.6 is 42. Whats up with the twos? :P
I’m thinking maybe they chose the number 42 because it’s “The Answer to the Ultimate Question of Life, the Universe, and Everything” – Hitchhikers Guide to the Galaxy ;)
I believe that with Joomla 1.6 users will be able to choose the admin user name during the install process. Thereby removing the default “admin” user that is created when joomla is installed.
Thanks Brian.
One of the first things I do after setting up Joomla is login to my new account and change admin. It’s so automatic to me I sorta blanked on mentioning it. Good heads up.
Next first thing is to install jSecure thus performing some smoke and mirrors on your /administrator access page.
Like everything security precautions isn’t a guarantee about stopping them, it’s about delaying to the point that they go away and find easier targets.
Sick of obtaining low numbers of useless visitors for your website? Well i wish to inform you of a brand new underground tactic which makes me personally $900 per day on 100% AUTOPILOT. I possibly could be here all day and going into detail but why dont you simply check their website out? There is a excellent video that explains everything. So if your seriously interested in making easy hard cash this is the website for you. Auto Traffic Avalanche