In this post, we will list the most important tips that you can use to have a safe, fast, and efficient Joomla website. The tips are grouped into 3 categories:
- Security tips
- Performance tips
- General tips
Important security tips for Joomla
We have discussed before 10 security tips for your Joomla website. We will re-discuss them concisely (and a bit differently) in this section…
- Always have the latest Joomla version for your website: This is a very good practice, since usually the Joomla people fix some important security issues (as well as functionality/performance issues) in the latest version. However, don’t jump to adopt the latest released version – wait a few months until others test it.
-
Ensure your Joomla version is not available to the world to see: Hackers/spammers exploit your Joomla website based on its version. If you hide the Joomla version of your website, you will make their job a bit harder.
-
Do not install extensions that don’t look trustworthy: Only install high-rated extensions by reputable developers. Note that paid extensions are not necessarily safer or more robust than free extensions.
-
Always update your Joomla extensions to the latest version: Outdated Joomla extensions are popular targets for spammers and hackers. It is necessary that you update your Joomla extensions to the latest version, as latest versions always have security/performance patches.
-
Don’t rely on Joomla’s built-in security – install security extensions: There are many reliable security extensions for Joomla. Choose one and install it (just ensure that the one you’re about to install doesn’t conflict with the functionality of your website).
-
Change the defaults in your configuration.php file: The configuration.php file in your Joomla website’s root directory has many default values that should be changed, including the following: $secret and $dbprefix (the latter is also referred to as the table alias).
-
Give only write permissions to files/directories that need to be written by the outside world: Ensure that your template files, your configuration file, your .htaccess file, and all Joomla core files are given the 444 permission (which just gives read permission to every group).
-
Your passwords shouldn’t be the same forever: Most hacked websites suffer from a common problem – the passwords of these websites (and the services related to these websites such as MySQL, FTP, etc…) are never changed. Change your passwords often, and make sure that your passwords are strong!
-
Block malicious code from being uploaded to your website: Malicious code uploaded to a website should be the #1 worry of any Joomla administrator. You should block malicious code from being uploaded by filtering HTML and removing all JavaScript tags. In short, people should only be allowed to upload pure text (no HTML, no JavaScript). Also, ensure that the directory where people upload files to has no execute permissions (otherwise, they can upload a malicious PHP file and execute it on your server).
-
Check your website by running 3rd party scans: There are many tools available on the Internet that will scan your website for security issues.
-
Ensure that your environment is clean: Your hosting environment should have the latest version of everything: Apache, PHP, MySQL. Additionally, you should, if your budget affords it, have your Joomla website run on its own dedicated server (especially if it’s your main business).
-
Read the logs: Your website logs are created for a reason – so that someone can read them. Check the logs to see any suspicious activities on your website.
Important performance tips for Joomla
Some of the security tips above (such as reading the logs and updating your Joomla website and its extensions) have a positive effect on the performance of your Joomla website. In addition to that, here are some other tips:
- Ensure that all the tables are optimized: Check all the tables in your Joomla database and ensure that all the fields are optimized. E.g. the fields are the correct type (for example, a field that is only 0 or 1 doesn’t need to be an integer, it can be a boolean), and that fields that are used in search queries are indexed.
-
Check your slow query log: The slow query log can reveal serious bottlenecks that are chocking your website. By checking your slow query log you’ll be able to determine which queries are slowing down your whole website. This comment on one of our previous posts states that the person had a query that was taking 30 minutes to be executed – we’re sure that he used the slow query log to find that query.
-
Clean your Joomla website directory: Your Joomla website directory should only contain Joomla core files, configuration files, extensions, and user uploaded data. It shouldn’t contain test files or test directories (or even backup files). Ensure that this directory is always clean.
-
Clean your database: Ensure that the database for your Joomla website has only Joomla related tables. Also, remove all test data/obsolete data from your tables. (We know, it’s a very tedious job. But it can do miracles to your website’s performance).
-
Completely uninstall extensions that you’re not using: You’ll be amazed how many things are done when a page on a Joomla website loads. Ensure that only the necessary things are executed when a page is loading, by removing all unnecessary extensions (especially plugins).
-
Optimize Joomla’s core code: Joomla’s code is very generic and it’s most likely overkill for you own website (there are many conditions that are executed that are never relevant to your website). You will definitely see a performance gain if you optimize Joomla’s core code to fit your own needs, as well as the extensions that you’re using. However, it is important to know that once you tweak Joomla’s core code, it’ll be impossible for you to move to another Joomla version smoothly. You will need to hack the Joomla version that you’re moving to as well… In addition to that, you will need to have some very good programming skills in order to tweak Joomla’s core.
-
Optimize your template: From our experience, Joomla templates (whether paid or not) are usually not very optimized. This is because they’re written by non-programmers or by weak programmers. Optimizing your Joomla template usually optimizes the performance of your Joomla website.
Important general tips for Joomla
Here are some general Joomla tips that will just make your Joomla website better and more versatile.
- Read the documentation that comes with your Joomla template: Almost every (complicated) Joomla template comes with documentation on how to install it. For some reason, most Joomla administrators don’t read it, and that’s why the template doesn’t work. Reading the instructions that came with the template will save you a lot of time and headache later on.
-
Check extensions for “free” links: Some developers, even those developing paid extensions, think that they are entitled to place a “free” link to their website on your Joomla website in return for you using their extensions. We think this is wrong, and it will negatively affect the SEO of your website especially if a lot of “bad neighborhood” sites are linking to the developer’s website (which tends to be the case almost all the time). Check the code of these extensions in order to remove these links.
-
Ensure polymorphic paths are used: Some extensions use only http paths when including some files (images/css/js). This is wrong. The path to any file should be polymorphic, in other words, it should change to https under https mode, and to http under http mode. Note that the use of non-polymorphic paths is the main cause of VirtueMart errors on checkout.
-
Use SSL only when needed: Only use SSL on checkout pages – other than that, use normal http. The reason of this is that there is some overhead associated with using SSL, for both the client machine and the server.
-
Ensure that the order of the plugins is correct: Generally, cache plugins should be executed last, and before them SEO/SEF should be executed. All other plugins should be executed first. However, you may need to tweak that order depending on the plugins.
-
Use caching wisely: Ask any programmer, and he’ll tell you that caching, in Joomla, is a necessary evil. Ensure that you only use caching where there are significant performance gains. Menus and other interactive modules should not be cached (you can disable caching at the module level).
We know it’s hard to implement the above especially if you don’t have any programming experience, and that’s why wer’e here to help. Also, if you want continued maintenance of your Joomla website, then check our Joomla maintenance package. It’ll ensure that your website works and performs as it should – all the time! Oh, and it’s very affordable!