Introduction

Joomla!, a very popular Content Management System (CMS), is as you may know an easy-to-deploy-and-use content management system. This ease of use has lent itself to rapid growth of both the CMS and extensions for it. You can install it on almost any host, running Linux or Windows. This highly versatile software has found itself in such lofty places as large corporate web portals, and humble places such as the simple blog.

All of these share a common thread. They exist on the Web, which is one of the most lawless places on the planet. Every day the "bad-guys" are out pacing the good guys—and for a good reason. An ordinary user, who wants a powerful and yet an easy-to-set-up website might choose Joomla!. He or she is not a specialist in security, either good security or bad security. He or she is merely a target to be taken down. While Joomla! itself is inherently safe but misconfigurations of the CMS, vulnerable components, hosts that are poorly configured, and weak passwords can all contribute to the downfall of your site.

You will need to ensure that your copy of Joomla! is original and not compromised. Once you install it, you will need to check a few key settings. And lastly, we'll establish the permission settings of various files and folders. The intent of this chapter is to get you prepared to have a good, solid setup before you go live. So let's take a detailed look at the following: