Summary

We spanned several topics here in this chapter, all aimed at establishing both a good security baseline for your site, and a quick look at managing security metrics. In this chapter the necessary php.ini and .htaccess settings were covered, and a good planning tool to lay out your site for installation on the properly chosen host was discussed.

It cannot be stressed enough that following these steps will not only help you to have great uptime, but it will also secure the door well enough to keep all but the highly motivated from breaking in. Remember NO server is 100% secure, if you want a 100% secure server, turn it off, remove its power cord and network cable and stick it in a locked cabinet, and it is not a matter of IF you will be attacked and possibly penetrated, but when.

What can you do after having done all this? Create a good disaster recovery plan. A great place to start is the author's Disaster Preparation book Dodging the Bullets—a Disaster Preparation Guide for Joomla! Web Sites.

The nature of physical security was touched upon as it is frequently ignored.

Next, we will discuss setting up a successful test and development system to ensure good security.