How to Secure Your Joomla Site During Installation

Joomla logo and a locked www

Keeping your Joomla website from getting hacked isn't hard. However, there are some critical basics that you simply must get right first.

In this tutorial, you will learn how to make your website safe during Joomla installation.

Protecting your Joomla site from hacking may not be hard when you do the basics right. Security of your Joomla site starts with the three main things:

  1. Your computer.
  2. Your web hosting.
  3. Your initial Joomla installation.

Security Basic #1. Your Computer

You want to make sure that your own computer is virus free. For those using Mac, this is not much of a deal. But if you use Windows, make sure your anti-virus is up-to-date and the computer that you are using is clean of viruses.

If you have a virus on your computer and you use FTP, it is possible that someone could steal your username and password.

Make sure you take care of these things first off.

Security Basic #2. Your Hosting

Next one is the hosting that you choose. You can find some of the good hostings we recommend at

Some of the things you want to look for are:

  • Good support.
  • The ability to set your own PHP version.
  • The ability to use SFTP instead of the plain FTP. This is especially true if you tend to work on your site in public areas.

You want to make sure your host is up to snuff.

Security Basic #3. Your Initial Joomla Installation

One of the areas where you'll see this issue of good hosting straight away is when you go to install Joomla.

Whether you use a one-click install or a manual install, you want to make sure that your Joomla is happy with your web host. I am going to show you how to make sure of that in just a moment.

Admin Username

Take a look at Joomla installation screen.

The first thing you want to think about when it comes to your Joomla security is how to properly set the "Admin Username".

admin username

This is the username for your Joomla Super Administrator user account. Using "admin" here is never a good idea.

If you are going to use this account to post articles on your site, and you want to use your first name, that's OK but, once again, probably not the best idea.

It's good to have a name for your Super Administrator account that is very secure.

It must be a password that you don't use to update your site content. This way you can keep the more simple username, like your first name.

Admin Password

Make sure your Joomla password is extremely secure. There are many password generators available you can use.

The admin password here is probably the most critical thing.

admin password

One thing you need to realize about passwords: a six characters low case all letters password like steven, for example, can be cracked instantly by a computer that is designed to do that.

03 instantly

In comparison, a twelve character password that is a combination of upper and lower case letters, numbers, and special symbols, like $1£vE#k8T(x), for example, will take 34 thousand years to crack.

34 thousand years

Click Next.

Secure Database Details

Next thing you want to make sure is that you have a secure username, password and database name for your Joomla website. They are usually set up in your CPanel if you install Joomla manually.

If you install it with a one-click install, your web host will take care of this for you.

Another important thing for your Joomla site security is your Joomla database prefix.

05 database prefix

Joomla generates it randomly during installation. If you wish, you can edit the prefix manually to make it harder to guess. Just in case.

Your Server Configuration Settings

When you click Next, you come to the Finalization screen. What is absolutely critical is the section at the bottom.

06 final checks

If anything is in red here, stop, talk to your web host, and get it fixed. This is not something you should ignore. Especially, when it comes to your PHP version, Magic Quotes, Register Globals, Safe Mode and Magic Quotes.

All of these are very important for the security of your website. Once again, if any of these settings are in red, stop and ask your host to fix them for you.

Don't install Joomla hoping to fix them later. Make sure your host fixed them and then resume your Joomla installation.

Once your host fixed those settings, click Install to continue installation.

Those are some of the things that you'll need to make sure that you get right. Installation - is the first step in making your Joomla site secure.

Additional Reading

What's Next

Subscribe to Joomlashack Univerisity and watch the "Joomla 3 Security" video class to get more tips.

You will learn:

  • How to update Joomla!
  • How to update the extensions you have installed.
  • How to backup your site.
  • How to keep it safe with Admin Tools.
  • You'll also get some tips on what to do if your website is hacked!