Joomla Security Audit

Posted in Security

These are the security areas we audit for your Joomla site:

Joomla Version

  • Changes to Core Joomla Files
  • FTP Configuration
  • Site Globals
  • Distributed robots.txt File Modifications
  • Joomla Cache Configuration
  • Joomla SEF Configuration
  • Your Favicon
  • Joomla Log/tmp Folder Locations
  • Default Joomla Templates
  • The Debug Mode
  • Template Module Position Preview
  • Configuration.php
  • Reporting Extension Updates Available
  • Protect Joomla /administrator/ Url
  • Gzip Compression
  • Error Reporting
  • $live_site Configuration
  • Cookie Domain/path
  • Session Lifetime
  • Joomla Global Email Configuration
  • SMTP Mail Credentials & FTP Access
  • FTP Credentials


Folder Permissions
Paths With Hidden Folders
Installation Folders
Uploaded Tmp Install Folders
"tmp/log" Folders


  • Suspect/Malicious Content In Files
  • Files Modified In Last Three Days
  • Multiple .htaccess Files Located In Webspace
  • File Permissions
  • PHP Error_log Files
  • Hidden Files
  • Locate And Review Archive (Zip, Tar.gz, Etc...) Files
  • Locate And Review Files Over 2Mb Size
  • Remove Unneeded Joomla Core "fluff"
  • PHP Files Should Not Be In Certain Folders

User Accounts and Access

Server Environment

  • PHP Version Number
  • PHP Safe Mode
  • PHP Display Errors Configuration
  • PHP Register Globals
  • PHP File Uploads
  • PHP Magic Quotes
  • PHP Session Path
  • Use Of PHP Disabled Functions