Here is which extensions I use and why:
You can choose to use either one of JCH preset levels of optimisation or tweak the settings to your preference.
There’s a free lite version of JCH which does almost everything you need to or you can pay just $10 for further cool features such as CDN (content delivery network) support.
Basically, if you don’t use an extension like JCH Optimise then you’re putting yourself at a serious disadvantage in terms of your sites speed and therefore search engine rankings.
Opensource content management systems such as Joomla are sometimes incorrectly considered a security risk. The fact is, give a very powerful and easy to customise system to an inexperienced or lazy developer and you’ve got a recipe for security holes. As Joomla is free, this unfortunately happens far too often. It’s the individual implementation that can be the security risk, not the CMS. However, if the developer know’s what he or she is doing and takes the necessary precautions then you have a recipe for a very powerful and secure system.
AdminExile is a tool that you should install on every single Joomla site. What it does is very simple:
Normally, for an administrator to access the admin section of their Joomla site they would go to www.joomlawebsite.com/administrator. The issue here is anyone could easily just stick /administrator on the end of your sites domain and have access to your administrator login screen which presents two key issues:
A potential hacker can discover you have a Joomla site and then use a known exploit for Joomla to hack their way in
Now they have access to the login page they can attempt a brute force attack to bust their way into your site
AdminExile removes this risk by adding an extra parameter that you can specify to the end of your administrator URL adding an extra layer of protection. Your administrator URL becomes something like this:
If a potential hacker does try to access the administrator page and does not know your secret key, they’ll be forwarded to a different page of your choice which could be your homepage or even a 404 page.
AdminExile has additional features such as being able to restrict access by IP (useful if you will only access the site from one IP) and can restrict access if a password has been incorrectly entered more than a set number of times which will give extra protection against brute force attacks.
It’s worth noting that this alone is not going to make your security 100% bullet proof but it will add an extra layer of protection. If you really want to lock down your site then you may want to consider a firewall and restricting access by IP that way.
Why risk someone attempting to break down your door when you can hide the door in the first place? Especially when it will take you 5 minutes max to install and it’s completely free.
As already discussed, a hacker simply knowing your site is made with Joomla is a security risk in itself. This is not a problem specific to Joomla. Basically, as Joomla is opensource (as with Drupal, Wordpress et al) it means the core code is available for anyone to download and poke around with looking for security holes. This can especially be a problem if you don’t keep your site updated with the latest version.
So, anything you can do to hide the fact your site uses Joomla the better. Unfortunately, and in my opinion it’s about time this was removed, by standard Joomla adds this line to your HTML code:
<meta name="generator" content="Joomla! - Open Source Content Management" />
ByeByeGenerator quite simply removes this line of code.
And that’s all I have to say on the matter! Download ByeByeGenerator for free and very quickly remove a basic security issue.
Akeeba Backup is the one extension on my list that you will hear all Joomla people banging on about, and with good reason.
Backing up is an essential part of modern day IT and I would be surprised if they weren’t teaching it in schools these days. Actually I wouldn’t be surprised but that’s a different subject.
Your hosting provider might (rare with cheaper hosting) be providing backups of your files and database but can you honestly say you could quickly restore your Joomla site if something went terribly wrong?
This is where Akeeba backup steps in. It quite simply automates your backup process, produces wonderful backup packages which can then be quickly and easily restored to any Joomla hosting in a matter of minutes.
The added bonus is you also get a brilliant method for pushing changes from the local development version of your site up to live. Less messing around with databases, files and configurations - just create a package and let Akeeba Backup do the work for you.
Akeeba backup is free although you must pay for support, which seems pretty fair to me.