Joomla community powered logo

Site Slogan


All articles of this category belong to the security part of a Joomla site. The articles are targeted to beginners as well as to advanced site administrators who want to get additional knowledge. To server our audience, we have provided tags to our manuals to indicate the expertise level.

After installing a Joomla site with the default setup, a lot of sites want their users to be able to register. However, there are a couple of caveats when activiting user registration using the default Joomla settings.

As more and more threats from the internet try to hack your website, I collected a lot of useful Joomla hardening information around the web and brought them together in this article

Showing your visitors you care about their security is always a good idea. This small article will explain how you can configure this setting in the Joomla Global Configuration in 1 step.

Although you may think it's not that easy to find out what CMS or technology your site is running on, if it's not really hardened with specific trics, it's quite straightforward to find out what CMS your site is running. So make sure you follow up the possible problems you can get and take your responsibility to update vulnerable components

It's fairly easy to find out what's the engine (CMS) behind your website by default, but with only a couple of extra lines of code you can make it impossible for unskilled script kiddies to find out what's under the hood.

There are lots of monitoring sites available to check if your site is running the correct way. If you use these monitoring sites on a regular basis, a change in answer times or performance evaluation can show you immediately that something is going wrong. A few of the tools I personally use are

Only a limited number of well chosen extensions can make your life as a Joomla webmaster much easier

Joomla is well equiped to configure it as a very safe en secure environment. Although it's quite safe out of the box, you better make a couple of configuration adaptations to make it even harder for would be intruders

If your website runs on Apache (as is the case for almost 60% of all sites worldwide known, we have found a couple of interesting configuration adaptations which can help you harden the Apache part. Other servers can have equal configurations, but we will limit ourselves to Apache only.

2FA   Clef   Administrator Login Screen tmbOne of the non-core Two Factor Authentication possibilities in Joomla is implemented using the Clef 2FA. In this article, we will explain what extension to use, how to install and what extra steps you have to take to make it visible and usable all over your Joomla site.

In Joomla, we have a couple of 2FA implementations we can choose from. Some of them are part of the Joomla core, others are written as extensions.

2FA - First Aid Kit - 2FA error logging in to Joomla tmbnlTwo Factor Authentication or 2FA is a very good extra security layer for your site, but what if things go wrong and you cannot enter your site anymore as an administrator?




In all installations where software is involved, things can go wrong or don't work as expected. 2FA is no exception to this rule but we provide a solution for all of the cases where we have found out how to solve it.

After you have activated at least one of the 2Fa plugins, your login screen has changed.

Before being able to use 2FA, every user will have to set it up for him or her self. Depending on the access one has to the site, (s)he can configure the 2Fa feature using the back end or the front end. This article explains how to enable it using the back end of the site, both for Yubikey and Google Authenticator.

Before being able to use 2FA, every user will have to set it up for him or her self. Depending on the access one has to the site, (s)he can configure the 2Fa feature using the back end or the front end. This article explains how to enable it using the back end of the site, both for Yubikey and Google Authenticator.

How do you make it possible for your website users to start using the 2FA possibilities? Simple: just enable the plugins so the users can start configuring their logins. But what plugins have to be enabled and how do you do that?

If you want to use your Google Authenticator code generator, you have to configure it with the data provided by the application or site you want to approach using the Two Factor Authentication. In this article, we will describe the setup for both Windows and Android devices using the code generators as described in our article about this topic. As this site is focused on Joomla, we will describe the setup of the applications linked to the Joomla 2FA.

To use Two Factor Authentication using Google Authenticator, you will have to install a code generator to generate your secret key. In this article, we elaborated 2 key generators (each on their own platform) which can be used for Joomla Two Factor Authentication - Google Authenticator.

There are couple of different solutions to protect your website from being hacked, and a lot of free and commercial extensions are available. However, before we dive into the details of all these possibilities, we need to know the very basics of a system to be secured with two factors (the so called Two Factor Authentication).

NOTE! This site uses cookies.

If you do not change browser settings, you agree to it. Learn more

I understand


To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.

What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?

A number of our pages use cookies to remember:

Also, some videos embedded in our pages use a cookie to anonymously gather statistics on how you got there and what videos you visited.

Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended.

The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.

How to control cookies

You can control and/or delete cookies as you wish – for details, see You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

You can find the full EU privacy guideline by clicking on this link