jomDefender Joomla Security
Give your Joomla site the protection it needs from hackers
Protect your Joomla website from devastating hacker attacks with jomDefender: ‘corePHP’s’ powerful security plugin that shields your website from hackers.
Each day, Joomla websites all over the world come under attack from ruthless hackers who deface front pages, delete critical data, upload malicious viruses, and steal sensitive customer information. Sadly, most hacker attacks cost owners dozens of hours and hundreds (sometimes thousands) of dollars to repair--if the damage can even be repaired at all.
Don’t let this happen to you!
Our jomDefender plugin patches the most common vulnerabilities found in Joomla and adds extra protective layers to your Joomla website to keep it safe from attack. It’s easy to install, easy to configure and even easier on your budget.
Get peace of mind now and grab your copy of jomDefender today for a fraction of the cost of what you would pay a security consultant to assist you. Don’t wait until it’s too late!
The truth about Joomla security
You want to know the cold, hard truth about Joomla security? The fact is, most Joomla hackers are just casual hackers. They really don’t want to work too hard to gain entry to your server, and honestly, most hackers don’t have to do much. They simply scan your website looking for known identifiers that tell them your site is running Joomla. And once they know this, they will run pre-fabbed hacker scripts to help them gain entry.
jomDefender keeps your Joomla applications secret and prevents attacks by letting you remove all known Joomla identifiers from your site via a few, simple backend parameters edits.
jomDefender also protects your site with additional security features such as an extra admin login screen (makes hackers guess two unique admin passwords instead of one), front end & backend IP ban/blocking, and so much more.
We've even added a bonus feature in jomDefender that lets you find the best configuration for your website to optimize its page-load time.
Here are the customizable jomDefender parameters at a glance...
Plugin Parameters view
Remove template positions code, ‘?tp=1’
It’s possible for attackers to determine that a website is running Joomla! simply by appending this variable, '?tp=1' to any URL on your website. jomDefender lets you easily disable the ‘?tp=1’ string in its backend without affecting your website’s performance.
Remove generator tag
Some Joomla! templates will add a generator tag to the HTML of a page that attackers can easily identify as coming from a Joomla website. jomDefender lets you disable this without affecting the performance of your website. Only available for Joomla 1.5 as Joomla 1.6+ has it by default.
Remove word Joomla!
Remove HTML white space
This option will remove all of the white space from an HTML page, just in case hackers want to take a peek at your html. This feature makes it harder for hackers to quickly scan your html looking for any Joomla references. This doesn't affect the frontend view of your Joomla! page, but it will be harder for attackers to view your code if this option is turned on. Frustrated hackers will move on to other websites if they cannot quickly find what they are looking for on your site, and this feature will certainly trip them up.
Remove Joomla! PHP header
Login/Logout CSRF prevention
This feature will check the referrer that the browser sends to the server. If the referrer does not match the domain of the current server the login or logout operation will be stopped. This will prevent unauthorized users from logging users in or out of your site wihtout their knowledge.
File integrity checks
When enabled you will need to set up a cronjob to run on the background. When the cronjob is ran, jomDefender will go through all of the files in your Joomla installation. It will check size, ownership, permissions, last modified time and file checksum, all this information is stored in the database. Each time the cronjob is ran it will check the files for any differences. If any file is different than previously checked, an email will go out with information to the administrator. This information can be used to alert of any hacked files or new files in the system.
Add a new Admin password prompt
This option adds a secondary level of security before accessing the admin login form. This masks the fact that your site is running Joomla! and forces attackers to "brute force" not just 1 password..but TWO passwords if they want to gain unauthorized access. Remember, a frustrated hacker will move on to easier targets.
Allow/Deny IP addresses to the back-end/front-end of your site
Deny or allow IP address to the back-end, the front-end or both. This option will block specific IP addresses from accessing certain parts, or even all of your website.
Disable plugin functionality
If you forget your admin password or accidentally block your own IP, you can disable the jomDefender plugin long enough to get back in.
This feature will allow you to cache the changes that the plugin makes on your Joomla! pages.
Page execution time display
This feature simply allows you to test the exact time it takes for your website to load. This will help you determine the best configuration to speed up your Joomla! website.