News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Joomla & Virtuemart security for a first timer

Started by furnaps, January 13, 2014, 19:46:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

furnaps

January 13, 2014, 19:46:24 PM
I am opening an online store to sell antiques using Joomla & Virtuemart. Thing is I am teaching myself as I go, I have messed around with joomla before and made personal sites but I've never made anything that I really cared about keeping safe. So I have no idea if there is anything I need to watch our for or make sure I do to keep my site safe..

Using Joomla and Virtuemart are there any security tips you can give me? Are there certain things I need to do once I install joomla or virtuemart to increase security? I plan on using only paypal for payments do I need a SSL?

So far all I have done is install joomla and Virtuemart and I have been trying to get the layout of the site correct but I need to know if there is anything I need to do security wise.. Like folders permissions? or anything..

Thanks

jenkinhill

#1
January 13, 2014, 20:06:47 PM
If you are on a good host then directory file permissions should be OK, 755 for directories, 644 for files (I also ensure I use 444 for config files). Important to keep up to date with security bulletins & update releases. See http://forum.virtuemart.net/index.php?topic=118683.0

You do not need an SSL if you are sending the shoppers off to PayPal to pay, although some like to install SSL for checkout and anywhere that the customer enters/edits their information.

I usually use Akeeba Admin Tools to make it more difficults for hackers to reach the site backend.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

furnaps

#2
January 13, 2014, 20:34:49 PM
I have joomla 3 installed should I switch to 2.5 before i put to much work into the site? I would assume 3 would get more updates but I see so much more for 2.5..

Also Im on Bluehost I would think they are a good host they are well known and reputable.

jenkinhill

#3
January 13, 2014, 23:25:00 PM
VirtueMart 2.0.x is not for use on Joomla 3 which is not yet in final long term release version. So use Joomla 2.5.17 at the moment. I know nothing about Bluehost.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

AH

#4
January 14, 2014, 00:32:43 AM
Just in case you fail to lock everything down:-

Keep a Backup of your files just in case you ever need to restore them

I use Akeeba backup for this, however I do not use Akeeba for restores, preferring to do this manually.

Backup your database frequently (A couple of times a day is a good place to start for a slow site).

Store backup data away from your server

Use CRON jobs to automate the process of database backups


Practice restoring your files and database on a local test server  - so that if you need to do it in the future you will not have to learn when you are under most time pressure (that's a bad place to begin your learning!)

Have a local backup site you can "experiment" with - especially for testing upgrades of VM for testing BEFORE applying to live site.

Regards
A

Joomla 4.4.5
php 8.1

furnaps

#5
January 14, 2014, 11:34:30 AM
Well I'm doing this for my father but now he wants an auction site instead of a store.. I tried telling him that I don't think its a good idea as ebay has a grasp on everything auction related but his point is that its a niche market we are only accepting auctions for a certain category of products.

Would be nice If I could have a joomla site with Virtuemart & auctions incase the auction stuff doesn't work out. Is there a way to say for example have Joomla, Virtuemart and Auction factory and have it set up so users only have one loggin across everything?

Also using Joomla 2.5 when 3.2 or 3.x gets more popular how hard would it be to switch a site from 2.5 to 3.x?

I like the Local test server idea also just not sure how I would go about doing that with mysql databases etc.. I have a laptop that maybe I could dual boot to use as a server also..

Thanks,

Milbo

#6
January 14, 2014, 18:19:34 PM
Your father is right.

We have already a version which is besides the jquery already running on j3.2. From security point is j2.5 "safer". We advice to install a loginguard, blocking the access for IPs with too many failed logins.

From the virtuemart point of view, you have to update vm to vm2.1 at least to have it running on j3. The update process is already in testing phase. You may can start directly with a vm2.1 if you are eager to be on the edge.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

AH

#7
January 14, 2014, 19:00:11 PM
furnaps

you do not need dual boot for local server for your testing

Use xampp, I, and many others that do not yet have their own local servers, have been using this for years and it gives you what you need - :-)

http://www.apachefriends.org/en/xampp-windows.html
Regards
A

Joomla 4.4.5
php 8.1

Milbo

#8
January 14, 2014, 22:06:04 PM
yeh, or better directly check here to setup a local virtuemart as playground http://dev.virtuemart.net/projects/virtuemart/wiki/Setting_up_a_Development_Environment
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/
Print
Go Up Pages1
User actions