Welcome, Guest
Username: Password: Remember me

TOPIC: Security of Joomla site in locked sub-folder

Security of Joomla site in locked sub-folder 2 months 2 weeks ago #8270

  • princessfiona
  • princessfiona's Avatar
  • Offline
  • Junior Boarder
  • Posts: 36
  • Thank you received: 3
Can anyone tell me if it is save to archive an old Joomla site in a pass-word protected sub-folder of a live Joomla site? My concern is if the old Joomla site needs patching still even if it is in a password protected folder. In other words, is it safe to do this or am I still leaving myself exposed for being hacked?

Thanks in advance

PF
princessfiona
Co-convenor Canberra Joomla! User Group
The administrator has disabled public write access.

Security of Joomla site in locked sub-folder 2 months 2 weeks ago #8271

  • ozneilau
  • ozneilau's Avatar
  • Offline
  • Expert Boarder
  • Posts: 83
  • Thank you received: 10
Assuming the site is not compromised to start with, then it's unlikely anyone would discover the site or know it's there so I'd say it would be reasonably safe. Remember to disable Google Analytics etc so that Google does not become aware if it's existence.

If the main site is compromised, then it might still spread to the archived site.

Some web hosting companies may flag a Joomla 1.5 website they find installed on their servers and ask you to upgrade or remove it.

I still have a few Joomla 1.5 stragglers under my care and these seem to be unmolested in the meantime but I do have both of the Joomla 1.5 EOL security patches installed on all of these.
Webilicious Web Design and Development
webilicious.com.au
Last Edit: 2 months 2 weeks ago by ozneilau. Reason: Add Google Analytics tip.
The administrator has disabled public write access.
The following user(s) said Thank You: princessfiona

Security of Joomla site in locked sub-folder 2 months 2 weeks ago #8272

  • princessfiona
  • princessfiona's Avatar
  • Offline
  • Junior Boarder
  • Posts: 36
  • Thank you received: 3
Thanks for getting back to me ozneilau

That's a relief to know that there is no danger as is.

What if we want to provide a client access to those Joomla sites. Should be both to upgrade them? Is there a window of time that would be safe for them to view the sites??

PF
princessfiona
Co-convenor Canberra Joomla! User Group
The administrator has disabled public write access.

Security of Joomla site in locked sub-folder 2 months 2 weeks ago #8273

  • ozneilau
  • ozneilau's Avatar
  • Offline
  • Expert Boarder
  • Posts: 83
  • Thank you received: 10
Client access should be OK.

Ideally if you want to keep a Joomla website online, then Joomla and all third party extensions should be updated and maintained at the latest versions to minimise the risk of it being compromised.

In practice, there are no guarantees as a vulnerability could be discovered and not immediately patched with any version of Joomla or third party extensions including the latest versions.

There are other things you can do to minimise the risk such as running regular backups and copying the backup files off-site. See joomla.stackexchange.com/a/180 for more details.
Webilicious Web Design and Development
webilicious.com.au
The administrator has disabled public write access.
Time to create page: 0.037 seconds
Powered by Kunena Forum