Joomla! Community Magazine™

At a quarter past midnight, just when I went to bed, I decided to check my email. I was away in the Ardennes (Malmedy, Belgium) with a few work friends.

With 4.2, we now have a new way to authenticate our sites. Two-factor Authentication has grown outdated with many new authentication methods arriving, so along comes Multi-factor Authentication (MFA).

What makes a website a target of attack?  Is your website a potential target?  Do you know if your website is being targeted?

Joomla 3 has been around for a long time. It is easy to forget how successful the series has become and how much it has evolved over the course of the minor versions.

As it approaches its final year as a mature, stable version of Joomla, it is about to enter its security support phase.

Following on from last month's article about security, passwords, and Joomla’s WebAuthn plugin this month, we’re going to look at another Joomla security feature that launched with J4. That is the HTTP Headers plugin which is now included as part of Joomla’s core functions.

Have you noticed there’s a new Web Authentication button on the new Joomla 4 login screens?

It's there because of Joomla’s new WebAuthn API that allows secure logins with a FIDO certified key. So, let's take a dive into passwords, security, and WebAuthn, and find out how to activate it on your user account in Joomla 4.

Content Management Systems are what you choose when you are not willing to build and to administrate a whole new front and backend for a website and if your content creators are not familiar with developing source code. While running your Joomla CMS there could come new demands in the matter of functionality or design from you or your users. The fast and easy way is to install a plugin that will do the magic. But that may lead to new vulnerabilities in your system. In particular, file uploads are a possible attack vector. In this article, we will talk about vulnerabilities through files and plugins.

Joomla Content Management System (CMS) is widespread on the internet due to its ease of use and popularity since it is the second-largest CMS downloaded over 110 million times. But, even though popular, Joomla and all other websites, apps, eCommerce sites, or other CMSs contain security risks. You cannot escape them but fortunately taking the right precautions from the start can ensure your site is protected.

In June 2020 Google published an article called “Protect your resources from web attacks with Fetch Metadata” on web.dev. It's a new set of request headers to protect your site against common attack vectors for web applications.

A Joomla 4 security feature

Joomla! 4 introduces a plethora of new and exciting features. While most of them are very visible, giving you new ways to build and use your sites more easily, there's an abundance of features designed to enhance the security of your site. Today we'll be talking about WebAuthn, a feature that has the unique distinction of belonging in both categories: it makes your site login more secure and easier at the same time.