Add security on your Joomla administrator access. If you have Secure Sockets Layer(SSL) on your website just don’t use it on your shopping carts and forms, use it also with your Joomla administrator log-in. This way you are assured that you are entering your log-in information for your Joomla admin access on a secured connection. Other way to strengthen your Joomla admin access is to have a complex username and password. Always combine symbols, numbers, letter and atleast 6 to 10 characters. To make sure Joomla! administrator log-in is on a secure connection.
In administrator/index.php, immediately after the line that says:
define( ‘_VALID_MOS’, 1);
Add the following:
//Redirect to https if accessed over http (except when running locally)
if ($_SERVER['SERVER_NAME'] != “localhost”)
{
$port = $_SERVER["SERVER_PORT"];
$ssl_port = “443″; //Change 443 to whatever port you use for https (443 is the default and will work in most cases)
if ($port != $ssl_port)
{ $host = $_SERVER["HTTP_HOST"];
$uri = $_SERVER["REQUEST_URI"];
header(“Location: https://$host$uri”);
}
}
Logging out and returning to http: In administrator/logout.php, look for:
// return to site homepage mosRedirect( ‘../index.php’ );
Change it to:
// return to site homepage mosRedirect( ‘http://www.yourdomainname.com/index.php’ );
Disclaimer: This hack is not guaranteed to work on every server configuration or Joomla installation. Use of these hacks is entirely at your own risk!
