There has been a rash of brute force login attacks on not only WordPress blogs and websites as discussed in the previous post, but also Joomla websites. Of course we would say a great solution would be to switch to UltimateWB software, and fast! But, if you are determined to keep your website on Joomla for now, there is one thing you can do after you clean up all the files and reupload a fresh copy of the CMS – restrict the ips that can login to your Joomla website admin panel.
Here’s how to do it:
Add these lines to your existing Joomla admin directory.htaccess file, or create a .htaccess file if you don’t have one yet. This example limits ips to Joomla’s admin section. The file “index.php” can be modified to any file that may be at risk of being targeted for brute force attacks.
Joomla Admin .htaccess Location: /joomla-directory/administrator/.htaccess file:
/httpdocs/administrator (root directory installations)
Lines to add:
Allow from 220.127.116.11 (replace with YOUR IP)
#Allow from 18.104.22.168 additional lines can be added from multiple IP access
#Deny from all
This should protect your Joomla admin section and only allow specified IP(s) access. You can also duplicate this code and modify it to protect other files on your account.
Easy! Contact us if you have any questions, or post a comment here.
**Make sure you have removed any “backdoors” on your Joomla website, inserted by the hacking. Follow the similar instructions provide here for WordPress websites/blogs: https://www.ultimatewb.com/blog/429/wordpress-website-hacked-how-to-fix-it/