Joomla! Configuration

RSFirewall! checks for the following settings in the Global Configuration:

By enabling SEF in your Joomla! Configuration your website will not be vulnerable to Google searches. An attacker could search on Google for a vulnerable extension (by using the syntax "inurl: option=com_dummy") and target all sites that have it installed.

To enable SEF, go to System > Global Configuration > Site and take a look on the right - you will notice a fieldset called SEO Settings. Here, you must set Search Engine Friendly URLs to Yes.

If you setup your session lifetime too high, you will be vulnerable to prying eyes. It's recommended to keep a lower session lifetime so it will expire early in case you leave your computer. We recommend at most 15 minutes.

To change your Session Lifetime, go to System > Global Configuration > System and take a look on the right - you will notice a fieldset called Session Settings. Here, you must set Session Session Lifetime to at most 15 minutes.

If you store your FTP password in the Global Configuration you leave your FTP exposed. Anyone who can access the Global Configuration will be able to retrieve your password and access your FTP account.

To remove your FTP password, go to System > Global Configuration > Server and take a look on the left - you will notice a fieldset called FTP Settings. Here, you must remove the password from the FTP Password textbox (only appears if Enable FTP is set to Yes).