Security Tips

Almost all of you still use admin as the master account... I don't and I hope Joomla 1.6 will make you specify a username during install.

That being said I login and make a brand new super admin, log out, log back in with that new user, go into user manager, and make admin a registered user and then disable the account.

The next security measure I make is I get my hostmask (im comcast customer)  .*.comcast.net is my hostmask... I am about to have business class services installed in my home so it will be a static ip as static ips will work for my next trick...

<Limit GET>
Order Deny,Allow
Deny from all
Allow from .wa.comcast.net
Allow from .sbcglobal.net

</Limit>

Put that into an .htaccess inside the administrator directory (replacing my hostmask with your own) and it requires anyone to have access to www.joomlamafia.com/administrator to have to have the same ISP in the same state as i, and the other location I work from have their ISP... and if I want access i have to first ssh/sftp into the site and edit the .htaccess to add in another ISP if I was out of town like I was this past week staying at a hotel.