jHackGuard is designed by SiteGround to protect Joomla websites from hacking attacks. Just add it to your Joomla and it will be safe against SQL Injections, Remote URL/File Inclusions, Remote Code Executions and XSS Based Attacks!

This plugin has been successfully used by SiteGround customers during the past few years. Now we make its latest version public, so that you can easily protect your Joomla site. All you need to do is to install jHackGuard and enable it – no additional configuration needed!

On this page you will find detailed information about:

• jHackGuard Installation
• Advanced jHackGuard configuration
• Additional Information

jHackGuard Installation

The SiteGround Joomla Security Plugin can be installed in the same way as every standard Joomla extension.

First, the extension package should be downloaded on your local computer. In order to do this press the Download button above and follow the instructions.

If you are installing the extension to a Joomla 1.5 site go to Extensions -> Install/Uninstall page. If you are using the Joomla 2.5 (or the older 1.7/1.6) click on the Extensions -> Extension Manager menu.

In this page, click on the Browse button and locate the extension package on your local hard drive. Then click the "Upload File & Install Button". The plugin will be installed and added to your Joomla application.

Last, go Extensions -> Plugin Manager page. On it locate the jHackGuard plugin and click on "enable" icon next to it. This will activate the plugin.

For more information on how to install the extension check our Joomla 1.5 and Joomla 2.5 tutorials depending on the version you are using.

Advanced jHackGuard configuration

The default rules of jHackGuard have been preset by our Joomla specialists, based on their experience in fixing a huge number of different Joomla websites vulnerabilities. We recommend the use of the default rules for best plugin performance.

However, if you want to make specific changes to its settings, you can do this from the Plugin Manager page in your Joomla Administrative area. Once there, click on the Secuity - jHackGuard Plugin label to enter its settings page. The configurable parameters for the SiteGround Joomla Security Plugin are separated in several groups:

• Logging options
• Log file - Here you can enter the file name where the logs about the plugin activities will be kept. The default file name is jHackGuard-log.php. It is stored under the logs folder.
• Enable Logging - You can decide whether the plugin activities will be logged

• Data Streams
• Filter $_POST - Filters variables coming from the HTTP POST method.
• Filter $_GET - Filters variables passed to the script through URL parameters.
• Filter $_COOKIE - Filters variables coming from HTTP Cookies.

• Filtering parameters
• Filter eval() - Filters the result of the evaluation of a string as PHP code.
• Filter base64_decode - Filters the result of the base64 encoded data decoding.
• Filter SQL commands - Filters the execution of SQL commands. This solution prevents SQL injection attacks.

• Advanced Parameters
• Allow_url_fopen - Disables the option to retrieve files from remote FTP or Web server. This solution protects your web site against code injections.
• Allow_url_include - Disables the option to include URLs in PHP requests. In this way your web site will be protected against Remote URL Inclusion attacks.

Additional Information

The SiteGround Joomla Security Plugin secures Joomla web sites by protecting them against different hacking techniques. It filters the data from the users' input and implements additional PHP security settings.

The SiteGround Security extension contains very advanced security / filtering options. It comes with a predefined rule set which works for most cases. Still, if you'd like to tweak it there are many options. Fortunately, it has a log and you can debug any unexpected behavior.

The SiteGround Joomla Security Plugin can be configured through the Joomla administrator area. The plugin is disabled for the authenticated administrators so that the filters don't prevent them doing administrative tasks.