Joomla best-practice and security audit tool released

watchful Site AuditWe are excited to finally announce the public release of our latest tool for Joomla — the website audit!

The audit tool has been through months of internal testing and 4 weeks ago was released privately to our beta testers. On Monday we silently released it to the public in preparation for our 3rd birthday celebrations.

A brief overview of the Audit tool is shown in the video below:

 

The Audit currently performs 4 main functions.

1. Joomla configuration and best-practices detection

This part of the audit scans for many of the well-known Joomla best-practices such as:

  • Removing administrator with known usernames
  • Using strong passwords for Joomla users and for your database
  • Disabling guest user registration
  • Using random database prefixes
  • Disabling Magic Quotes and Register Globals

In total, 22 items are checked in this section.

2. Joomla Filesystem Integrity

This part of the audit scans checks of any of the core files distributed in the Joomla core package have been hacked.

3. File & Folder Permissions 

This part of the audit scans every file and folder in your Joomla installation to make sure the permissions are safe. 

4. Deep Malware Scanner

Unlike our long-available surface malware and blacklist scanner, the Malware Scanner in the Audit is a deep, inside-out scan that looks for common malware signatures and suspicious code. 

Try it out

All Watchers can start using audits today as long as they have updated to the most recent Watchful Client. The Start Audit button is located in the drawer for any site in the Tools area while the list of audits can be found in the Insights area.

Audits are easy to perform and usually take 2-3 minutes.