Peak Website Security

Protecting your website from hackers…

According to the 2016 State of SMB Cybersecurity Report by Keeper Security, in the previous 12 months hackers breached half of all businesses surveyed.

You don’t have to be one of them. Take proactive steps to repel the threat. PEAK Website Security sets your “deflector shields to maximum”!

Hacks on smaller websites are mainly attacks of opportunity. Attackers don’t target you personally, it’s more a matter of a coincidence. And smaller websites are often more vulnerable due to out-of-date software, poor-quality plugins, insecure passwords, misconfiguration, and/or bad hosting. You may not be a hacker’s end target – your hacked website may facilitate accessing other computer systems and people – such as your website visitors.

OK, so what can you do to protect your website!?

Internet security is a fast-moving challenge with new threats found almost every week. Google blacklists close to 10,000 websites a week for malware and flags over 20,000 for phishing. Make sure you’re not one of them. With PEAK Website Security you’re prepared to repel the threat.

It’s impossible to reduce your risk to zero, but you can drastically reduce it by taking appropriate precautions.

Our PEAK Website Security’s 12-point system uses best practices to keep your website safe.


Website Backups

Creating full website backups on a regular basis is cheap insurance in case a serious problem does affect your website. Many times when disaster strikes it’s easier to restore it from a working backup copy than attempting to find and fix the problem. A backup can be restored in under 30 minutes and you are back online. Cleaning a hacked website may take many, many hours – even days.

PEAK Website Security uses the industry-leading Akeeba Backup Pro extension to schedule backups at regular intervals. It all happens automatically behind the scenes with no manual effort required. How often you backup depends on how frequently your website changes. E-commerce websites with frequent orders should be backed up more often than websites with infrequent content revisions / additions.

We don’t store backups on your website’s server. If something unexpected happens to your website, files are deleted or the server goes down, you will have lost your backups as well. Instead, as part of the automated backup process, the backup archive is transferred off your server to a cloud storage service such as Dropbox or Amazon S3 for safekeeping.


Use a Secure Web Host

A bad host can ruin even a properly configured and maintained website. Bargain-basement priced hosting services are cheap for a reason. Shared hosting plans may not have ample protection to prevent cross-site contamination. An infected website on your shared server may infect your website. Paying more for quality hosting will actually save you money in the long run.

Sparks Arts provides cloud hosting by SiteGround, one of the premier hosting companies in the world with best-in-class security, speed and support. With a customer rating of 4.98 out of 5, SiteGround can’t be beat!


Set proper file permissions

Permissions determine who can do what to your files, things like read, write and execute. You don’t want to allow everyone in the world to access and modify your website files!

With PEAK Website Security, we set permissions correctly and make sure they stay that way.


Install an SSL certificate

Without https, any information sent between your computer and the internet is plain text and could be intercepted and read, including your login username and password. That would sure make it easy for a hacker to take over your website.

Using an SSL certificate forces a secure connection that encrypts all data transferred and cannot be read. With an SSL certificate your website address begins with https:// Most modern browsers now clearly indicate such a site is SECURE.

Websites hosted by Sparks Arts automatically get a free SSL certificate from Let’s Encrypt. Paid certificates with more features are available if needed (for example, if your e-commerce website accepts credit card payments on-site).


Enable search engine friendly URLs

SEF URLs hide your website’s structural information and preventing hackers from knowing what software you’re using.

With SEF URL’s the address of this page looks like this:

Without SEF URL’s the address looks like this:

SEF URLs make sense to both humans and search engines because they explain the path to the particular page they point to. You can make sense of the address and understand the page’s context. But you have no indication of what software is creating the page, and that’s good.


Use Strong Login Usernames & Passwords

Brute Force Attacks are one of the most common attacks that affect every website. With Brute Force Attacks, a automated bot attempts to log in to your website by using common usernames and passwords. Since this is done by computer scripts it can check thousands of combinations in no time.

PEAK Website Security avoids vulnerability to this type of attack by following these best-practice rules:

  • Don’t use common words
  • Don’t use a password you can pronounce
  • Don’t use common, unimaginative passwords such as “password1”
  • Don’t use default usernames such as admin or administrator
  • Don’t use the same username or password for multiple accounts
  • Avoid personal information in passwords such as a name or birth date
  • Include special characters (*!$#@), numbers, upper and lowercase letters
  • Make it long, at least 12 characters

Passwords such as “123456” are the first thing hacker bots would try and would be hacked in seconds! A 12-character password like E8f*Ne4^KZE3 would take about 400 years to bruteforce on an average home computer. Increasing the password to 15 characters ( v9%3AMfVc7dRPPu ) increases bruteforce hack time to 3,261 centuries!


Limit the Number of Login Accounts

Numerous login accounts increase your security risk because they increase the chances for brute force password guessing. We create only one Super User with full login access to website configuration. Additional backend Administrators with limited access capabilities is safe when limited in number.

In addition, unless you need your website visitors to be able to create login accounts (such as for e-commerce, or to show certain content only to members), we’ll disable new user registration.


Install a Web Application Firewall

PEAK Website Security utilizes another top-rated, feature-rich extension from Akeeba, Admin Tools Pro.

Admin Tools includes a web application firewall to protect your site against the vast majority of common attacks.

  • Fight spam
  • Bot protection
  • Login protection
  • Backdoor protection
  • Denial of Service DDoS protection
  • SQL Injection protections
  • File injection protection
  • Cross Site Scripting block
  • Direct File Inclusion shield
  • Uploads scanner
  • Blocks brute force attacks
  • Hide / rewrite the generator metatag so it’s not obvious what software is running your website
  • Full logging of all security exceptions
  • Automatic IP ban of repeat offenders
  • Email notifications of security exceptions and failed or successful administrator login

For even more protection and monitoring, you may opt for cloud-based firewall protection from:


Password Protect Your Website’s Admin Login Page

Restricting accesss to your website’s admin area will greatly improve security. Adding an extra login password that’s required to even get to your backend login form will make it much more difficult for hackers, especially brute force attacks that attempt to gain administrator control of your site.


Only Use Software You Can Trust

Sparks Arts has been building and maintaining Joomla! websites for over 10 years. We are part of the great, helpful community that makes Joomla! so awesome. And this experience has taught us what can be trusted.

We make sure the extensions and templates used on your website have no known vulnerabilities, and insure they are actively maintained and fully supported by their developers. Most extensions we’ve used before, use now and are very familiar with.


Remove Unneeded, Unused Files

Frequently on existing websites (that we didn’t build) we find extensions that were installed long ago, decided not to use, but never deleted. They are now way out-of-date, making the website vulnerable to attack even though the offending extension isn’t used.

We review everything installed on your website, whether we built it or not. If it’s not used or unnecessary we delete it. We keep your website lean, using only the minimum of what’s truly needed.


Update All Software to Current Version

More than any other reason, websites get hacked because the software running them is out-of-date. With PEAK Website Security, we make sure your website software is up-to-date with the most current released versions.

FINAL STEP: Security Audit Scan to Establish Baseline

Upon full implementation of PEAK Website Security’s 12-point system, we run an initial security audit scan to establish a results baseline for future comparison. If there are any future exploitation hack attempts, changes from these initial results will likely pinpoint them for investigation.

PEAK Website Security

For new website design projects, website redesigns, Joomla! upgrades or Joomla! migrations performed by Sparks Arts.

For existing Joomla! websites, price depends on the current security condition of your website. Please order our PEAK Website Security Audit first for a comprehensive website review and report.

One-Time Set Up


Full implementation of our 12-point Security System

Annual Software Subscriptions


  • Akeeba Backup Pro
  • Akeeba Admin Tools Pro (web application firewall)

Joomla! Registered Provider

Joomla! 3.x Certified Administrator

Joomla! 3 Certified Administrator