Secure Deployment Policies
Important:
We use many different layers of security to help protect your OJS site from being hacked. Each layer by itself is capable of stopping an attack. When all of the layers are combined, the overall security level goes up geometrically, creating a stronger OJS security system. We have implemented cutting-edge security policies and protocols that includes OJS as well as server security hardening. We also recommend using our OJS 3x security plugins to better protect your OJS against fake user registrations and malicious file uploads during submission. For more information about OJS 3x security plugins, please visit: https://openjournalsystems.com/ojs-new-products/.
A secure deployment can be best achieved by using the following policies:
- Dedicate a database to OJS; use unique credentials to access it.
- Configure OJS (config.inc.php) to use SHA1 hashing rather than MD5.
- Install SSL certificate and configure OJS (config.inc.php) to use force_ssl_login so that authenticated users communicate with the server via HTTPS.
- Install OJS so that the files directory is NOT a subdirectory of OJS installation and can’t be accessed directly via the web server.
- Restrict file permissions as much as possible.
- Configure your server for a regular backup of OJS database, file/submission directory, and OJS installation directory.
- Perform a manual backup when upgrading or performing maintenance.
