Recommendations for making your YourSites server as secure as possible.
Make sure the server runs on https:// in the frontend and backend
Use a dedicated site and domain/subdomain - do not install any additional extensions (with the exception of backup and security addons such as Akeeba Backup or Akeeba AdminTools)
Make this domain/subdomain obscure and don't publish any links to it where search engines may find it,
Even if you run YourSites on an obscure subdomain you should ideally run YourSites within a very obcure and hidden folder. So an ideal domain/folder for YourSites would be something like https://lskniune.myyoursites.com/._kwjniun98one867gbi/
Disable user registration.
Disable all non-essential core Joomla components e.g. Banners, Contacts, Articles, Media. Leave Fields and Tags enabled since these are used in YourSites.
Use one or more additional authentication mechanisms for the backend
Secret words in backend URLs (e.g. /administrator?myscretword)
IP address restrictions on access - if you can always access your YourSites server from fixed IP addresses then block access from all other IP addresses
You can increase the security of YourSites further but at the cost of making the addition of sites to your YourSites server a little bit more complicated.
Running YourSites on a private server or your local computer
Basic access authentication (popup username/password) for the frontend
Setting the frontend of the site offline - if you do this then you MUST use the cli interface for your CronJobs
In all these cases you will need to add your sites to YourSites manually and downloading and installing a site specific client package. The main functionality of YourSites will work perfectly on such a restricted server.
We love every single one of our users, without you YourSites simply couldn't happen! So we would love a review at the Joomla! JED so we can let others know about us too, please take a minute to write a review: