This tip explains how to move your configuration.php file outside of your webroot as well as making it unwritable by the server. That makes it nearly impossible for someone to corrupt or gain access to the information in the file.
Joomla install & config
How to install and configure Joomla with minimum effort, tuned for speed, SEO, security - and top performance.
It's always a wise move to move your sensitive files outside of the so called WEBROOT, the directory which is used by Apache to show your website. This way you can be sure, that nobody else, but your Joomla core code can use these files.
Moving some files/folders, like the main configuration.php or the location of admin login may be tricky, but mowing these two key folders is relatively simple.
Joomla specifies certain settings that are recommended for proper functioning of the system. A list of the recommended and actual settings is displayed when you install Joomla. One of the recommended settings is to have 'Display Errors' switched on. This is very useful when developing and debugging a site, but there is a security vulnerability in PHP (not Joomla, but the language in which Joomla was written) which may allow cross-site-scripting attacks when the display errors option is enabled, if you have a script which produces an error.
Even most of security-conscientious Joomla webmasters aren't knowing the existence of this list, maintained at Joomla docs site. There are listed all components with known security problems, and very important to know, the items once appeared on the list aren't removed when the problem is fixed, because large majority of Joomla webmasters aren't upgrading their site as new versions are coming out for the add-ons used. So worth checking, even if the components you use are listed on GREEN - aka fixed -, you may run in trouble, because hackers are knowing the list - and are pro-actively seeking Joomla sites using the insecure add-ons. So you will become easily a target even if you have the secure version...
Bookmark this link!
This is a key security issue, but unfortunately many of the Joomla site-owners need guidance on this.
First, let's see what you should know:
Joomla is a typical LAMP (Linux/Apache/MySQL/PHP) application, even if runs on many other platforms too. The entire access rights "philosophy" is relying on the native environment's settings.
Many of you probably had seen already the red warning in Joomla's admin interface, that you need to have the Register Globals set to "on", otherwise your site is exposed to security treats.
And also many of you haven't a clue how to do it...
So, let's see what an average webmaster can do about this problem.
- Enable HTTPS and make your entire site secure
- Convert Microsoft Word documents to clean HTML
- Virtual spring cleaning for your Joomla sites
- How you can hide the Home menu item?
- Enhanced User Profiles in Joomla 1.7+
- How to turn on the "?tp=1" trick in Joomla 1.7+?
- Finding module positions on a Joomla 1.7 page
- Can I just paste content from Word?
- Emptying the trash in Joomla 1.7
- How do you change the password for your Joomla database
Joomla SEO Article Count: 21
How did you find this site? Did you asked yourself the question how a site can be found on the net? Watch your own habits, and you'll see: you are looking to the sites found on first page of the Google results for a given search term. Must be something very important, to go down to the second, and even to the third page. What else you use to find new web content? Social media? Recommendations from friends? Links on pages you like and visit? Do you know, that less, than 1% of existing web-pages are reaching the first page of the Google results for some search term? do you know, than less, than 17% of existing web-pages are even spidered regularly by the major search-engines? If you don't get spidered and/or you don't reach the magic first 3 pages for at least some search terms you are interested in - you aren't exist. And I can't believe, that anyone building a web-page plans to remain hidden... So, how you can get there? Enter the art of SEO. You will find some interesting, Joomla-specific ideas here which may help you learning it! And never forget: SEO is about what you do every day. SEO is a long term strategy - not a quick fix.
Secure Joomla Article Count: 22
Joomla is safe!! - you can heard in every forums. Is indeed safe enough? Yes, the core Joomla, if properly configured and deployed is a reasonably secure environment. The difference can be made by several factors. and first of these factors is YOU, the webmaster. But there are others, like the hosting environment, the addons used, and couple of others. Watch your back! And keep your site safe!
Tips for beginners Article Count: 155
... and not only. Sometimes you don't know, why your Joomla site isn't working as you want it. Here you can find some tips wich might help you finding your way!
And, remember: everyone was a beginner!
Joomla Troubleshooter Article Count: 53
Yesterday your Joomla site worked just fine. Today is misbehaving. And you're clueless... Right? Hey, you're not the first one having this experience. You're on the good site where you might find the cure for your problem!
Developer tools Article Count: 6
All kind of software tools you should have to be productive. From local development environments to programming tools, resources, tips and tricks wich can help you build your Joomla siter faster, easier.
Configuration tricks Article Count: 15
Basic tricks to make Joomla work for you. Things you can solve using various configuration areas of your Joomla, your hosting environment or your components.