permissions

  • File and folder permissions are a key part of your Joomla site's security. It's highly recommended that you have set them properly. They should never be 777, but ideal is 644 for files and 755 folders.

  • This is a key security issue, but unfortunately many of the Joomla site-owners need guidance on this.

    First, let's see what you should know:

    Joomla is a typical LAMP (Linux/Apache/MySQL/PHP) application, even if runs on many other platforms too. The entire access rights "philosophy" is relying on the native environment's settings.

  • Sometimes you need to allow a user to access and manage only one (or a few) Joomla! component in the backend. This is quite easy to set up, you need to use cleverly the ACL sytem Joomla has allready in.

  • This is a core hack. Files you change as described on this page will be overwritten during updates of Joomla!

    This tip explains how to move your configuration.php file outside of your webroot as well as making it unwritable by the server. That makes it nearly impossible for someone to corrupt or gain access to the information in the file.

  • As I write this, both Joomla 1.5 and 2.5 have reached their EOL (End Of Life) for long time, and are not developed or supported anymore. This is a huge security risk, so the best advice here is to upgrade your Joomla site to the latest version. But what if you don't have the time/funds to do it right now?

  • Joomla, as most CMS's excells by making it easy to manage a website page. Offers a pretty easy way to manage Web-based publishing, format management, history editing and version control, indexing, search, and retrieval. Joomla has an impressive suite of features, but these features require some special considerations.

  • Vandals often use hacking techniques to deface a website or destroy data and files, but there are also those who just want to steal resources (make use of other peoples' servers without their knowledge or permission) or to cover their tracks by stealthily making use of hardware owned by legitimate businesses to carry out processing for illegal operations or to relay spam and viruses to others.