Keep secure files of your Joomla

First, let's start with the disadvantages of moving configuration.php file outside of Joomla! the root. The first and most obvious problem is that if you have a website that has for the use of Joomla!’s FTP layer to write files on the server, you can not edit configuration.php file. I mean, you can change the settings in the Global Configuration, but nothing will be written, for Joomla! not be able to use FTP for file recording.

Worse still, in a Joomla! 1.5 sites that change configuration.php the file itself, use require ()to download the actual file is simply not possible using the Global Configuration. This can be disastrous if, for example, you want to urgently put your site in the off-line or if you change the settings, devices that do not have an FTP client, for example, your iPad is just 10 minutes before boarding your flight across the Atlantic.

Category: Web Development Viewing 1936 | Added in July 13, 2013

3 Responses

  1. avatar Selection Says:
    July 13, 2013

    I have to admit back in my 'new to Joomla' days I followed those instructions and moved it. Fast forward a year when I decided to move to a new host and wasted hours trying to figure out why the site wouldn't work. Duh I moved the stupid config file. No doubt it causes far more problems than it's worth. After you get some experience and learn you realize the only thing it is good for is a false sense of security.

  2. avatar Antonis Says:
    July 13, 2013

    If someone gets access to the server somehow, having the config file outsite public_html is not going to save you. The "only" reason why you should have it outside is if the webserver stops serving dynamic pages (fails to load php) - and all php files are loaded as plain text. It has happened (after upgrades/maintenance of apache.) hopefully it was an SMF forum for private collaboration (so, no big trouble, nothing hacked but changed all passwords etc.).

  3. avatar Frank A Says:
    July 13, 2013

    So how does one know if a site is secure enough to prevent config being read?

    What I have noticed is that sites with Joomla in root get robot signups, those with joomla in a subdirectory get far less problems with robots! Not quite the same thing.

    Virtuemart also recommend putting a folder for invoices outside root but comments in their forum point out it puts server at risk so I keep all my VM site invoices inside root. But I have no idea if they are now readable by anyone.

Add comments:

Your name: Your website Some styles: Add button:
Your comments here:

Category

Sponsors

Wise Words

"When we finally presented it at the shareholders' meeting, everyone in the auditorium stood up and gave it a five-minute ovation. What was incredible to me was that I could see the Mac team in the first few rows. It was as though none of us could believe that we'd actually finished it. Everyone started crying."

- Steve Jobs

Outside of subject

The wrong direction

Although this is the first post about my four hour workweek, it did not just start for me. If you read the about me section, that was almost a year ago. So how did I do? Well, I've made some progress. By falling and standing up. By making decisions and ignoring some. After my breakdown I...

continue reading

Going crazy – doing crazy

I ended up going on a trip to Oxford (UK), visiting some international friends I made by tango dancing, while it also was an opportunity to go dancing in London and Oxford.

Staying over with a friend was very nice and also useful. It made my trip cost way less, while I also had some...

continue reading

What you know about earning on blog posts

Service post on the blog: a dollar sign is the cheesiest - the process of verification of the blog.

Today, every blogger has the opportunity to receive a small remuneration for his work on the blog, write a short message or a review of a web resource, service, or company.

Of...

continue reading

My worry about losing the Queen

My worry about losing the Queen would be that she would still be entitled to take money from the Crown Estates. I hope when negotiations are taking place after the referendum, that the SNP would not go soft on this and on a number of other matters, like being over generous with the entitlement...

continue reading

How to get indoor an orchids to grow and bloom?

The thing which, apart from Climate Gate, really knocked them sideways was that bitterly cold December 2013.

Louise wouldn't remember it because she was with Chris Huhne in Cancun at the time and kept telling us how warm it was poolside — while it was –15ºC here and...

continue reading