Keep secure files of your Joomla

First, let's start with the disadvantages of moving configuration.php file outside of Joomla! the root. The first and most obvious problem is that if you have a website that has for the use of Joomla!’s FTP layer to write files on the server, you can not edit configuration.php file. I mean, you can change the settings in the Global Configuration, but nothing will be written, for Joomla! not be able to use FTP for file recording.

Worse still, in a Joomla! 1.5 sites that change configuration.php the file itself, use require ()to download the actual file is simply not possible using the Global Configuration. This can be disastrous if, for example, you want to urgently put your site in the off-line or if you change the settings, devices that do not have an FTP client, for example, your iPad is just 10 minutes before boarding your flight across the Atlantic.

Category: Web Development Viewing 6137 | Added in July 13, 2013

3 Responses

Selection Says:
July 13, 2013

I have to admit back in my 'new to Joomla' days I followed those instructions and moved it. Fast forward a year when I decided to move to a new host and wasted hours trying to figure out why the site wouldn't work. Duh I moved the stupid config file. No doubt it causes far more problems than it's worth. After you get some experience and learn you realize the only thing it is good for is a false sense of security.
Antonis Says:
July 13, 2013

If someone gets access to the server somehow, having the config file outsite public_html is not going to save you. The "only" reason why you should have it outside is if the webserver stops serving dynamic pages (fails to load php) - and all php files are loaded as plain text. It has happened (after upgrades/maintenance of apache.) hopefully it was an SMF forum for private collaboration (so, no big trouble, nothing hacked but changed all passwords etc.).
Frank A Says:
July 13, 2013

So how does one know if a site is secure enough to prevent config being read?
What I have noticed is that sites with Joomla in root get robot signups, those with joomla in a subdirectory get far less problems with robots! Not quite the same thing.
Virtuemart also recommend putting a folder for invoices outside root but comments in their forum point out it puts server at risk so I keep all my VM site invoices inside root. But I have no idea if they are now readable by anyone.

Add comments:

Your name:	Your website	Some styles:	Add button:

Your comments here:

Wise Words

"When we finally presented it at the shareholders' meeting, everyone in the auditorium stood up and gave it a five-minute ovation. What was incredible to me was that I could see the Mac team in the first few rows. It was as though none of us could believe that we'd actually finished it. Everyone started crying."

- Steve Jobs

Outside of subject

The wrong direction

Posted by admin on 01/25/2014

Although this is the first post about my four hour workweek, it did not just start for me. If you read the about me section, that was almost a year ago. So how did I do? Well, I've made some progress. By falling and standing up. By making decisions and ignoring some. After my breakdown I...

Going crazy – doing crazy

Posted by admin on 01/25/2014

I ended up going on a trip to Oxford (UK), visiting some international friends I made by tango dancing, while it also was an opportunity to go dancing in London and Oxford.

Staying over with a friend was very nice and also useful. It made my trip cost way less, while I also had some...

What you know about earning on blog posts

Posted by admin on 10/13/2013

Service post on the blog: a dollar sign is the cheesiest - the process of verification of the blog.

Today, every blogger has the opportunity to receive a small remuneration for his work on the blog, write a short message or a review of a web resource, service, or company.

Of...

My worry about losing the Queen

Posted by admin on 08/13/2013

My worry about losing the Queen would be that she would still be entitled to take money from the Crown Estates. I hope when negotiations are taking place after the referendum, that the SNP would not go soft on this and on a number of other matters, like being over generous with the entitlement...

How to get indoor an orchids to grow and bloom?

Posted by admin on 08/13/2013

The thing which, apart from Climate Gate, really knocked them sideways was that bitterly cold December 2013.

Louise wouldn't remember it because she was with Chris Huhne in Cancun at the time and kept telling us how warm it was poolside — while it was –15ºC here and...

Guide to SEO

Search engine optimization (SEO) means coding your pages so that they are more likely to show up in search engine results for certain keywords and phrases. When it comes to searches, search engines use complex algorithms based on a site's information and html to rank sites. There are no specific rules for anything in SEO - just general guidelines. Google provides a guide for webmasters to look at to learn more about SEO.

You should know that many optimization campaigns take at least 3-6 months to see good results so you need to be patient and not waste your time by checking your progress every day. It is also important to understand that learning the technical aspects of SEO isn't enough to get good rankings. Your web site still has to be a good website with good content.

Image Gallery

About

My name is Alex Devids, I am 25 year old. I've been a web developer for over 4 years. How I'm work in SSNR Development and SEO Company. In my lucky, I have been worked with some of the best SEOs in the world. I've also had the special privilege to work with top companies to solve SEO challenges both large and small.

This blog I'm made to help Web Designers and Developers to increase qualification and learn more about SEO and popularization his own website or blog, and how to make their site awesome.