Such options are enabled or disabled on a server-wide basis and are not individually adjustable on shared servers.)Ĭonfiguring MySQL Secure the Database īe sure MySQL accounts are set with limited access. (Note: These are advanced methods that usually require agreement and coordination with your hosting provider. See Google search for mod_security and Google search for mod_rewrite. The two best tutorials and explanations on permissions, ownership and their relations are from this official Joomla doc page:Īnd for information on phpSuExec and similar implementations:Ĭonfigure Apache mod_security and mod_rewrite filters to block PHP attacks. It is better to select a server setup/host that runs PHP as a CGI process (such as cgi-fcgi) along with using phpSuExec or a similar configuration. This causes ownership issues and thus permission problems which will lead to security issues. A great starting point is the OWASP ModSecurity CoreRuleSet PHP Being Run as an Apache Module Such options are enabled or disabled on a server-wide basis and are not individually adjustable on shared servers.Ĭonsider using a serverside filtering solution like Apache mod_security. (Note: These are advanced methods that require agreement and coordination with your hosting provider. You must manually make the changes to use the new file version.Ĭonsider following the "Least Privilege" principle for running PHP using tools such as PHPsuExec, php_suexec or suPHP. The file your site actually uses is not updated when you update your site to a new version of Joomla. One important point to note is that the distributed file is called htaccess.txt and the live file on your site is called. htaccess and place it in the root of your site using FTP. htaccess file, but you need to choose to use it. htaccess, you can password-protect sensitive directories, such as administrator, restrict access to sensitive directories by IP Address, and depending on your server's configuration, you may be able to increase security by switching to the latest PHP version. Check with your host if you run into problems. This option is not enabled on all servers. htaccess īlock typical exploit attempts with local Apache. Most of the tips listed below are appropriate for securing sites on shared server environments.Ĭonfiguring Apache Use Apache. If you are on a tight budget and your site does not process highly confidential data, you can get by with a shared server, but you must understand the risks. Check this list of hosts who meet the security requirements of a typical Joomla site. However, due to the wide variety of hosting options and configurations, it's not possible to provide a complete list for all situations. Probably no decision is more critical to site security than the choice of hosts and servers. Choose a Qualified Hosting Provider The Most Important Decision
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |