- HubPages»
- Technology»
- Internet & the Web»
- Web Page & Web Site Development
Securing A Joomla Website - Part II
Block direct access to critical files using .htaccess?
Make a backup copy of your .htaccess file.
NOTE: Use the backup file to recover if the following fails.
Be sure to delete the backup file once finished.
Add the following codespec to your .htaccess file.
This example will protect both the configurtation.php and .htaccess files.
<Files .htaccess>
order allow,deny
deny from all
</Files>
Explanation:
Access to the .htaccess file is being denied to everyone accessing your website using any kind of Browser, FireFox, Chrome, Safari, Opera, IE. All Browsers are forced to obey your directives specified in the .htaccess file by the Web server in use.
As website owner if you want to access the .htaccess to add or delete content you would be completely free to do so using any FTP client.
<FilesMatch "configuration.php">
Order allow,deny
deny from all
</FilesMatch>
Explanation:
The configuration.php file holds the name of your MySQL Joomla database, its Admin login ID and associated password together with a host of other website sensitive information. If a hacker gets access to this file your entire Joomla driven website is completely vulnerable.
The code spec above denies access to the configuration.php file to everyone accessing your website using any kind of Browser, FireFox, Chrome, Safari, Opera, IE. All Browsers are forced to obey your directives specified in the .htaccess file by the Web server in use.
As website owner if you want to access to the file configuration.php to add or delete content you would be completely free to do so using any FTP client.
NOTE: There is a much better way of protecting the configuration.php file which is normally located in the root directory of your Joomla website. We shall take a look at this later in this material. You only have to use either this or the other approach to secure your configuration.php file. You need not do both.
I will be adding information to the Hub shortly that will explain how to do this. Step-by-step. Keep watching this space. I'm sure that I shall have this information in place by tomorrow.
Ivan Bayross
Open source tutorials