Linux Servers cPanel webhosting blog » .htaccess

Secure Joomla site.

Gunjan — Fri, 28 Aug 2009 01:04:50 +0000

To avoid Joomla site to be hacked follow the following steps.

Disable RG_EMULATION for Joomla. When this option is enabled even the latest Joomla is

vulnerable to some variable injections. It can be disabled by placing the following line in

your configuration.php:

if(!defined(‘RG_EMULATION’)) { define( ‘RG_EMULATION’, 0 ); }

————-
Secure your administrator’s area. This will first prevent simple brute-force attacks. Along

with that, all components and modules’ code inside this directory will be safe. For this

purpose:

- Place an .htaccess inside Joomla’s ‘administrator’ directory. It should contain:

Deny from all
Allow from YourIP*

In case your IP changes, you should try securing the directory with Password Protection

If you are using PHP 5.2, make sure that the directive ‘allow_url_include’ is set to off;

If you are using PHP version below 5.2, make sure that the directive ‘allow_url_fopen’ is

set to off.

How to disable the Directory listing?

Gunjan — Tue, 25 Aug 2009 21:24:20 +0000

To disable the Directory listing for directories you need to create the .htaccess file under the each an every folder under which you want to disable the Directory listing and insert the following code in .htaccess file.

————
Options -Indexes
————

Enable private PHP Error Logging via .htaccess\disable PHP Error Logging for visitor

Gunjan — Tue, 25 Aug 2009 00:00:51 +0000

To hide PHP errors from visitors insert the following code in .htaccess

# supress php errors
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off

Once disable the error logs for visitors enable the private PHP error logging by using following code in .htaccess

# enable PHP error logging
php_flag log_errors on
php_value error_log /home/path/public_html/domain/PHP_errors.log

The PHP_errors.log file needs to be permission 755 or 777.