melindawenner

Use the local php.ini

Some hosting services allow you to use your own Apache configuration file, which is located in the root of the site. If there is such an opportunity, do not miss it.

Configuring php.ini

The setup is simple. Here are the recommended Apache security settings. I will not describe everything in detail, you can find more detailed documentation on the website docs.joomla.org .

The mail.add_x_header directive adds an X-PHP-Originating-Script header in each sent email, which contains the UID and the name of the script sending the email. This allows an attacker to find out from which user PHP is running. We’d better turn it off.

The error_reporting directive tells PHP that only error information should be written to logs. Some CMS and extensions have a bunch of notice and warning for them, which can lead to the growth of log files and the space on the hard drive will simply run out. This will end with the site being unavailable.

File system Permissions

If the Joomla distribution is installed on an Apache web server with mod_php, then all virtual hosts on this server work in the same context as Joomla. If the files belong to another user, for example, “nobody” or “wwwrun”, the safest solution is to change the owner using FTP clients (FilleZill, Total Commander, etc.) and set the correct access rights. They are like this: