Joomla security

Implementing a secure Joomla website.

#First create the MariaDB/mySQL database

mysql -u root -p
CREATE DATABASE <YourDatabaseName>;
CREATE USER <UsernameForJoomla>@localhost;
SET PASSWORD FOR '<UsernameForJoomla>'@'localhost' = PASSWORD("<Your Password>");
GRANT ALL PRIVILEGES ON <YourDatabaseName>.* TO '<UsernameForJoomla>'@'localhost' IDENTIFIED BY '<Your Password>' WITH GRANT OPTION;

cd /var/www
touch configuration.php
chmod 777 configuration.php

rm -rf /var/www/html

(if you get the standard Apache welcome screen, delete the index.html from /var/www)

Configure Joomla

Websitenaam: <Your website name>

Gebruikersnaam/Admin user: <Your admin name>
Admin ww: <Your admin password>

User: <UsernameForJoomla>
User ww: <Your Password>
Database: <YourDatabaseName>
Oude database: Verwijder
Voorbeeld...: Nee

Na grafische installatie:
cd /var/www
mv installation installation_OLD_USED (behalve als al via GUI verwijderd)

chmod 444 configuration.php




Add the following to the Apache config.

vi /etc/apache2/conf-available/joomla.conf
Alias /administrator /var/www/administrator/

<Directory /var/www/administrator/>
Require ip <You internal IPrange like 192.168.178.>

<Directory "/var/www/configuration.php">
Require all denied

DirectoryIndex index.php index.html
<LocationMatch "^/[^/]*\.(php|html|txt).*">
Require all denied
<LocationMatch "^/index\.(php|htm).*">
Require all granted
<LocationMatch "^/google.*\.html">
Require all granted
<LocationMatch "^/robots\.txt">
Require all granted


Activate the new config via:

a2enconf joomla

systemctl reload apache2