Joomla security

Implementing a secure Joomla website.

#First create the MariaDB/mySQL database


mysql -u root -p
CREATE DATABASE <YourDatabaseName>;
CREATE USER <UsernameForJoomla>@localhost;
SET PASSWORD FOR '<UsernameForJoomla>'@'localhost' = PASSWORD("<Your Password>");
GRANT ALL PRIVILEGES ON <YourDatabaseName>.* TO '<UsernameForJoomla>'@'localhost' IDENTIFIED BY '<Your Password>' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;


cd /var/www
touch configuration.php
chmod 777 configuration.php

rm -rf /var/www/html

http://<localhost>
(if you get the standard Apache welcome screen, delete the index.html from /var/www)


Configure Joomla


Websitenaam: <Your website name>

Gebruikersnaam/Admin user: <Your admin name>
Admin ww: <Your admin password>

User: <UsernameForJoomla>
User ww: <Your Password>
Database: <YourDatabaseName>
Oude database: Verwijder
Voorbeeld...: Nee

Na grafische installatie:
cd /var/www
mv installation installation_OLD_USED (behalve als al via GUI verwijderd)

chmod 444 configuration.php

http://<localhost>/administrator

 

 

Add the following to the Apache config.

vi /etc/apache2/conf-available/joomla.conf
#
#
Alias /administrator /var/www/administrator/

<Directory /var/www/administrator/>
<RequireAll>
Require ip <You internal IPrange like 192.168.178.>
</RequireAll>
</Directory>

<Directory "/var/www/configuration.php">
Require all denied
</Directory>

DirectoryIndex index.php index.html
<LocationMatch "^/[^/]*\.(php|html|txt).*">
Require all denied
</LocationMatch>
<LocationMatch "^/index\.(php|htm).*">
Require all granted
</LocationMatch>
<LocationMatch "^/google.*\.html">
Require all granted
</LocationMatch>
<LocationMatch "^/robots\.txt">
Require all granted
</LocationMatch>

 

Activate the new config via:

a2enconf joomla

systemctl reload apache2