joomla-4-file-editor

Joomla 2.5 setup series

How to secure your Joomla installation’s PHP settings using FTP

Securing your Joomla installation’s PHP settings is a critical step in maintaining a robust and protected website. Using FTP, you can adjust PHP configuration settings to harden your site’s security. This guide will outline how to secure your Joomla installation’s PHP settings by editing or creating a .htaccess or php.ini file.

Steps to Secure Joomla’s PHP Settings via FTP

1. Access Your Server Using FTP

  • Use an FTP client like FileZilla, Cyberduck, or WinSCP.
  • Connect to your server with your FTP credentials (host, username, password, and port).
  • Navigate to your Joomla installation directory (typically public_html or a subfolder).

2. Identify the Configuration File

Depending on your hosting environment, you can use:

  • .htaccess: Works for Apache-based servers.
  • php.ini: Works if you have control over the PHP configuration for your hosting.

3. Securing Using .htaccess

If your server supports .htaccess files, follow these steps:

  1. Locate the .htaccess file in your Joomla root directory. If it doesn’t exist, create a new file named .htaccess.
  2. Open the file in a text editor and add the following directives:
    apache
    # Disable directory browsing
    Options -Indexes

    # Restrict PHP execution in certain directories
    <FilesMatch "\.(php|php5|php7)$">
    Order Allow,Deny
    Deny from All
    </FilesMatch>

    # Prevent accessing configuration.php directly
    <Files "configuration.php">
    Order Allow,Deny
    Deny from All
    </Files>

    # Limit file uploads and execution
    php_value upload_max_filesize 2M
    php_value post_max_size 8M
    php_value max_execution_time 30
    php_value max_input_time 30

    # Disable specific PHP functions for security
    php_flag allow_url_fopen Off
    php_flag allow_url_include Off
    php_value disable_functions exec,passthru,shell_exec,system,popen,proc_open

  3. Save the file and upload it back to the server via FTP.

4. Securing Using php.ini

If your server allows you to customise PHP settings using php.ini, follow these steps:

  1. Check for an existing php.ini file in your Joomla root directory. If it doesn’t exist, create a new file named php.ini.
  2. Open the file in a text editor and add or modify the following settings:
    ini
    ; Disable dangerous PHP functions
    disable_functions = exec,passthru,shell_exec,system,popen,proc_open

    ; Restrict file uploads
    file_uploads = Off

    ; Limit script execution time
    max_execution_time = 30
    max_input_time = 30

    ; Limit file sizes for uploads
    upload_max_filesize = 2M
    post_max_size = 8M

    ; Disable remote file execution
    allow_url_fopen = Off
    allow_url_include = Off

    ; Enable error logging
    log_errors = On
    error_log = /path/to/error_log

  3. Replace /path/to/error_log with the full path to a secure directory where error logs should be stored (ensure it is not publicly accessible).
  4. Save the file and upload it to the root of your Joomla installation using FTP.

5. Test the Changes

  • Verify PHP Settings:
    • Go to your Joomla admin panel.
    • Navigate to System > System Information > PHP Information to confirm that the changes have taken effect.
  • Test Site Functionality:
    • Ensure your Joomla website functions correctly after making these changes.
    • Check for any errors or unexpected behaviour.

6. Secure File Permissions

Ensure that critical files in your Joomla installation have the correct permissions:

  • Configuration file (configuration.php): 444
  • Other PHP files: 644
  • Directories: 755

You can adjust permissions via FTP by right-clicking files or directories and selecting File Permissions.

7. Additional Security Measures

  • Regular Updates: Always update Joomla and its extensions to the latest versions.
  • Backup Your Site: Use Joomla-compatible backup extensions like Akeeba Backup.
  • Use Strong Passwords: Strengthen your FTP, admin, and database passwords.

Conclusion

By properly securing your Joomla installation’s PHP settings using FTP, you can significantly reduce vulnerabilities and mitigate potential threats. Regularly monitor and update these settings to keep your site secure as new threats emerge. With proactive measures, your Joomla site will remain stable and well-protected.

This tutorial assumes you have a FTP application and have opened and logged in to your server via FTP

There are a number of both free and commercial FTP applications. In this example we will be using CuteFTP

1) On your remote web server, open the htdocs or public_html directory, then select the directory where Joomla has been previously installed

2) Double click the ‘joomla’ directory to open it

Scroll down to locate the ‘htaccess.txt’ file

3) Right click the ‘htaccess.txt’ file then select the Edit option(The ‘.htaccess’ file can be used by Joomla for a number of directives)

4) Select a place near the top of the file to enter the following code. Enter the code exactly as illustrated here

This will code will prevent any errors from being displayed to site visitors

This can help prevent hackers from running potentially harmful code

5) Now click the Save button

6) Now lets rename the file so Joomla can use it. Right click the ‘htaccess.txt’ file and select the Rename option

7) Now let’s rename the ‘htaccess.txt’ file to ‘.htaccess’

You now know how to secure your Joomla PHP settings using FTP

 

  • How to build a website with WordPress and what are the best plugins to use: Building a website with WordPress is an excellent choice due to its versatility, ease of use, and a vast array of plugins that enhance functionality. Here’s a comprehensive guide to building a WordPress website, along with recommendations for the best plugins.
  • What does this property buzzword mean and how does it actually work? Gearing simply means borrowing money to buy an asset. Negative gearing can be a tax strategy used by investors and describes when the income (ie, the rent) made from an investment is less than the expenses it incurs, meaning it’s making a loss.
  • How to Sell Your Ecommerce Business for the Best Value: Selling an ecommerce business can be a very profitable move. You can use the proceeds to invest in other projects, launch new ecommerce business websites, or even retire. For some startups, selling the business is the end goal. Whether you have a dropshipping website, sell with Amazon FBA, or own a large-scale ecommerce business, there’s an opportunity for you to sell.
  • Comprehensive Guide to WordPress Website Development: Developing a WordPress website is a sequential process that requires careful planning, thoughtful execution, and consistent maintenance to ensure it meets the needs of users and achieves its intended goals. This involves a series of clearly defined stages, including planning, designing, content creation, optimisation, and ongoing maintenance.
  • Top 10 High-Paying Jobs AI Won’t Replace in 2025: Artificial Intelligence (AI) is revolutionizing industries, automating repetitive tasks, and reshaping the global workforce. Despite its remarkable advancements, certain professions remain beyond AI’s capabilities due to their reliance on uniquely human traits like creativity, empathy, and critical thinking. This case study explores the 10 highest-paying, fastest-growing jobs in 2025 that AI won’t replace, delving into why these roles are indispensable and how they are evolving in an AI-driven world.
  • Spill Your Guts: What To Wear To Olivia Rodrigo’s Australian Tour: Never afraid of screaming out all the dark, embarrassing things we’ve all thought before, Rodrigo sings about comparing herself to her boyfriend’s ex-girlfriend. If you want an edgy outfit that mimics the music…
  • Top Social Media Plugins for WordPress to Increase Your Sites Reach and Engagement: If you are seeking to enhance your website’s reach and engagement on social media, you have come to the right place. In this article, we will delve into the premier social media plugins tailored for WordPress users. From Social Warfare to Jetpack, these plugins can facilitate seamless sharing of your content across diverse social platforms.Furthermore, we will provide recommendations to optimize your website’s visibility on social media. Keep an eye out for valuable insights!
  • How to Change PuTTY’s Appearance: PuTTY is a widely-used SSH and telnet client for Windows and Linux hosting. While its default appearance is functional, you can customise it to improve aesthetics and usability. Below are the steps to modify PuTTY’s appearance, including changing the font, window size, colours, and cursor options.
  • What programming languages does vBulletin use?: vBulletin was orginally written in perl and used a flat file database system. However, as sites grew they notice that sites could not cope with a large amounts of traffic. This problem has now been fully rectified when vBulletin was converted to php and a mysql database system.

 

Similar Posts