Joomla security

Implementing a secure Joomla website.

#First create the MariaDB/mySQL database

mysql -u root -p
CREATE DATABASE <YourDatabaseName>;
CREATE USER <UsernameForJoomla>@localhost;
SET PASSWORD FOR '<UsernameForJoomla>'@'localhost' = PASSWORD("<Your Password>");
GRANT ALL PRIVILEGES ON <YourDatabaseName>.* TO '<UsernameForJoomla>'@'localhost' IDENTIFIED BY '<Your Password>' WITH GRANT OPTION;

cd /var/www
touch configuration.php
chmod 777 configuration.php

rm -rf /var/www/html

(if you get the standard Apache welcome screen, delete the index.html from /var/www)

Configure Joomla

Websitenaam: <Your website name>

Gebruikersnaam/Admin user: <Your admin name>
Admin ww: <Your admin password>

User: <UsernameForJoomla>
User ww: <Your Password>
Database: <YourDatabaseName>
Oude database: Verwijder
Voorbeeld...: Nee

Na grafische installatie:
cd /var/www
mv installation installation_OLD_USED (behalve als al via GUI verwijderd)

chmod 444 configuration.php




Add the following to the Apache config.

vi /etc/apache2/conf-available/joomla.conf
Alias /administrator /var/www/administrator/

<Directory /var/www/administrator/>
Require ip <You internal IPrange like 192.168.178.>

<Directory "/var/www/configuration.php">
Require all denied

DirectoryIndex index.php index.html
<LocationMatch "^/[^/]*\.(php|html|txt).*">
Require all denied
<LocationMatch "^/index\.(php|htm).*">
Require all granted
<LocationMatch "^/google.*\.html">
Require all granted
<LocationMatch "^/robots\.txt">
Require all granted


Activate the new config via:

a2enconf joomla

systemctl reload apache2

What do you think or any questions?

Send us feedback!

Enter the sum of the numbers.


  If you like my website, feel free to donate via the Paypal button... A small amount for a cup of coffee is enough ;-) Thank you!