Implementing a secure Joomla website.
#First create the MariaDB/mySQL database
mysql -u root -p
CREATE DATABASE <YourDatabaseName>;
CREATE USER <UsernameForJoomla>@localhost;
SET PASSWORD FOR '<UsernameForJoomla>'@'localhost' = PASSWORD("<Your Password>");
GRANT ALL PRIVILEGES ON <YourDatabaseName>.* TO '<UsernameForJoomla>'@'localhost' IDENTIFIED BY '<Your Password>' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;
cd /var/www
touch configuration.php
chmod 644 configuration.php
rm -rf /var/www/html
http://<localhost>
(if you get the standard Apache welcome screen, delete the index.html from /var/www)
Configure Joomla
Websitenaam: <Your website name>
Gebruikersnaam/Admin user: <Your admin name>
Admin ww: <Your admin password>
User: <UsernameForJoomla>
User ww: <Your Password>
Database: <YourDatabaseName>
Oude database: Verwijder
Voorbeeld...: Nee
Na grafische installatie:
cd /var/www
mv installation installation_OLD_USED (behalve als al via GUI verwijderd)
chmod 444 configuration.php
http://<localhost>/administrator
Add the following to the Apache config.
vi /etc/apache2/conf-available/joomla.conf
#
#
Alias /administrator /var/www/administrator/
<Directory /var/www/administrator/>
<RequireAll>
Require ip <You internal IPrange like 192.168.178.>
</RequireAll>
</Directory>
<Directory "/var/www/configuration.php">
Require all denied
</Directory>
DirectoryIndex index.php index.html
<LocationMatch "^/[^/]*\.(php|html|txt).*">
Require all denied
</LocationMatch>
<LocationMatch "^/index\.(php|htm).*">
Require all granted
</LocationMatch>
<LocationMatch "^/google.*\.html">
Require all granted
</LocationMatch>
<LocationMatch "^/robots\.txt">
Require all granted
</LocationMatch>
Activate the new config via:
a2enconf joomla
systemctl reload apache2
What do you think or any questions?
Send us feedback