Joomla security


I’m trying to implement the recommended joomla security settings and I noticed that they recommend adding some lines to the .htaccess files. I don’t see a .htaccess file on my webserver - is it named something different?

There isn’t one. You need to create it yourself :wink:

Chips N Cheese - Custom PHP installs and the like!

Thanks. Can it go anywhere?

It goes in the root (top) directory of your Joomla installation.


It has to be in your web root (ie. /home/username/ at the very least. In fact, you’d be best off checking out the wiki article on it, as that’ll give you a better scope of how the .htaccess file will ultimately affect your site :wink:

Chips N Cheese - Custom PHP installs and the like!

Thanks. I did it and added the php_flag register_globals off flag to it, but joomla is still telling me that the register_globals setting is ON instead of OFF

Does something else need to be done? That’s the only line in the file, btw.

You can’t set your PHP flags with that method on DreamHost anyways. In your case your can either switch to PHP5 (through your control panel) or try to use a Custom PHP.ini file. Both will work well to turn register globals off :slight_smile:

Chips N Cheese - Custom PHP installs and the like!

Well, sometimes there might be! :wink: Joomla! ships with an “htaccess.txt” file for use with the core-included SEF url generation facility and, if the user has enabled that functionality, and followed the instructions given when he did so, there will be an “.htaccess” file. :open_mouth:

Then again, if he had done that - he would probably know where it was, wouldn’t he? Never mind… what you said! :wink:


lmao… ya that was my train of thought on it :stuck_out_tongue:

Chips N Cheese - Custom PHP installs and the like!

There is htaccess.txt used to rewrite your URL if you enable SEO. Rename it to .htaccess and add additional lines if you like. :slight_smile:

$97 off using [color=#CC0000]LuckyYou[/color] promo code :cool: . Sign Up NOW

How do I switch to php5? I don’t see anything in it on my control panel. Will it mess up my existing joomla config?

Go to the COntrol Panel -> Domains -> Manage Domains screen and click the “edit” link under the “Web Hosting” column for your domain. Complete the “check boxes” to select PHP5, submit the form, and you are done.

No. You will now get a “warning” in the Joomla! back end re. Magic Quotes, which you can safely ignore in most instances (see links below for more on that) - to change that setting, you will need to install a custom PHP or at least use a custom php.ini (both procedures are described in the wiki).

Relevant Wiki Links: