Configure your .htaccess file...
.htaccess is a very powerful tool for those that take their Joomla website security seriously. This file gives you the power to modify quite a few settings that will secure your site.
According to the Apache site
.htaccess files provide a way to make configurative changes on a per-directory basis. A file containing one or more configuration directives is placed in a particular document directory and the directives are applied to that directory and all sub-directories thereof.
Below you see a list of the most important rules that you can add to your .htaccess file to enhance security, by greatly limiting the exposure of your website to many types of attacks.
Tips:
First of all, you must rename the htaccess.txt file to .htaccess
1. Disable the Server Signature
1. # Disable the server signature
2. ServerSignature Off
2. No Access to .htaccess
This will block unauthorized external access to .htaccess.
1. # Prevent access to .htaccess
2. <Files .htaccess>
3. Order allow, deny
4. Deny from all
5. </Files>
3. Bandwidth Preservation
This will limit bandwidth consumption for PHP enabled servers.
1. # Limit bandwidth consumption
2. <ifmodule mod_php5.c>
3. php_value zlib.output_compression 16386
4. </ifmodule>
4. Disable Directory Browsing
1. # Disable unauthorized directory browsing
2. Options All - Indexes
5. No Access to Files
This will block access to specific files.
1. # Block access to specific file
2. <files myfile.doc>
3. Order allow, deny
4. Deny from all
5. </files>
This will block access to multiple file types.
1. # Block access to multiple file types
2. <FilesMatch "\.(htaccess|htpasswd|ini|psd|log|sh)$">
3. Order allow, deny
4. Deny from all
5. </FilesMatch>
6. No Access to IP's or Domains
This will allow access to specific IP's or domains or restrict access to specific IP's or domains.
1. # Restrict access to IP's & domains (replace x with numbers)
2. <Limit GET POST PUT>
3. Order allow, deny
4. allow from all
5. deny from xx.xxx.xx.xxx
6. deny from .*domain\.com.*
7. </Limit>
7. Disguise File Extensions
This will change the file extension to whatever you like. Note that you should also rename your file extension to the setting you apply here.
1. # Disguise php files as html files
2. AddType application/x-httpd-html .php
8. Protect Files & Directories with Passwords
1. # Protect a single file
2. <Files myfile.php>
3. AuthType Basic
4. AuthName "Mypassword"
5. AuthUserFile /home/path/.htpasswd
6. Require valid-user
7. </Files>
1. # Protect multiple files
2. <FilesMatch "^(execute|index|myfile|anotherfile)*$">
3. AuthType Basic
4. AuthName "Mypassword"
5. AuthUserFile /home/path/.htpasswd
6. Require valid-user
7. </FilesMatch>
9. Display Custom Error Pages
With this rule you can set your own set of custom error pages.
1. # Display custom error pages
2. ErrorDocument 400 /errors/400.html
3. ErrorDocument 404 /errors/404.html
4. ErrorDocument 500 /errors/500.html
Back to the page "9 Basic Security Tips for your Joomla Website"
