How to secure your Joomla installation’s PHP settings using cPanel

Follow these steps to secure your Joomla installation’s PHP settings:

Steps

1. Log into cPanel:
   • Open your web browser and navigate to your cPanel login page.
   • Enter your username and password to access the cPanel dashboard.
2. Navigate to File Manager:
   • In the cPanel dashboard, locate and click on the File Manager icon.
   • Open the public_html directory or the directory where Joomla is installed.
3. Edit the php.ini File:
   • In the Joomla root directory, look for the php.ini file.
   • If the file does not exist, create a new file named php.ini.
   • Select the php.ini file and click Edit.
   • Add or modify the following settings to enhance security:

     
     display_errors = Off
     log_errors = On
     error_log = /home/your_username/public_html/logs/php_error.log
     expose_php = Off
     allow_url_fopen = Off
     allow_url_include = Off
     file_uploads = Off
                         

   • Save the changes and close the editor.
4. Edit the .htaccess File:
   • In the Joomla root directory, locate the .htaccess file.
   • Select the .htaccess file and click Edit.
   • Add the following directives to secure your PHP settings:

     
     # Protect against PHP exploits
     
         Order Deny,Allow
         Deny from all
         Allow from 127.0.0.1
     
     
     # Disable directory browsing
     Options -Indexes
                         

   • Save the changes and close the editor.
5. Verify Changes:
   • Ensure that the changes have been applied correctly by visiting your Joomla site and checking the PHP settings.

Important Notes

• Always backup your website and database before making changes.
• Test your site thoroughly after applying these settings to ensure there are no disruptions.
• Regularly update your Joomla installation and extensions to keep your site secure.

You will need to log into cPanel with your supplied username and password. Normally this URL is:

1) Select the Username field and enter your username

2) Select the Password field and enter your password

3) Next click the Log in button

4) Select the File Manager option under the Files section

5) With the Web Root radio button selected, click on the Go button

6) Select the ‘joomla’ folder and double click to open it

7) Right click the ‘htaccess.txt’ file then select the Edit option(The ‘.htaccess’ file can be used by Joomla for a number of directives)

8) Click the Edit button

9) Select a place near the top of the file to enter the following code. Enter the code exactly as illustrated here

This will code will prevent any errors from being displayed to site visitors

This can help prevent hackers from running potentially harmful code

10) Now click the Save Changes button

11) Click the Close button to close the editor

12) Click the Yes button

13) Now lets rename the file so Joomla can use it. Right click the ‘htaccess.txt’ file and select the Rename option

14) Now let’s rename the ‘htaccess.txt’ file to ‘.htaccess’

15) Click the Rename File button

You now know how to secure your Joomla PHP settings using cPanel