How to secure your Joomla installation’s PHP settings using cPanel

How to secure your Joomla installation’s PHP settings using cPanel

Follow these steps to secure your Joomla installation’s PHP settings:


  1. Log into cPanel:
    • Open your web browser and navigate to your cPanel login page.
    • Enter your username and password to access the cPanel dashboard.
  2. Navigate to File Manager:
    • In the cPanel dashboard, locate and click on the File Manager icon.
    • Open the public_html directory or the directory where Joomla is installed.
  3. Edit the php.ini File:
    • In the Joomla root directory, look for the php.ini file.
    • If the file does not exist, create a new file named php.ini.
    • Select the php.ini file and click Edit.
    • Add or modify the following settings to enhance security:
      display_errors = Off
      log_errors = On
      error_log = /home/your_username/public_html/logs/php_error.log
      expose_php = Off
      allow_url_fopen = Off
      allow_url_include = Off
      file_uploads = Off
    • Save the changes and close the editor.
  4. Edit the .htaccess File:
    • In the Joomla root directory, locate the .htaccess file.
    • Select the .htaccess file and click Edit.
    • Add the following directives to secure your PHP settings:
      # Protect against PHP exploits
          Order Deny,Allow
          Deny from all
          Allow from
      # Disable directory browsing
      Options -Indexes
    • Save the changes and close the editor.
  5. Verify Changes:
    • Ensure that the changes have been applied correctly by visiting your Joomla site and checking the PHP settings.

Important Notes

  • Always backup your website and database before making changes.
  • Test your site thoroughly after applying these settings to ensure there are no disruptions.
  • Regularly update your Joomla installation and extensions to keep your site secure.

You will need to log into cPanel with your supplied username and password. Normally this URL is:

1) Select the Username field and enter your username
 Joomla Web Hosting

2) Select the Password field and enter your password

3) Next click the Log in button
Joomla Cloud Hosting

4) Select the File Manager option under the Files section
Joomla Content Management System

5) With the Web Root radio button selected, click on the Go button
Joomla Hosting

6) Select the ‘joomla’ folder and double click to open it
Joomla CMS

7) Right click the ‘htaccess.txt’ file then select the Edit option(The ‘.htaccess’ file can be used by Joomla for a number of directives)
Joomla Cloud

8) Click the Edit button
Joomla Web Hosting

9) Select a place near the top of the file to enter the following code. Enter the code exactly as illustrated here
Joomla Cloud Hosting

This will code will prevent any errors from being displayed to site visitors
Joomla Content Management System
This can help prevent hackers from running potentially harmful code

10) Now click the Save Changes button
Joomla Hosting

11) Click the Close button to close the editor
Joomla CMS

12) Click the Yes button
Joomla Cloud

13) Now lets rename the file so Joomla can use it. Right click the ‘htaccess.txt’ file and select the Rename option
Joomla Web Hosting

14) Now let’s rename the ‘htaccess.txt’ file to ‘.htaccess’

15) Click the Rename File button
Joomla Cloud Hosting

You now know how to secure your Joomla PHP settings using cPanel

Previous Post
How to secure your Joomla installation’s PHP settings using FTP
Next Post
How to prevent image hotlinking for Joomla using FTP