Recommended PHP settings for Joomla additional security

Recommended PHP settings for Joomla additional security Parent Technology uses SiteGround Hosting for all its Joomla Installs.   Here is a security article. In order to improve the overall security of your Joomla application, you would need to start from the language itself, which powers this software. In this case, this is PHP. Although PHP is known to be very stable, there are certain parameters which you can adjust to add additional security to your website. All settings described here can be entered into a custom php.ini file residing in the very same directory where your Joomla website is hosted. For more information on how to create a custom php.ini please check out our php.ini article here: http://kb.siteground.com/article/How_to_change_the_value_of_a_PHP_setting.html The first and most important setting you should change is the register_globals value. Add the following line to the php.ini file: register_globals = off If this is left on, someone attempting to break your site could use it to inject your scripts with all sorts of variables. If this setting is set to ON, an attacker can send a variable which is otherwise unreachable. By default, register_globals is turned off on all SiteGround servers, except if you are using PHP 5.1 where it is enabled by default. Do NOT enable (i.e set register_globals = On) this feature. magic_quotes_gpc = On This is the PHP internal way to escape various input to your script. By default this is ON, unless you have overwritten it. Disabling this (magic_quotes_gpc=off) will allow a remote attacker to execute various malicious code such as SQL injection code. allow_url_fopen = off This function treats remote files as if they were local files on the server. What it does is to allow PHP to open any URL as if it was a file on your account. Although this is a very handy function, it will allow an attacker to include a file hosted on a remote server into your website and possibly execute it. In most cases, this is exactly how web shells and backdoors are installed into customers hosting accounts. You should not enable it, unless a very important extension/plugin requires it. expose_php = off (default value = on) One of the first steps an attacker takes is to try and get as much information as possible about the platform and the software his/her target is using. By disabling expose_php you will greatly reduce the information that an attacker will be able to discover.

Magento Optimization - Grand Rapids Developement and design

Magento Optimization

By default Magento comes with enabled caching thus avoiding repetition of some of the heaviest operations. However, this is not always enough for Magento to run fast.
Speeding up Magento is not always an easy task and commercial extensions for this purpose are expensive. That's why we will offer you two easy to follow steps which can significantly increase Magento Performance:

1. Enable the compiler which comes with Magento by default. You can find it in Magento admin panel,  System, Tools, Compilation. Just click on Enable and Run Compilation Process after that.

This option compiles all Magento installation files and creates a single include path. It will speed up pages 25-50% according to the official documentation.

However, enabling the compiler may cause some issues such as reporting missing php files which cannot be included. This may force you to disable the compiler. This can be done similarly to enabling it - go to admin panel, System, Tools, Compilation.

2. If the above improvement is not enough next step is to install a third party extension. We will use the freely available Fooman Speedster. Its extension key is:
magento-community/Fooman_Speedster

To install it follow these steps:

First, from Magento admin panel go to System, Magento Connect, Magento Connect Manager. There paste the above key and click on Install.

Next, add the following line to your Magento .htaccess:
RewriteRule ^(index.php/)?minify/([^/]+)(/.*.(js|css))$ lib/minify/m.php?f=$3&d=$2
The above will force all requests to be processed through the extension frontend called m.php. In order this processor to work properly please do the following:
a. Change the permissions for the directory lib/minify/ to 755 recursively. These are the correct permissions if your webserver runs under your user and php is in suexec as in most shared hosting environments. Alternatively, you can leave the default 777 permissions.
b. Ensure that the caching directory 'var/minifycache/' is writable. In most cases 777 permissions are sufficient. Then open a few times your Magento and check if files such as minify_67fe988157635b14d2f1e076727899d2 have appeared in the directory in question.
The above optimization steps are the fastest and easiest way to an optimized Magento.

File permissions based security issues in Joomla

File permissions based security issues in Joomla Parent Technology utilizes Linux OS for all shared hosting servers and every file or folder in Linux has access permissions. There are three types of permissions (what is allowed to do with a file):
  • read access - r
  • write access - w
  • execute access - e
Permissions are defined for three types of users:
  • the owner of the file
  • the group that the owner belongs to
  • other users
Thus, Linux file permissions are nine bits of information (3 types x 3 type of users), each of them may have just one of two values: allowed or denied. Simply put, for each file it can be specified who can read or write from/to the file. For programs or scripts it also can be set if they are allowed to be executed. One simple way to protect your script is to ensure that the correct permissions are applied to your files and folders. The following settings are the recommended permissions:
  • .htaccess file – 644 (Read and Write granted to you, Read-only to anyone else)
  • configuration.php (while site in development) – 644 (Read and Write granted to you, Read-only to anyone else)
  • configuration.php (when site is live) – 444 (Read access only)
  • Directories – 755 (Read/Write/Execute to you, Read and Execute to anyone else)
  • Files – 644 (Read/Write to you, Read-only to anyone else)
A common error is to make your templates folder world readable/writable (777). Although this directory contains your visual files, it is very important to have the right set of permissions. You should never set the permissions to be higher than 755. With more questions please contact Parent Technology - Grand Rapids Web Development and Design

The Joomla Project is pleased to announce the immediate availability of Joomla 3.0.2.

joomla-3.0 The Joomla Project is pleased to announce the immediate availability of Joomla 3.0.2. This is a security release. The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Developer Site.

Download

New Installations: Click here to download Joomla 3.0.2 (Full package) »

Update Package: Click here to download Joomla 3.0.1 to 3.0.2 (Update package) »

Update Package: Click here to download Joomla 3.0.2 (for updates from Joomla 2.5)  (Update package)  »

Note: If you are running version 3.0.0 please read the special update instructions before updating.

Instructions

Want to test drive Joomla? Try the online demo or the Joomla JumpBoxDocumentation is available for beginners. Please note that you should always backup your site before upgrading.

Release Notes

Check the Joomla 3.0.2 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.

Statistics for the 3.0.2 release period

  • Joomla 3.0.2 contains:
    • 1 security issue fixed
    • 1 new feature
    • 50 tracker issues fixed

Security Issues Fixed

New Feature

  • 27373 Implementing Items associations in multi-language. With this function you can assign articles and article categories from different languages together and the module will display the correct link if you change the language itself. Click here for more information.

Site Search

Contact Us

 
 
 
Parent Technology Inc.
1535 Rosalind Rd Se
East Grand Rapids, MI 49506, USA
 
 

This email address is being protected from spambots. You need JavaScript enabled to view it.