Moving sensitive files outside the web root j16

From Joomla! Documentation

Revision as of 22:35, 15 December 2010 by Ian (Talk | contribs)

Overriding defines.php

Starting with version 1.6, it is possible to provide a localized version of the files that reside in includes/defines.php (i.e. includes/defines.php and administrator/includes/defines.php). This makes it possible to move a variety of files outside of document root.

The actual process is quite simple, but it is advisable that you make sure you know what you're doing before proceeding.

To start, copy the file {ROOT}/includes/defines.php to {ROOT}/defines.php and the file {ROOT}/administrator/includes/defines.php to {ROOT}/administrator/defines.php.

Once you have copied the files, it is necessary to edit both new files and add the lines:

define('_JDEFINES', 1);

define('JPATH_BASE', dirname(__FILE__));

underneath the defined('_JEXEC') or die; line.

Setting the path to configuration.php

Now that you have created override files, you can edit them and provide new locations for various directories. The directory we're interested in is JPATH_CONFIGURATION. The default value is defined as: define('JPATH_CONFIGURATION', JPATH_ROOT);

To put the configuration file in another location, move the file to its new home and specify the new path. As an example, if your files were in /home/exampleuser/public_html and you wanted to put configuration.php in /home/exampleuser/configuration.php, you would change the JPATH_CONFIGURATION define line to:

define('JPATH_CONFIGURATION', '/home/exampleuser');

Make this change in both files, move the configuration.php file and you're done.

Other Possibilities

The configuration.php file isn't the only thing you can move. I have done some amount of testing and was able to successfully move the JPATH_LIBRARIES directory, the JPATH_PLUGINS directory, the JPATH_MANIFESTS directory (which holds the XML manifests for some extensions and for core updates).