Security Checklist/Hosting and Server Setup
From Joomla! Documentation
< Security ChecklistRevision as of 01:57, 22 October 2008 by Rliskey (talk | contribs) (Security Checklist 2- Secure Hosting moved to Security Checklist 2 - Secure Hosting)
Revision as of 01:57, 22 October 2008 by Rliskey (talk | contribs) (Security Checklist 2- Secure Hosting moved to Security Checklist 2 - Secure Hosting)
Choose a Qualified Hosting Provider[edit]
The most important decision[edit]
- Probably no decision is more critical to site security than the choice of hosts and servers. However, due to the wide variety of hosting options and configurations, it's not possible to provide a complete list for all situations. Check this unbiased list of recommended hostswho fully meet the security requirements of a typical Joomla site. (FAQ)
[edit]
- If you are on a tight budget and your site does not process highly confidential data, you can probably get by with a shared server, but you must understand the unavoidable risks. Most of the tips listed below are appropriate for securing sites on shared server environments.
Avoid sloppy server configurations[edit]
- For a real eye-opener, read this report on thousands of sites that allowed Google to index the results of phpinfo(). Don't make this mistake on your site! The report includes alarming statistics on the percentage of site that use depreciated settings such as register_globals ON or that don't have open_basedir set at all: By the way, if phpini and register_globals are unfamiliar terms you are probably not ready to securely manage your own site.