Joomla should be configured for extension security, backend access control, and stable content publishing.
Joomla uses several key configuration files:
| File | Purpose | Location |
|---|---|---|
configuration.php |
Main configuration (database, system settings) | Root directory |
.htaccess |
Apache configuration | Root directory |
web.config |
IIS configuration | Root directory |
Edit configuration.php for core settings:
<?php
class JConfig {
public $dbtype = 'mysqli';
public $host = 'localhost';
public $user = 'joomla';
public $password = 'replace-with-strong-password';
public $db = 'joomla';
public $dbprefix = 'jos_';
// Site settings
public $sitename = 'My Joomla Site';
public $alias = 'my-joomla-site';
public $lang = 'en-GB';
public $secret = 'unique-secret-key-here'; // Generate unique value
// Server settings
public $force_ssl = 0; // 0=none, 1=admin only, 2=entire site
public $offset = 'UTC';
public $lifetime = '15'; // Session lifetime in minutes
public $session_handler = 'database';
// Mail settings
public $mailer = 'mail';
public $mailfrom = 'noreply@example.com';
public $fromname = 'My Joomla Site';
// Debug settings
public $debug = false;
public $error_reporting = 'default';
}
Access via: Administrator > System > Global Configuration
Set correct file permissions for security:
# Directories: 755
find /var/www/joomla -type d -exec chmod 755 {} \;
# Files: 644
find /var/www/joomla -type f -exec chmod 644 {} \;
# configuration.php: 444 (read-only after setup)
chmod 444 /var/www/joomla/configuration.php
# Set ownership (adjust for your web server)
sudo chown -R www-data:www-data /var/www/joomla
Writable directories (web server needs write access):
administrator/cache/cache/images/logs/tmp/$force_ssl = 2)/administrator for securityBack up:
Recovery test:
Every deployment is unique. We provide consulting for:
Get personalized assistance: office@linux-server-admin.com | Contact Page