Have to thank friesengeist of the Joomla core team for this very nice tip for your Joomla or Mambo site.

This tip explains how to move your configuration.php file outside of your webroot as well as making it unwritable by the server. That makes it nearly impossible for someone to corrupt or gain access to the information in the file.

The first step is to move the file. If you use a host with cPanel, then your webroot is /home/USERNAME/public_html, where USERNAME is your cPanel username. (The tip is easy to adapt to other hosting environments too, ask us, if you don't know, how!) Joomla can access files located at /home/USERNAME, but those files cannot be directly accessed from the internet. Login to your favorite FTP program and download your configuration.php from /home/USERNAME/public_html/configuration.php . Rename it to 'site.conf' then upload it to /home/USERNAME/site.conf.

Now that we've uploaded it to the new location we need to edit the original configuration.php file. Open it in your favorite text editor and replace the contents of the file with the following:

		 require( '/home/USERNAME/site.conf' );
	?>
	

Make sure to replace USERNAME with your cPanel username. Then upload the new file to /home/USERNAME/public_html/configuration.php. At this point your site should still function normally.

Next, we need to make the file unwritable by the server. Most FTP programs allow you to do this. Right-click on the /home/USERNAME/site.conf file and select the option to edit permissions (normally 'Permissions' or 'Info') and change the permissions to 444. This lets the server read the file without any problems, but it will not be able to edit the file.

If you ever need to edit the file you will need to change the permissions back to 644 before making your changes.

You can view the thread that inspired this post at http://forum.joomla.org/index.php/topic,122450.0.html

---

Add this page to your favorite Social Bookmarking websites