Secure your standalone scripts used in a Joomla site

Joomla has everything you may need. Right? If you take a look to the Joomla Extensions site, you may agree with this. But, as always, there may be cases, when the above statement is wrong. For specific need he simplest approach may be to use for specific purposes a standalone script. You can solve the problem - apparently - by using Joomla's wrapper feature, and use your scripts as they where part of your Joomla site. Almost perfect solution you may think... but your scripts are directly accessible by their physical URL, not only through the Joomla interface. What you can do about?

A lot. And surprisingly easily.

If you Google around, you will find almost instantly a .htaccess code, which, for couple of reasons won't work in your Joomla install. But the solution is almost there, you need only to modify slightly the code you find this way.

The tip below is tried for Joomla 1.0.15, but probably will work without a hitch in any version (including Joomla 1.5.*/1.7.*versions). Let's say:

  • Your website domain is
  • You have some individual PHP scripts under a folder called /scripts
  • You are using the Joomla wrapper and wrap your PHP scripts nicely through the admin interface and only registered members can access the scripts.

However, if you type on the browser, you find out that anyone can execute the script without registering/logging in to your Joomla site!

So the easy solution, is to put a .htaccess file inside your /scripts folder to block direct access to the folder or the scripts. In the same time sure that use as title of your wrapper something different from the real script URL!

Your .htaccess file should contain:

RewriteEngine On
# Blocking direct access
RewriteCond %{HTTP_REFERER} !^*$ [NC]
RewriteCond %{HTTP_REFERER} !^*$ [NC]
RewriteCond %{REQUEST_URI} scripts [NC]
RewriteRule .* - [F]

This will actually block any access if the URL contains "scripts". This will work, because Joomla's wrapper doesn't tell you the directory name, but instead is using the Wrapper title that you specified on the Administration. So as long as you don't put in the same name as the script folder, this will work.


  • Replace with your real site's URL.
  • Replace scripts with your own folder name
  • Upload the .htaccess file to your folder that you want to protect
  • Test that going to the script using Joomla Wrapper's URL works
  • Test that typing straight on your browser to the PHP scripts gives you the Forbidden error message

Hope this helps. Thanks for original tip to Michael Aulia !

For internetten para kazan please check musaerdogmusgooglekazanclari website and see internetten para kazanmak.