Moving some parts of Joomla out of public directory

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
JasynL1977
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Thu Sep 06, 2007 5:14 pm

Moving some parts of Joomla out of public directory

Post by JasynL1977 » Tue Sep 18, 2007 9:35 pm

I am attempting to move some parts of Joomla, like the Control Panel, to a more secure location (Where I would implement SSL). Furthermore, I want to rename the directory of the Control Panel to something other than Administrator.

I was wondering if, as long as Joomla can FTP to the location, does the Control Panel and other such directories have to be in the same location? If it is possible to move these files and folders, which ones am I able to move? And how would I configure the index.php file and include/defines.php in both the front-end and administrator sections so that the application does not break?

I managed to configure the front-end to talk to the necessary files that I put in the protected location. However, I was not able to make the control panel work simply I was not able to get all of the paths to point to the correct locations.

Is this a vain attempt or is there an easier solution that I am overlooking?

I appreciate your feedback!

Thanks and have a good day.

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Moving some parts of Joomla out of public directory

Post by RussW » Wed Sep 19, 2007 2:11 am

It would probbly be simpler and easier to manage (if you hack core files now, what are you going to do if they change and need to be overwritten in later upgrades?) to just implement .htaccess protection for the Administrator directory.

I believe there is an FAQ on the Help Site to explain this process fully and nost hosting Control Panels have this facility built in.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

JasynL1977
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Thu Sep 06, 2007 5:14 pm

Re: Moving some parts of Joomla out of public directory

Post by JasynL1977 » Wed Sep 19, 2007 12:26 pm

I can see that you are definitely right about it being much easier. It would be nice if the Control Panel was more loosely coupled, but I will just implement other security measures as you suggest. Thanks!

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Moving some parts of Joomla out of public directory

Post by RussW » Wed Sep 19, 2007 1:49 pm

My understanding is that the coupling of such things is under review and is being planned for in future releases (most likely beyond v2.0) I believe the Dev site might have more information regarding the futures beyond v1.5, FYI.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/


Locked

Return to “Security in Joomla! 1.5”