How to score 100% in FPA?

Need help with the Administration of your Joomla! 5.x site? This is the spot for you.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
Post Reply
hackermade
Joomla! Intern
Joomla! Intern
Posts: 84
Joined: Thu Jan 25, 2024 9:15 am

How to score 100% in FPA?

Post by hackermade » Wed May 15, 2024 7:18 am

Hi there, i have setup a Joomla website and i have tweaked everything necessary to make it more secure and stable but I have still some red warnings going on, in cases like the Apache web server for example but I use nginx instead...

Forum Post Assistant (v1.6.7) : 15-May-2024 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 5.1.0-Stable (Kudumisha) 16-April-2024
Joomla! Configured :: Yes | Read-Only (444) |
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: true | .htaccess/web.config: No (ReWrite Enabled but no .htaccess?) | GZip: true | Cache: true | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: N/A | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 2 | Error Reporting: maximum | Site Debug: false | Language Debug: false | Default Access: Public | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 5.1.0: Yes | Database Supports J! 5.1.0: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 6.8.0-1005-oracle | Technology: x86_64 | Web Server: nginx/1.24.0 | Encoding: gzip, br | System TMP Writable: Yes | Free Disk Space : 41.30 GiB |

PHP Configuration :: Version: 8.3.6 | PHP API: fpm-fcgi | Session Path Writable: Yes | Display Errors: 0 | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 256M | Max. POST Size: 256M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 512M

Database Configuration :: Version: 8.0.36-2ubuntu3 (Client:mysqlnd 8.3.6) | Database Size: 13.71 MiB | #of Tables with config prefix:  134 | #of other Tables:  75 | User Privileges : GRANT APPLICATION_PASSWORD_ADMINUser Privileges : AUDIT_ABORT_EXEMPTUser Privileges : AUDIT_ADMINUser Privileges : AUTHENTICATION_POLICY_ADMINUser Privileges : BACKUP_ADMINUser Privileges : BINLOG_ADMINUser Privileges : BINLOG_ENCRYPTION_ADMINUser Privileges : CLONE_ADMINUser Privileges : CONNECTION_ADMINUser Privileges : ENCRYPTION_KEY_ADMINUser Privileges : FIREWALL_EXEMPTUser Privileges : FLUSH_OPTIMIZER_COSTSUser Privileges : FLUSH_STATUSUser Privileges : FLUSH_TABLESUser Privileges : FLUSH_USER_RESOURCESUser Privileges : GROUP_REPLICATION_ADMINUser Privileges : GROUP_REPLICATION_STREAMUser Privileges : INNODB_REDO_LOG_ARCHIVEUser Privileges : INNODB_REDO_LOG_ENABLEUser Privileges : PASSWORDLESS_USER_ADMINUser Privileges : PERSIST_RO_VARIABLES_ADMINUser Privileges : REPLICATION_APPLIERUser Privileges : REPLICATION_SLAVE_ADMINUser Privileges : RESOURCE_GROUP_ADMINUser Privileges : RESOURCE_GROUP_USERUser Privileges : ROLE_ADMINUser Privileges : SENSITIVE_VARIABLES_OBSERVERUser Privileges : SERVICE_CONNECTION_ADMINUser Privileges : SESSION_VARIABLES_ADMINUser Privileges : SET_USER_IDUser Privileges : SHOW_ROUTINEUser Privileges : SYSTEM_USERUser Privileges : SYSTEM_VARIABLES_ADMINUser Privileges : TABLE_ENCRYPTION_ADMINUser Privileges : TELEMETRY_LOG_ADMINUser Privileges : XA_RECOVER_ADMIN ON *.* TO `ab`@`localhost`
Detailed Environment :: wrote:PHP Extensions :: Core (8.3.6) | date (8.3.6) | libxml (8.3.6) | openssl (8.3.6) | pcre (8.3.6) | zlib (8.3.6) | filter (8.3.6) | hash (8.3.6) | json (8.3.6) | random (8.3.6) | Reflection (8.3.6) | SPL (8.3.6) | session (8.3.6) | standard (8.3.6) | sodium (8.3.6) | cgi-fcgi (8.3.6) | mysqlnd (mysqlnd 8.3.6) | PDO (8.3.6) | xml (8.3.6) | bcmath (8.3.6) | calendar (8.3.6) | ctype (8.3.6) | curl (8.3.6) | dom (20031129) | mbstring (8.3.6) | FFI (8.3.6) | fileinfo (8.3.6) | ftp (8.3.6) | gd (8.3.6) | gettext (8.3.6) | gmp (8.3.6) | iconv (8.3.6) | intl (8.3.6) | exif (8.3.6) | mysqli (8.3.6) | pdo_mysql (8.3.6) | Phar (8.3.6) | posix (8.3.6) | readline (8.3.6) | shmop (8.3.6) | SimpleXML (8.3.6) | sockets (8.3.6) | sysvmsg (8.3.6) | sysvsem (8.3.6) | sysvshm (8.3.6) | tokenizer (8.3.6) | xmlreader (8.3.6) | xmlwriter (8.3.6) | xsl (8.3.6) | zip (1.22.3) | Zend OPcache (8.3.6) | Zend Engine (4.3.6) |
Potential Missing Extensions ::

Switch User Environment :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Potential Ownership Issues: Maybe
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (755) | api/ (755) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 253212 | Threads: 2 | Questions: 351639 | Slow queries: 0 | Opens: 2258 | Flush tables: 3 | Open tables: 2096 | Queries per second avg: 1.388 |
Extensions Discovered :: wrote:Components :: Site ::
Core ::
3rd Party::

Components :: Admin ::
Core :: com_contenthistory (4.0.0) 1 | com_menus (4.0.0) 1 | com_finder (4.0.0) 0 | com_plugins (4.0.0) 1 | com_wrapper (4.0.0) 1 | com_workflow (4.0.0) 1 | com_tags (4.0.0) 1 | com_installer (4.0.0) 1 | com_banners (4.0.0) 1 | com_messages (4.0.0) 1 | com_admin (4.0.0) 1 | com_cache (4.0.0) 1 | com_actionlogs (3.9.0) 1 | com_scheduler (4.1.0) 0 | com_joomlaupdate (4.0.3) 1 | com_users (4.0.0) 1 | com_associations (4.0.0) 1 | com_categories (4.0.0) 1 | com_cpanel (4.0.0) 1 | com_newsfeeds (4.0.0) 0 | com_templates (4.0.0) 1 | com_redirect (4.0.0) 1 | com_languages (4.0.0) 1 | com_guidedtours (4.3.0) 0 | com_modules (4.0.0) 1 | com_fields (4.0.0) 0 | com_login (4.0.0) 1 | com_checkin (4.0.0) 1 | com_content (4.0.0) 1 | com_media (3.0.0) 1 | com_privacy (3.9.0) 1 | com_config (4.0.0) 1 | com_postinstall (4.0.0) 1 | com_mails (4.0.0) 1 | com_ajax (4.0.0) 1 |
3rd Party:: COM_REGULARLABSMANAGER (9.0.0) 1 | COM_ADVANCEDMODULES (10.0.21) 1 | COM_CONDITIONS (24.3.3300) 1 | com_admintools (7.5.3) 1 | com_akeebabackup (9.9.3) 1 | com_jaextmanager (2.5.3) 1 | com_jaextmanager (2.7.6) 1 | com_komento (4.0.3) 1 |

Modules :: Site ::
Core :: mod_whosonline (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_login (3.0.0) 1 | mod_users_latest (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_breadcrumbs (3.0.0) 0 | mod_articles_news (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_random_image (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_custom (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_tags_similar (3.1.0) 1 | mod_feed (3.0.0) 1 |
3rd Party:: mod_jacontentlisting (1.2.6) 1 |

Modules :: Admin ::
Core :: mod_login (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_submenu (3.0.0) 1 | mod_title (3.0.0) 1 | mod_frontend (4.0.0) 0 | mod_loginsupport (4.0.0) 0 | mod_sampledata (3.8.0) 0 | mod_messages (4.0.0) 0 | mod_privacy_status (4.0.0) 1 | mod_user (4.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_post_installation_messages (4.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_latestactions (3.9.0) 1 | mod_logged (3.0.0) 1 | mod_popular (3.0.0) 0 | mod_multilangstatus (3.0.0) 1 | mod_version (3.0.0) 0 | mod_guidedtours (4.3.0) 0 | mod_latest (3.0.0) 0 | mod_feed (3.0.0) 1 |
3rd Party::

Libraries ::
Core ::
3rd Party:: Regular Labs Library (24.3.4836) 1 |

Plugins ::
Core :: plg_extension_joomla (3.0.0) 1 | plg_extension_namespacemap (4.0.0) 1 | plg_extension_finder (4.0.0) 1 | plg_media-action_resize (4.0.0) 1 | plg_media-action_crop (4.0.0) 1 | plg_media-action_rotate (4.0.0) 1 | plg_behaviour_versionable (4.0.0) 1 | plg_behaviour_taggable (4.0.0) 1 | plg_behaviour_compat (5.0.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_actionlogs (3.9.0) 1 | plg_privacy_consents (3.9.0) 1 | plg_privacy_user (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_sampledata_multilang (4.0.0) 1 | plg_system_languagecode (3.0.0) 0 | plg_system_languagefilter (3.0.0) 0 | plg_system_guidedtours (4.3.0) 1 | plg_system_schedulerunner (4.1) 1 | plg_system_remember (3.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_httpheaders (4.0.0) 0 | plg_system_shortcut (4.2.0) 0 | plg_system_cache (3.0.0) 0 | plg_system_webauthn (4.0.0) 1 | plg_system_privacyconsent (3.9.0) 0 | plg_system_fields (3.7.0) 1 | plg_system_schemaorg (5.0.0) 1 | plg_system_redirect (3.0.0) 0 | plg_system_skipto (4.0.0) 1 | plg_system_actionlogs (3.9.0) 0 | plg_system_highlight (3.0.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_accessibility (4.0.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_task_notification (4.1) 1 | plg_system_jooa11y (4.2.0) 1 | plg_system_log (3.0.0) 1 | plg_quickicon_eos (4.4.0) 1 | plg_quickicon_overridecheck (4.0.0) 1 | plg_quickicon_privacycheck (3.9.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_downloadkey (4.0.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_task_site_status (4.1) 1 | plg_task_requests (4.1) 1 | plg_task_check_files (4.1) 1 | plg_task_privacyconsent (5.0.0) 1 | plg_task_rotatelogs (5.0.0) 1 | plg_task_globalcheckin (5.0.0) 1 | plg_task_sessiongc (5.0.0) 1 | plg_task_updatenotification (5.0.0) 1 | plg_task_deleteactionlogs (5.0.0) 1 | plg_api-authentication_basic (4.0.0) 0 | plg_api-authentication_token (4.0.0) 1 | plg_installer_override (4.0.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | plg_installer_folderinstaller (3.6.0) 1 | plg_installer_urlinstaller (3.6.0) 1 | plg_installer_webinstaller (4.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_confirmconsent (3.9.0) 0 | plg_content_pagenavigation (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_vote (3.0.0) 0 | plg_content_finder (3.0.0) 0 | plg_content_emailcloak (3.0.0) 0 | plg_actionlog_joomla (3.9.0) 1 | plg_webservices_privacy (4.0.0) 1 | plg_webservices_menus (4.0.0) 1 | plg_webservices_users (4.0.0) 1 | plg_webservices_plugins (4.0.0) 1 | plg_webservices_config (4.0.0) 1 | plg_webservices_newsfeeds (4.0.0) 1 | plg_webservices_banners (4.0.0) 1 | plg_webservices_installer (4.0.0) 1 | plg_webservices_tags (4.0.0) 1 | plg_webservices_languages (4.0.0) 1 | plg_webservices_content (4.0.0) 1 | plg_webservices_media (4.1.0) 1 | plg_webservices_messages (4.0.0) 1 | plg_webservices_templates (4.0.0) 1 | plg_webservices_redirect (4.0.0) 1 | plg_webservices_modules (4.0.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_subform (4.0.0) 1 | plg_fields_user (3.7.0) 1 | plg_schemaorg_article (5.1.0) 1 | plg_schemaorg_book (5.0.0) 1 | plg_schemaorg_organization (5.0.0) 1 | plg_schemaorg_event (5.0.0) 1 | plg_schemaorg_blogposting (5.0.0) 1 | plg_schemaorg_custom (5.1.0) 1 | plg_schemaorg_jobposting (5.0.0) 1 | plg_schemaorg_recipe (5.0.0) 1 | plg_schemaorg_person (5.0.0) 1 | plg_filesystem_local (4.0.0) 1 | plg_multifactorauth_yubikey (3.2.0) 0 | plg_multifactorauth_email (4.2.0) 0 | plg_multifactorauth_fixed (4.2.0) 0 | plg_multifactorauth_webauthn (4.2.0) 0 | plg_multifactorauth_totp (3.2.0) 0 | plg_workflow_publishing (4.0.0) 1 | plg_workflow_featuring (4.0.0) 1 | plg_workflow_notification (4.0.0) 1 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_user_joomla (3.0.0) 1 | plg_user_contactcreator (3.0.0) 0 | plg_user_terms (3.9.0) 1 | plg_user_profile (3.0.0) 1 | plg_user_token (3.9.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 |
3rd Party:: plg_editors_codemirror (6.0.0) 1 | plg_editors_tinymce (6.8.3) 1 | System - JA Content Type (1.2.4) 1 | PLG_SYSTEM_ADVANCEDMODULES (10.0.21) 1 | PLG_SYSTEM_ARTICLESANYWHERE (16.0.5) 1 | JA Demo Installer System Plugin (1.2.0) 0 | PLG_SYSTEM_ADMINTOOLS (7.5.3) 1 | PLG_SYSTEM_REGULARLABS (24.3.4836) 1 | plg_system_t4 (2.4.0) 1 | AcyMailing - Override Joomla emails (8.4.5) 0 | PLG_QUICKICON_AKEEBABACKUP (9.9.3) 1 | PLG_ACTIONLOG_CONDITIONS (24.3.3300) 1 | PLG_ACTIONLOG_ADVANCEDMODULES (10.0.21) 1 | PLG_ACTIONLOG_ADMINTOOLS (7.5.3) 0 | PLG_ACTIONLOG_REGULARLABSMANAGER (9.0.0) 1 | Ajax - JA Content Type (1.2.1) 1 | AcyMailing - Search emails in Jooml (8.4.5) ? | PLG_EDITORS-XTD_ARTICLESANYWHERE (16.0.5) 1 |
Templates Discovered :: wrote:Templates :: Site :: ja_blockk (2.1.1) 1 | cassiopeia (1.0) 0 |
Templates :: Admin :: atum (1.0) 1 |

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 9827
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: How to score 100% in FPA?

Post by AMurray » Wed May 15, 2024 9:39 am

You've got potential file ownership issues. ("Potential Ownership Issues: Maybe"). You need to check the file ownership on your server (refer to your web host for support).

You have SEF turned on but apparently do not have Ngnix configured properly. There is no ".htaccess" or "web.config" in Ngnix, you have to dig into the server configuration file (ngnix.conf (?)). That might be difficult unless you're hosting on your own server or VPS. (SEF: true | SEF Suffix: false | SEF ReWrite: true | .htaccess/web.config: No (ReWrite Enabled but no .htaccess?).

I don't know what "red flags" you mean. The extensions shown in red in the FPA are supposed to be red, they indicate third-party extensions (that's normal....)

The on-screen report that gives you a rating like "A+" this is the FPA's preliminary determination of the likelihood of Joomla running on your server. It's not as far as I know reporting on the security of the server.
Regards - A Murray
General Support Moderator

hackermade
Joomla! Intern
Joomla! Intern
Posts: 84
Joined: Thu Jan 25, 2024 9:15 am

Re: How to score 100% in FPA?

Post by hackermade » Wed May 15, 2024 10:46 am

Hi, thanks for the reply, red I mean the orange for .htaccess and Potential Ownership Issues not the 3rd party extensions. Now for the nginx, I use a vps and I have configured to work with SEF and URL rewriting, and the owner of the Joomla folders/files is the www-data, I cannot understand what happened....


Post Reply

Return to “Administration Joomla! 5.x”