Unfortunately, the username and password you have entered do not match!

Registration

Unfortunately, this username is already taken!

Unfortunately, this e-mail address is already used!

Please retype the verification code.

All fields are required

File and Folder Access Check - Checking if configuration.php is outside of public html

File and Folder Access Check - Checking if configuration.php is outside of public html

There are several ways to protect such sensible files from public access, but most of them are not as feasible. A good way to protect your configuration.php file is to simply move it to a non-public folder. However, note that this isn't a simple copy and paste operation, certain modifications have to be made. Below we will provide step by step instructions on how to achieve this.

Step 1 : Move configuration.php to a safe directory outside of public_html.

Step 2: You will have to modify the /includes/defines.php and /administrator/includes/defines.php files, more precisely, this constant:
define( 'JPATH_CONFIGURATION', JPATH_ROOT );

If, for example you wish to move the file up one level and into a folder named "test" the constant will look like this:
define( 'JPATH_CONFIGURATION', JPATH_ROOT.DS.'..'.DS.'test' );

Step 3: Make sure the configuration.php is not writable at all, so that it can not be overridden by com_config.

Step 4: If you need to change configuration settings, do it manually in the relocated configuration.php.

Note:

Using this method, even if the Web server somehow delivers the contents of PHP files, for example due to a misconfiguration, nobody can see the contents of the real configuration file. Having into consideration the downside if not beeing able adjust the global settings it is still a good method of protecting against mallacious attacks.

If you are using Joomla! 3.x, within step 2 you will have to use "/" instead of "DS". Example:
define( 'JPATH_CONFIGURATION', JPATH_ROOT.'/../test' );

Feedback