Unfortunately, the username and password you have entered do not match!


Unfortunately, this username is already taken!

Unfortunately, this e-mail address is already used!

Please retype the verification code.

All fields are required

File and Folder Access Check - Checking if configuration.php is outside of public html

File and Folder Access Check - Checking if configuration.php is outside of public html

There are several ways to protect such sensible files from public access, but most of them are not as feasible. A good way to protect your configuration.php file is to simply move it to a non-public folder. However, note that this isn't a simple copy and paste operation, certain modifications have to be made. Below we will provide step by step instructions on how to achieve this.

Step 1 : Move configuration.php to a safe directory outside of public_html.

Step 2: You will have to modify the /includes/defines.php and /administrator/includes/defines.php files, more precisely, this constant:

If, for example you wish to move the file up one level and into a folder named "test" the constant will look like this:
define( 'JPATH_CONFIGURATION', JPATH_ROOT.DS.'..'.DS.'test' );

Step 3: Make sure the configuration.php is not writable at all, so that it can not be overridden by com_config.

Step 4: If you need to change configuration settings, do it manually in the relocated configuration.php.


Using this method, even if the Web server somehow delivers the contents of PHP files, for example due to a misconfiguration, nobody can see the contents of the real configuration file. Having into consideration the downside if not beeing able adjust the global settings it is still a good method of protecting against mallacious attacks.

If you are using Joomla! 3.x, within step 2 you will have to use "/" instead of "DS". Example:
define( 'JPATH_CONFIGURATION', JPATH_ROOT.'/../test' );