How to set up Joomla! after installation

Congratulations on installing your Joomla! website! Before you begin working with design and adding content, there are some configuration and security steps we recommend you take in order to make your site as reliable and safe as possible.

Securing Joomla!

After you install Joomla! there are a few things you should do to secure your installation:

Install the latest version of Joomla!

Only install the latest stable version available on the official Joomla! download page. Regularly log in to your Joomla! administrator back-end and check for updates. When an update is available, you’ll see a notification in the control panel.

Change the default administrator username

The default administrator username in all Joomla! installations is admin. By changing the default username, you make it significantly more difficult for someone to guess the log in credentials. To change the administrator username, log in to your Joomla! administrator back-end and go to UsersManage.

In the list of users, click Super User.

Change the Login Name to something that is easy for you to remember but hard for someone else to guess. Click Save & Close.

Change the location of logs and temp files

Another important way to improve site security is to ensure that all writable directories and files, such as image and document repositories, are located outside the public_html directory. This prevents unauthorized access via a web browser. To move the log directory, log in to your Joomla! administrator back-end and go to System Global Configuration.

On the System tab, change the Path to Log Folder to a location outside the public_html directory. In our example, we’re changing the path to /home/joomla/logs. Click Save.

On the Server tab, change the Path to Temp Folder to a location outside the public_html directory. In our example, we’re changing the path to /home/joomla/tmp. Click Save & Close.

Delete unnecessary files

Do not leave unnecessary files anywhere on the web server. Remove installation files and compressed files after they’ve been used and regularly check and clean your temp directory.

Working with extensions

Joomla! extensions are a great way for you to customize the design and functionality of your site, but there are some guidelines to keep in mind to prevent potential problems.

Back up your site and database

Before you install an extension, we recommend that you back up your website and database. If the extension causes unexpected problems with your site, you’ll be able to restore it to the most recent working version. You can use a backup extension, such as Akeeba Backup or use the method described in the How to back up your HostPapa website knowledge base article.

Check for vulnerabilities

A vulnerable extension is one that contains a flaw that makes it a security concern. Joomla! maintains an active list of vulnerable third-party extensions. You should check this list before you install any third-party extensions. For more information, see What is a vulnerable Joomla! extension?

Test the extension

Test all extensions on a test or development site before you install it on your live site.

Uninstall unnecessary extensions

Uninstall all unnecessary and unused extensions. After the uninstallation, check that the extension’s files and folders were deleted and any associated user accounts are disabled.

Security tips and resources

The following additional tips will help you secure your Joomla! website:

  • Use SSL – SSL adds an extra layer of security by encrypting all data that passes between the web server and web browser. For more information, see How to enable SSL for Joomla!
  • Use .htaccess for password protection – Protect important and administrative directories with .htaccess password protection. For more information, see What is .htaccess?
  • Visit the Joomla! security forum – The Joomla! security forum is an active community of Joomla! users and developers. You’ll find answers to common and not so common security concerns and all the latest Joomla! security news.

More information

For more information about Joomla! security, see Security checklist for your Joomla! installation and Beginner’s Guide to Joomla! in the HostPapa knowledge base.

If you have any questions or need help, you can always contact HostPapa Support by opening a support ticket. Details about how to open a support ticket are here.

Related Articles