In our first post we referred to the Joomla Administrator’s Security Checklist and in subsequent posts we have described some simple steps you can take to improve the configuration of your. Tom Canavan, the author of the Joomla! Web Security, wrote an interesting blog article about this issue.
What is the Permissions Issue?
Inexperienced Joomla users will sometimes install the product and set permissions to 777 (r/w/x) for everyone. This is a serious mistake! Unfortunately improperly configured servers, and the design of some extensions are often the culprits. By giving everyone the ability to read, write and execute files on the server, the user is exposing their account to the threat of serious hacking and abuse.
The Security Checklist referred to above advises that if your host that makes you setup your site this way – change host, and avoid extensions that will only run with the permissions set to 777. The advice is to always set folders to 755 and Files to 644.
How do I check and set the Permissions?
You can either do it through your website’s control panel (e.g. cPanel), assuming that you have access to it. Or you can use a tool to check and set the permissions. There is a free tool which can be downloaded from here which can be used to check and set the permissions for a Joomla! website.