Credits: Video Training produced by Brian Teeman
Transcript of this course
In earlier versions of Joomla the database table prefix and the super administrator ID were fixed and very difficult for you to change. Because these were known variables, it's a good idea for security to randomise them.
If this joomla installation is a brand new one using Joomla's own installer then that's already been done for you. But if you are upgrading from a previous version of Joomla, or perhaps installed through your hosts control panel using their own installer, it may be necessary for you to check the database table prefix and the super administrator id.
To do this if you select the Database table prefix editor you will see the current prefix and the new prefix. If you wish to change it you simply click on the orange box and your database tables will all be renamed and your site will continue to function as before, except more secure because it's not using a known variable. Click on the back icon to return to the control panel.
Changing the Super Administrator ID is also very similar. Select the icon and you may see a warning message indicating that it couldn't load a user with an ID of 42 which is great as you can see in the second message because it suggests that we are already using a secure Super administrators ID. If you were using a Super Administrators ID of 42 you will see a screen message looking like this.
In order to change the ID it is very important that you read this screen before clicking on the button. To change the ID go ahead and click on Change my Super Administrator ID. As you can see it is asking me to confirm that I'm aware that in the future I will still be logging in with the same username. The Super Administrator ID has now been changed and we should log out of our web site and log back in as that super user.
Notice that the username had not changed. If I go to the User Manager now I will see two users, one enabled and one disabled. We can go ahead and select the disabled user and delete it. We now return to our admin control panel and select the Super Administrator ID. You can see that message to confirm that we already using a secure Super Administrator ID. So click on the back button to return.
The final tool that is useful for people who have upgraded previous web sites is the Permissions Tool. All files on a web server have certain permissions for better security and so should directories.
If you select Permissions Configuration you will see that the default permissions for directories will be set to 755 and for files to 644. This is a good default setting. If you wish to change that you can select it from the dropdown and then save the default permissions. In addition, you can also set the permission for specific folders by selecting here or even for specific files by selecting them here on the right hand side the default values.
As a general rule 755 for folders and directories and 644 for files is sufficient. If you've made any changes make sure you save them otherwise click back. Now if you want to ensure that all the directories and files on your web server have the correct permissions all you need to do is to click on the Fix Permissions button. This is now going through all the files and directories on your web server and setting the permissions that we configured in the previous screen.