Securing Joomla! – .htaccess file

A lot of chaos has happened over the last few weeks concerning non-secure Joomla! 3rd Party components. As a result, we have secured our site in every possible way. This includes utilizing the all-famous .htaccess file. Below is our version of our .htaccess file that keeps our site secure. We suggest you do the same:

# Use Options
Options +FollowSymLinks

# mod_rewrite in use
RewriteEngine On

# Base location
RewriteBase /

# Begin Rules for rewrite
RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional – see notes##
RewriteCond %{REQUEST_FILENAME} !.(jpg|jpeg|gif|png|css|js|pl|txt)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php
# End Rules for rewrite

# Add .htc files
AddType text/x-component .htc

########## Begin – Rewrite rules to block out some common exploits
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a

The Core Team
Editorial Staff Members at 'corePHP'
Editorial staff for the Core Technology Blog for 'corePHP' - news, views insights and advice for e-commerce, marketing technology , web design and development.

3 thoughts on “Securing Joomla! – .htaccess file

  1. g1smd

    The above code is very many years old and does not work.

    The blocking code at the bottom cannot protect the site because the code at the top has already internally rewritten the request.

    Grab a copy of the htaccess.txt file that comes with Joomla 1.5.23 or 1.6.2 or later. It contains a number of enhancements.

Comments are closed.