Global Configuration settings are important.
Your choice of settings may adversely impact your website's security and performance.
Read the Official Joomla! Documentation before changing the default settings.
Select the Global Configuration button in the System Panel of the Home Dashboard to review your website's global settings.
Gobal Configuration settings are listed under six tabs:
- Text Filters, and
You can review the settings for every element of your website via the Global Configuration screen.
You can also review the Global Configuration settings for any one element (example, Users or Articles) when you select the Options button displayed at the top right of the Dashboard.
In this article we cover the key settings which can be changed in the main panel of the Global Configuration screen.
Harden your website's security
From time to time the Joomla! Project may recommend that you make changes to harden your website's security.
When they do you will see an Installation Message in your website's dashboard after you update your website's Joomla! CMS.
We recommend that you password-protect the Administrator directory to hide your website's Dashboard from public view and protect it from a brute-force attack.
This can be achieved via the Directory Privacy screen in your Hosting Control Panel.
When Directory Privacy is enabled you will see a Login Panel like the one shown below before you see the Dashbaord Login panel.
You can further restrict access to your website's Dashboard by installing a Web Application Firewall (WAF).
We recommend Akeeba Admin Tools PRO.
Admin Tools PRO enables to both password-protect the Administrator directory and enable use of a secret URL to access your Dashboard.
Enhance User protection by adding an SSL Certificate to your website's domain.
SSL will encrypt user credentials when they sign in.
Ensure that all Users with Special Permissions are not using weak user credentials.
We recommend using a long complex password and a unique unusual username.
You may also wish to consider using Multi-factor Authentication when you choose to publish the Login Module in the Front End. This will help protect your website from brute-force attack.