Global Configuration
Global Configuration settings are important.
Your choice of settings may adversely impact your website's security and performance.
Read the Official Joomla! Documentation before changing the default settings.
Select the Global Configuration button in the System Panel of the Home Dashboard to review your website's global settings.
Global Configuration settings are listed under six tabs:
- Site,
- System,
- Server,
- Logging,
- Text Filters, and
- Permissions.
in the Global Configuration screen.
Global Configuration settings may also be reviewed and changed when you select the Options button displayed at the top right of many Dashboard screens.
You can also change Global Configuration settings by editing your website's configuration.php file which can be accessed via the File Manager of your website's Hosting Control Panel.
The following link explores the various elements of the Joomla! CMS configuration.php file.
Read more: Joomla 4 Configuration.php File Explained by Inmotion Hosting
Harden your website's security
From time to time the Joomla! Project may recommend that you make changes to harden your website's security.
When they do you will see an Installation Message in your website's dashboard after you update your website's Joomla! CMS.
Read more: Installation Messages.
We recommend that you password-protect the Administrator directory to hide your website's Dashboard from public view and protect it from a brute-force attack.
This can be achieved via the Directory Privacy screen in your Hosting Control Panel.
When Directory Privacy is enabled you will see a Login Panel like the one shown below before you see the Dashbaord Login panel.
You can further restrict access to your website's Dashboard by installing a Web Application Firewall (WAF).
We recommend Akeeba Admin Tools PRO.
Admin Tools PRO enables to both password-protect the Administrator directory and enable use of a secret URL to access your Dashboard.
Read more: Web Application Firewall.
Enhance User protection by adding an SSL Certificate to your website's domain.
SSL will encrypt user credentials when they sign in.
Read more: Use an SSL Certificate with your website.
Ensure that all Users with Special Permissions are not using weak user credentials.
We recommend using a long complex password and a unique unusual username.
Read more: Joomla! CMS Security.
You may also wish to consider using Multi-factor Authentication when you choose to publish the Login Module in the Front End. This will help protect your website from brute-force attack.
Read more: Joomla! CMS Multi-factor Authentication.
And change the default Access Level for the System - Debug Plugin from Public to Super User.
This last recommendation is prompted by an interesting article in the November 2022 issue of the Joomla! Community Magazine.
Contents include:
Site,
System,
Server,
Logging,
Text Filters,
Permissions.