Question: How can I protect my Joomla 2.5 configuration.php file from possibly being viewed due to server misconfiguration?
Answer: Move it to the |Home directory (above public_html directory) which can only be accessed via FTP or CPanel File Manager.
Pros: configuration.php will be better protected and your site will be more secure.
Cons: No longer possible to edit configuration.php via Global Configuration in Joomla Administrator. The file must be manually edited.
Step 1: Move configuration.php from the public_html directory (folder) to the Home directory above using FTP or CPanel File Manager.
Tip: If you have more than one Joomla site involved make a folder for the file to keep it separate otherwise it could be overwritten. eg:(/home/cpanelusername/sitename/configuration.php)
Step 2: Edit the files that contain the path to configuration.php.
[joomla root]/includes/defines.php
[joomla root]/administrator/includes/defines.php
This is the constant to modify
define( 'JPATH_CONFIGURATION', JPATH_ROOT );
For example if Joomla is installed in the public_html folder (web root) then to move the file up one level into the Home directory and into a folder named "sitename" the constant will look like this:
define( 'JPATH_CONFIGURATION', JPATH_ROOT.DS.'..'.DS.'sitename' );
The DS = / on Linux and \ on Windows. ../ or ..\ moves up a directory level.
The Joomla 3.x method for hiding configuration.php is similar, but slightly different.
