Would you like to be involved in the Mambo Open Source project? Join
the Mambo Foundation or become a member of Team Mambo. Learn more by
How do I secure my Mambo site?
A simple question with a complex answer! It is complex because security
issues arise from a variety of sources: your code, your server, the
other things running on your server, the users, etc. While Mambo itself
is relatively secure, you may still experience problems if the server
is compromised or if a user gives up a password. The basic steps you
should take however include:
There's more that you can do, but it is outside the scope of this FAQ.
- Do not unnecessarily leave directories open with CHMOD set at 777 (configuration.php in particular should be set to chmod 644)
- Delete your old installation directory (don't just rename it!).
- Implement HTTP access controls for your admin login.
- Make all your admin passwords at least 8 characters and containing symbols and numbers as well as letters.