I've read the articles on security but I just wanted to check that I've done everything ok before I launch my site.

Hopefully it will serve as a good check list for future users:

So here's what I've done, have I missed anything?

- using the latest XOOPS version
- using the latest versions of modules and have picked ones that appear to be actively maintained
- installed protector
- changed mainfile permissions to 444 (in root folder)
- changed "check for template modidfications" to "NO" (in Preferences Main >> general settings)
- Using an administrator password that's pretty obscure (random letters & numbers)
- htaccess file is in my root folder

Have I missed anything?

And a couple of questions:


1. I saw mention that all folders should have an index file - does this include folders inside my root but not part of the XOOPS system?

2. Do I need to remove my phpMyAdmin? Its in my root folder? Can I move it to a subfolder and keep using it?

Thanks a lot!!!!

1) yes you should place one in every folder thats accessible from the web in any way

2) You don´t need to have phpmyadmin accessible from your Websites domain. Just create a subdomain like [obscure name].yourwebsite.com which you will point to a different rootfolder on you webspace. Install and use it from there since it does only access the database there is no need to have it under your websites subdomain (www).

Whether or not phpmyadmin is hidden, it should be protected. Configure it to use cookie or http authentication, and ensure that all MySQL users have strong passwords.

I never said thanks - so thanks!

Also, make sure FTP and webhosting account password is strong.

Most important thing is not in list: backup site!