Join 3,438 readers in helping fund MetaFilter (Hide)


Webhost changes security settings on server and breaks Joomla
July 17, 2009 11:27 AM   Subscribe

A webhost my company uses just changed the security settings and now Joomla no longer works correctly. Are these new security settings industry standard and what should I do?

You can see the security settings here and the real problem seems to be that php ini.set is disabled, which Joomla needs. I don't know enough about security and coding to know what to do here. My options are to switch to a low security server, described here, try to reconfigure Joomla somehow, switch to a new CMS package or switch to a new web host.

I guess I need to understand what web hosts usually do with Joomla.

Also, my current webhost is nomonthlyfees.com which has had pretty poor tech support lately.
posted by clockworkjoe to Computers & Internet (4 answers total)
 
If you are paying (or prepared to pay) the $20 a month option I'd consider moving over to mediatemple for hosting, couldn't recommend them enough. If you do a google search for "ini_set() disabled joomla" you should find a few threads that mention making changes to a few files that might work for you.

On one of the threads someone mentioned
i read in another thread on the french board that you can simply add "@" in front of every occurrence of the word "ini_set" in libraries/joomla/session/session.php
Would do no harm to try it.
posted by twistedonion at 11:44 AM on July 17, 2009


You don't get what you don't pay for.
posted by rhizome at 12:21 PM on July 17, 2009


Funny. I had a horrible mediatemple experience and can't recommend you stay away enough, so there's how much one anecdote is worth, I guess. You can find love stories and horror stories about every hosting provider, I'm sure.

They don't want to be responsible for the security holes in ini.set, but that seems like a losing battle, as PHP systems in general aren't exactly 'high security' to begin with. Many providers break high/low security based on whether things like PHP and WebDAV are installed, and there's some sense to that... though I've not seen anyone get finer-grained than that until your example.

Since you're not comfortable enough mucking around with the technical side of things, you could look for a hosting provider that's especially Joomla-friendly.
posted by rokusan at 1:46 PM on July 17, 2009


i read in another thread on the french board that you can simply add "@" in front of every occurrence of the word "ini_set" in libraries/joomla/session/session.php
Keep in mind that is a PHP-ism meaning, "If this breaks, pretend it didn't and just keep going." It won't actually cause the ini_set() command to work if the ISP still has things locked down.
posted by verb at 5:19 PM on July 27, 2009


« Older I've just got a hold of my cla...   |  What crazy looking instruments... Newer »
This thread is closed to new comments.