This solution will close access to backdoors, thereby increasing the security of the site on Joomla. From personal experience, the site is often infected with a backdoor called FileMan. With a remote call, you get full access to the file system, you can change any files, while leaving the date of the last change, and not the current ones. We found such backdoors in the modules folder. Examples:
/modules/mod_system/mod_system.php
/modules/mod_systems/mod_system.php
/modules/mod_article/mod_system.php
/modules/mod_articles/mod_system.php
/modules/mod_articless/mod_system.php
Create a new file .htaccess. Add the instruction that is listed below. It prohibits the execution of scripts. Add it to all the root folders of the site.
Configuring Apache
Now let’s move on to configuring the security of the Apache web server, it processes the PHP code and returns the HTML code to the browser. It also needs to be configured. A number of difficulties may arise here, since not all servers have access to the php.ini file (it stores the Apache configuration). You can try to configure via .htaccess.
Improving site security
To fine-tune the site’s security and phishing protection, insert the following code into php.ini or into the Apache configuration: