glFusion takes security very seriously. Because of our commitment to security, we have designed glFusion so that files that are not directly accessed via the web can be stored outside the web root in the private/ directory. This minimizes the attack surface a hacker can use to attempt to exploit your site.
We understand that not all hosting providers allow you to store files outside the web root, so you can install the private/ files inside your web directory, but you should take a few extra steps to better safeguard those files.
Installing the private/ directory in the public web space
- Create an inconspicuous directory (i.e. don't name it “glfusion” or “private”) in your root web directory.
- Place these system files (everything within the private/ directory) in that new directory.
- Password protect it using an .htaccess file or similar. For help creating an .htaccess file, contact your hosting provider.
If you need assistance in securing this directory, check with your hosting provider first. If they are unable to assist you, feel free to post a call for help in the glFusion support forums.
Also, if your hosting provider has enabled open_basedir restrictions, you may want to consider following the directions above and store the private/ files inside the public web directory.
glFusion must know where you have installed the private/ directory. This is the directory that contains the db-config.php.dist file. Please enter the full, absolute path to this directory.
The absolute path is the full path on the server (not your site's web address). If you don't know the absolute path, check with your hosting provider to obtain this information.
Generally, the installer can find the path to your public_html/ folder automatically. In the right panel of this screen we display the absolute path to your current public_html/ directory. This might help you determine the correct path to your private/ directory.
Normally, you should not need to enter this information, as the glFusion installer will automatically set these paths based on what you enter for the private/ directory. But, if there is a conflict with an existing directory, or you simply want to move the logs, language, backup, or data paths to a non-standard location, enter the absolute path to each of the locations you wish to override the default setting.
This is the location where glFusion will create and store its log files.
This is the location where glFusion will look for the core language files.
This is the location where glFusion will create and store database backups.
This is the location where glFusion will create its cache files and also create temporary directories for various system functions.
Absolute Path Definition
Also known as the full path, the absolute path is a path that contains the root directory and all other sub directories required to get into the directory you're currently in or wish to get to. Below is a basic example of a generic path and an absolute path.
Absolute path: /home/users/c/computerhope/public_html/cgi-bin
Non absolute path (relative path): public_html/cgi-bin
As can be seen from the above example, the absolute path contains the full path instead of a few directories contained within the absolute path.