A complete guide on how to move a Joomla website from localhost to a live server and secure it

source: https://www.todhost.com/blog//a-complete-guide-on-how-to-move-a-joomla-website-from-localhost-to-a-live-server-and-secure-it.html

We have received numerous questions regarding how to upload a Joomla website from localhost to a live server. In this article, we will try to d a step-by-step guide on how to upload from local host to a live server and also provide some clue regarding the net steps which should follow a successful installation of your Joomla website.

We presume that you have successfully installed your Joomla website on your local machine and you are also done with your website design on your local computer. Let's now get started with uploading to a live website.

Prepare for the upload

You will need to get your files ready for upload to a live server. If you have a filemanager tool on your live server, you should be able to upload without issues.

Locate your joomla files on your local computer. This should be located somewhere in /wamp/ on your drive C. You can simply clic the WAMPServer icon and click the www directory to access your joomla files.
It is presumed you have a utility software like WinRar or WinZip installed on your local machine. If not, then you will have to install immediately, it will save you some trouble.
Right click on the applicable folder and click "add to archive" You will now have a zipped file with the same name as your Joomla folder.
Upload the zipped file to your live server. Before you do that, make sure that you have created a static index page so that your website will show your blank page instead of allowing your zipped file to be accessible to visitors.
To create a blank page, simply click the create new file button in file manager. Name your new file as "inde.htm" and save. Now you can proceed to upload your zipped Joomla file.
Extract your zipped file when upload is complete. To do this, Check on the top icons and you will find "extract" Highlight your zipped file with a simple tap and click the extract button. The extraction will commence and display all extracted files when complete. Make sure it does not show any errors. Any errors will suggest that the uploaded file was corrupt. You will need to re-upload the files as bad internet connectivity can create a problem for safe upload.
The other way to do a safe upload is to use an FTP software.
Now, lets assume your upload was successful without issues, you now have to move on to the next steps which is to setup your configuration.

Create Database Information

Now you will need to create your website database and password. There is a simple tool available on your web hosting control panel to do this.

Login to your website control panel at domain_name/cpanel

Authenticate your login with the appropriate username and password.

Now, scroll down to the section on databases and click create database.

Enter database name - just a simple word which could correspond with your website name.
Enter the database password - you can use the online password generator to have a strong password.

PLEASE save this information as you will need it later.

Configuring Your Live Joomla Website

Open the configuration.php file. You can use the online file editor to do that. There are a few edits that will be necessary at this time.

Locate the database name: enter the name of the databas you earlier created along with your site username. Something like: username_database name
Locate the Database password: Enter the password you used when you created your database earlier.
Lacoate user: change it to the username of your website.

At this point, if you have provided the right information, your website should now be live on the internet.

If you try to view with your domain name, you will still come accross the white screen. Remember we created it to protect our uploaded files. But wait, there is still a couple of changes to mae before you delete the index.htm file which will remove the white screen

You will now need to change the admin password.

To do this, login to the administrator section of your website. This will usually be located at http://yourdomain.com/administrator

Enter your username, by default, the Joomla admin username will be "admin"

Enter the password you used while you setup your Joomla installation on localhost.
From your Joomla backend, Go to users > user manager.
A list of all the users will be displayed. Click on the admin username to proceed. Now you can change the password and even change the admin username to something else. Caning the admin username from the default is a security measure and helps to strengthen your Joomla website security.
Save your changes.

The Next steps

Now you will need to rename the htaccess.txt to .htaccess, adjust global configuration settings like fix the path to your log files, temporary files, enable cache settings, session duration, error reporting, captcha-recaptcha, and restrict access to some folders for security reasons.

Begin by renaming the .htaccess file.
You can open the htacces.txt file with a file editor like “context programmers editor” You can install that software in few simple clicks on your laptop. Then save it as .htaccess and upload to the server. You will then need to delete the htaccess.txt file once you complete this upload.
The other way to rename the htaccess.txt file to .htaccess is to use the online file manager. Simply tap on the htaccess.txt file and click the rename button. Tpe the new name and save your changes.
Once you have done that, you can now proceed to change some global configuration settings.

Adjust Site settings in global configuration
Go to system > Global Configuration > SEO settings and set Use URL rewriting to yes. Before you do this, make sure you have renamed the htaccess.txt file to .htaccess. You will leave other SEO settings the way they are. Except you have good reasons to do so, it won’t be necessary to add suffix to url, all site name to page titles or set Unicode aliases to yes.
Set Captcha setting to Captcha-ReCaptcha. To get this working, also go to Extensions > Plugins > Captcha-ReCaptcha and get a site and secret key for your domain from Google Captcha at http://www.google.com/recaptcha Once everything is done correctly, save the settings.

Adjust system settings in global configuration
Go to system > Global Configuration > System settings and change the path to log folder from something like: C:\wamp\www\galileemarine/logs to something like /home/site_username/public_html/logs
Change your cache settings to the conservative cache settings. We recommend that you do not bother use the progressive caching option. To enable the cache settings to work, enable cache from Extensions > Plugins > System-Page Cache. Once done, save your settings.

You may want to change session lifetime to 30 mins or more so that you do not get sign out interruptions when updating your website.

Adjust Server settings in global configuration
Go to system > Global Configuration > Server and change the path to temp folder to: /home/site_username/public_html/tmp
You will not need to bother adjusting the GZip compression settings.
Set “error reporting” to “none”
Leave the https settings except you run an SSL on your site and want to enable the use of SSL.

Secure Your Joomla Installation From Exploitation
There are several measures that should help your website security. For our purposes here, we are concerned with the basic measures need to be taken after an installation. This will include securing all the folders with an access restriction. Take the following steps:

1. Create a .htaccess file in all the folders you need to secure which must include all folders on your Joomla installation apart from the images folder. Makke sure you secure all the folders on your installation and take nothing for granted.
2. Below is a sample code you could place in the .htaccess to secure it from unpermitted access:
order deny,allow
allow from 28.206.
allow from 20.74.121.102
allow from 308.74.121.106
allow from 108.74.120.227
allow from 180.229.24.78
allow from 19.211.
deny from all

When you create a.htaccess file in each folder and place these codes in it, you actually deny access to the IP addresses not listed in the code. That way, unpermitted access is not allowed. This way, you will be able to deal with most exploitation caused by outdated but genuine plugins and other extensions.

At this point, you can proceed to delete the inde.htm, that static page you used to keep visitors away from all the installations you were doing, if you have not done it already. Your website is now good to be promoted to users.