Protecting against predictable resource location

• Change open source defaults

  .
  
  

  • phpMyAdmin config
  • Joomla administrator
  • etc.

• Stay away from obvious names

  .
  
  

  • Usernames or roles: admin, administrator, etc.
  • Database column names: name, password, etc.
  • Directory paths: installation, config, etc.

• Default php.ini settings to change

  .
  
  

  • session.name parameter

• php.ini settings which should be set

  .
  
  

  • date.timezone
  • default_charset

• php.ini settings which should NOT be set

  .
  
  

  • mysqli.default_user, mysqli.default_pw.
  • pdo.dsn.*.