Last year I had a Joomla site hacked and realized afterward (I was told actually and it was so very true) I'd done nothing to prevent it. At that point I removed all my Joomla sites and redid them in CSS-HTML, often using SSI.
A lot of recommendations include installing the configuration (and install?) files 'above the root'. I can move it there; no problem. But I can't figure out how to tell Joomla to look there for what it needs. Because I host several sites, my domains are add-ons in sub-directories so going above the root actually takes me two levels up. I think.
I found a site with instructions to write a new configuration.php file that would point to where the real one was housed. I couldn't make it work.
I'm not usually a dummy. I coded all my sites for years, pretty much moving along with the W3C's recommendations. But I don't know PHP and I do like the versatility and features a CMS gives me. Even with SSI, there's still a lot more work (duh!) in a hand coded site and it just doesn't do as much.
I'd like to go back to using Joomla (or some other if recommended) but I want to be as sure as I can that I've taken every precaution. Here's what I've done so far: used a different database, DB user, admin ID than was default in simplescript. I have a password so stiff I have to look it up each time.
So far I have no extensions; I'll deal with them later.
Sorry to be wordy. Any help will be greatly appreciated. And will perhaps save what's left of my sanity.