This documentation details how to install PHPCredLocker, but there are a few pre-requisites
- MySQL (with an empty database already created)
- PHP > 5.2 (5.3 recommended as you can use OpenSSL instead of MCrypt)
- SSL certificate installed (optional, but highly recommended)
So long as you satisfy these requirements, you should be ready to install. Grab PHPCredLocker from GitHub.
Extract the archive into a directory on your webserver.
Permissions
Permissions may be correct straight away, but it's unlikely. Many systems will use 755 permissions, but for security reasons we cannot allow this (do you really want to allow all users to read your crypto keys?). So set the following permissions recursively (whether by using chmod or in your FTP/File Manager)
- /conf 760
- /plugins 760
- /sessions 760
Make sure the above directories (and their contents) are owned by whichever user your webserver runs as (if you use CPanel it'll generally be the same user as you log into CPanel as.). This may be nobody, apache, root (if so, you've got problems) or some other user (if you have suExec enabled).
Note: There's no reason you can't set all the PHPCredLocker files/directories to 760, but the ones listed above must be set to deny access to users who are not either the owner or part of the owning group - you could also deny access to group if you wished.
Read more…