The Joomla Training Cohort has been launched!

Please send any feedback or bug reports to (opens new link)  



00:00 - Introduction and Acknowledgments

01:13 - Highlighting Joomla 4.2.8 Security Release

01:44 - Strongly Advised Password Renewal

02:17 - Accessing Configuration.php File

03:03 - Changing Database User Password

03:37 - Identifying Database User in cPanel

04:14 - Generating and Updating Database User Password

04:44 - Updating Configuration.php File with New Password

05:14 - Saving Changes and Verifying Site Functionality

05:57 - Understanding SMTP and Its Password in Configuration

06:32 - Accessing Email Account in cPanel for SMTP Password

07:03 - Changing SMTP Password and Updating in Configuration.php

07:38 - Saving Changes and Conclusion




Introduction and Acknowledgments: Tim Davis addresses the importance of revisiting advice for Joomla versions under 4.2.8 and acknowledges the contribution of Allison for pointing out the missed instructions.

Highlighting Joomla 4.2.8 Security Release: Tim emphasizes the significance of updating to Joomla 4.2.8 due to a critical vulnerability present in versions 4.2.7 and below.

Strongly Advised Password Renewal: Tim stresses the need to renew passwords for all credentials stored in the global site configuration, including database, SMTP, redis, and HTTP proxy.

Accessing Configuration.php File: Tim demonstrates accessing the configuration.php file through cPanel, which stores crucial site configuration details.

Changing Database User Password: Tim navigates to cPanel's MySQL databases section to identify and change the password for the user accessing the Joomla site's database.

Updating Configuration.php File with New Password: Tim updates the configuration.php file with the new database user password to ensure proper site functionality.

Understanding SMTP and Its Password in Configuration: Tim explains SMTP (Simple Mail Transfer Protocol) and its relevance in Joomla's configuration, highlighting the importance of updating its password for outgoing mail.

Accessing Email Account in cPanel for SMTP Password: Tim accesses the email account associated with SMTP settings in cPanel to change the SMTP password.

Changing SMTP Password and Updating in Configuration.php: Tim generates a new password using Bit Warden, updates it in cPanel, and then reflects the change in the configuration.php file.

Saving Changes and Conclusion: Tim ensures all changes are saved and advises viewers to update their Joomla sites promptly, ensuring security and proper functionality.


In this video, Tim Davis provides comprehensive guidance on updating crucial passwords for Joomla sites running versions under 4.2.8, covering database user passwords and SMTP settings. By following these steps, Joomla site owners can enhance their site's security and functionality.

Please send any feedback or bug reports or queries to;

Contact Tim Davis ► This email address is being protected from spambots. You need JavaScript enabled to view it.

Joomla Training Cohort ►

JTC has been launched and is now accepting members ►
Backing Up Your Joomla Site with Akeeba ►



Interesting blog? Like it on Facebook, Post it or share this article on other bookmarking websites.

Written by:
Tim Davis is the founder and owner of Cybersalt.
Log in to comment

Add comment