joomla – Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 joomla – 32 32 Joomla Security Tips Part 4 Thu, 10 Jun 2010 16:00:07 +0000 Joomla login screen
Here are a few more Joomla security tips to help you make sure your Joomla installation is rock-solid.

1. Create strong passwords. You should change your administration password often and use a combination of upper and lowercase letters and numbers. Avoid using dictionary words, and make sure your password is at least eight characters long.

2. Monitor crack attempts. If you have your own VPS or dedicated server, you can run TripWire or SAMHAIN to frequently check for attempts to comprise your server’s security.

3. Create scripts to automate security tasks. With a busy schedule, you may forget to check for new versions of Joomla and any extensions you have installed. Setup scripts to make the process automatic.

4.. Check logs often. Many times, simply looking over access and error logs can reveal thinly-veiled attempts to intrude on your server, particularly if the attacker is trying to do so through a web application like Joomla.

5. Run checks for SQL injection vulnerabilities. There are free tools on the web that will perform these checks for you.

The important thing to remember is to always be diligent. Create a security routine and stick to it. Do not let months go by before you decide to check on your Joomla installation. You may find your site has already been comprimised.

Source: Joomla Security Checklist

Joomla Security Tips Part 3 Tue, 08 Jun 2010 19:45:34 +0000 Joomla configuration
In the two previous parts of the Joomla security series, we looked at various configuration settings both prior and after installation. Here are some important security steps to take during installation.

1. Move the configuration.php outside of the root document directory. For example, if you directory is /home/user/www/public_html, you can move configuration.php up to /home/user/www where outside visitors cannot possibly access it. Read this guide for the detailed procedure.

2. Disable XML-RPC, if not needed. Unless you need to access and publish to your Joomla installation from another application (without logging into your website), this component just presents a security risk.

3. Check 3rd-party extension vulnerability. Joomla publishes a list of vulnerable extensions. Avoid them.

4. Use SSL for all logins and publishing. Joomla 1.5 has increased support for SSL.

Previous Joomla Security Tips:

Part 1

Part 2

More Joomla Security Tips Thu, 03 Jun 2010 20:14:15 +0000 joomla sucirityYesterday, I highlighted some of the critical Joomla security issues that you should consider. Here are a few more you should add to your list:

All of these can be set within your local php.ini directory (if your server allows it), rather than manipulating the global one for the server.

1. Use the “disable_functions” to prevent the use of some dangerous PHP functions:
Example: disable_fuctions = show_source, exec, phpinfo

2. Use open_basedir. This will limit which files PHP can opened to the directory tree specified (i.e. in your home folder)
Example: open_basedir = /home/webguy/www/html

3. Disable register_globals. Joomla will actually warn you if you have this enabled:

Example: register_globals = 0

4. Disable allow_url_fopen. This is used when you want to create PHP wrappers to open remote URLs. You can probably imagine the dangers that would create if exploited.
Example: allow_url_fopen = 0

Source: Joomla Security Checklist

Joomla Security Tips Wed, 02 Jun 2010 15:45:37 +0000 Joomla configuration
Joomla is a powerful free and open source content management system. It has become very popular, and many web hosting provider offer instant installer scripts that can automatically install Joomla onto a customer’s website. In certain, situations, however, you may prefer to install Joomla yourself. When you do, there are certain security issues you should know.

1. Delete the “install” directory. Joomla tells you to do this, and if you forget, the results can horrific.

2. Chmod configuration.php to at least 644. No one should be able to access your configuration.php file. The only reason to even leave it as 644 and not 600 is that some web servers on shared hosts require PHP files to be readable by the web server, which is a different user than the site owner.

3. Backup early and often – Create backups of Joomla’s MySQL database. If anything ever does go wrong, you will have a backup.

4. Install mod_security – ModSecurity is an application firewall designed for web applications like Joomla. It will protect you where a network firewall cannot.

5. Secure your database – Setup Joomla to access the database with a user with limited privileges, and make sure the password is not easy to guess.

There are many more security issues you should consider. Over the coming days, I will highlight some of them. Hopefully, they will help you keep your Joomla installation stable and secure.

How to Remove "Welcome" Header from Joomla Fri, 28 May 2010 15:29:40 +0000 Joomla page with welcome message
Joomla is a very powerful free and open source content management system (CMS), and its upcoming release, version 1.6, is expected to continue its tradition of stable and efficient website management. There are, however, certain settings in Joomla that are not so obvious, and a webmaster that has not learned how to fix those little nuances can usually be identified by the appearance of his website.

One such annoyance is the “Welcome to the Frontpage” message that appears in the blog section of the front page of a new Joomla website. Even after adding your own custom content and tweaking your template, you might still find that awful message staring back at you. Fear not! There is a way to remove it, and it does not even involve any magic hacking. Just follow these steps:

1. Login to your Joomla installation as administrator (
2. Click “Menus” and then click the name of the menu you are using.
3. Find the default page, designated with a yellow star in the “Default” column.
4. Click the name of the page.
5. On the right side, click Parameters (System)
6. Next to “Page Title” you will see the dreaded welcome message. You can can change it, delete it, and/or click “No” next to “Show Page Title” to remove that title section completely.
7. Click “Save”, and you are all finished.

Photo Source: Flickr

Chinese hackers implicated in CMS hack attack Tue, 04 May 2010 15:49:09 +0000 hacker
According to reports, Chinese hackers have infiltrated a number of WordPress and Joomla sites hosted by Go Daddy. The sites are still under attack today as the cyber criminals exploit vulnerabilities in outdated scripts.

The hackers are uploading malware to the sites, which visitors to the sites have been prompted to download. Network Solutions experienced a similar problem several weeks ago.

It is always important to keep CMS’s and other scripts up-to-date. This situation isn’t so much Go Daddy’s fault as the customers’ for failing to update their installations. However, Go Daddy’s large size also makes it an attractive target for hackers.

Photo | simonok

User scripts, plugins, extensions, and security Tue, 20 Apr 2010 18:15:21 +0000 Wordpress plugins install
When operating a dedicated server with more website users than just yourself, you always run the risk of getting attacked because of a security hole in a user-installed script. That situation is now compounded by the fact that users also install plugins and extensions for their blogs and content management systems like WordPress and Joomla.

Are extensions and plugins a security risk? How can you make sure they do not hurt other users or the server? Like with any security issues, there are general precautions you can take.

1. Make sure the user has no additional privileges outside of his or her chroot environment.
2. Remind users to check the permissions on scripts so that attackers cannot use them to piggyback onto another system.
3. Do not allow root login under any circumstances.
4. Keep an eye on logs to see if any scripts are behaving unusually.
5. Disable scripts with known problems, and direct users to viable alternatives.

How to install Joomla extensions Mon, 19 Apr 2010 19:48:43 +0000 Joomla extensions
Joomla is one of the most popular content management systems (cms), and one feature that people love about it is its free extensibility. Even if you do not have web design or programming experience, you can easily customize your site using pre-designed Joomla templates and extensions.

With a few easy steps, you can install new extensions in Joomla.

1. Visit to find the extensions you want.

2. If you have a new Joomla installation, make sure the extension you find has a “1.5 Native” compatibility. Also look for free extensions, unless you want to pay for commercial ones.

3. Click download and save the zip file to your computer.

4. Login to Joomla, go to Extensions, and click Install/Uninstall

5. Click “browse” or “choose file” (depending on your browser) to find the file you downloaded.

6. Click Upload File & Install

If you installed components, they will now appear in the Components menu. All that is left is to configure the new extension and enjoy it.

What people should know about Windows servers Tue, 30 Mar 2010 13:22:26 +0000 Joomla screenshot
Aside from writing, I also develop websites for clients on a freelance basis. In the ideal scenario, I get contacted by an interested client who has neither a domain name nor a current web hosting company. I can then steer that client to the host and domain provider I think is best and will work well with Joomla or whatever content management system I use.

Unfortunately, many clients come with their own baggage. More often than not, it includes a domain hosted by a company like GoDaddy and possibly a current website that is less than stellar. The worst situation that I ever encountered was a client who had chosen to use GoDaddy’s hosting service with a Windows server. Anyone who has tried to use PHP content management systems with Windows is probably already cringing at the thought.

Aside from the usual problems with GoDaddy’s control panel, I had to content with Windows and its strange compatibility issues with PHP. Theoretically, it should work fine with Joomla, but that requires proper configuration, something GoDaddy failed to do. Mind you, the Joomla installation was automatic from their own control panel, but it still never worked quite right. In the end, the client settled for a less-than-perfect site. My advice to anyone who wants a website: ask those who know first before you make purchases.

Photo Source: Flickr

Web hosting provider script and CMS installation Fri, 19 Feb 2010 22:01:09 +0000 Fantastico De Luxe screenshot
Many web hosting companies offer free script and CMS installation. In most cases, the installation is automatic and done through the host’s control panel system. For example, users of cPanel might have an option for Fantasico De Luxe, which installs a number of web applications, such as Joomla, WordPress, and OS Commerce.

There are a few things you should consider when using such services:

1. Does the provider’s service provide updates for the scripts?
2. Are they standard installs that can be modified the same way a manual install would?
3. Is the software open and common so that if the user decides to leave that host, they can take their data and design elsewhere?
4. What type of the support does the host offer for these third-party packages?

Depending on the answers to these and other questions, you may decide to use your web host’s services or install the applications you need on your own.