BuyHTTP Company Blog

Joomla has released 1.5.16, a security release in the 1.5 line. All versions of 1.5 are affected and all users are encouraged to upgrade.

One of our clients has written up a good overview of how to quickly and easily turn your Joomla 1.5 installation into a multi-site setup. The basic steps:

1. Setup Joomla on your main domain
2. Park the second domain on your main domain
3. Add a php header redirect to your template’s index.php file

If you want multiple templates for each site that is also easy to control. So if you need to control multiple sites from one Joomla installation, this will work perfectly for you.

View the writeup at docs.joomla.org.

Brian Teeman is running a Joomla developer showdown, similar to extension competitions that are done with other systems. These competitions often lead to some of the most used extensions so it will be exciting to see what will be produced. Visit his site for info on the competition and how to get involved.

If you are looking for any Joomla related services there is a new easier way to find what you are looking for. resources.joomla.org has been created due to intense community desire. This is also a great way to get your Joomla services company more exposure.

One very popular way for hackers to try to gain access to your Joomla administrator is to brute force attack to guess your password. Using this method they bombard your admin form with thousands of usernames/password until they find the right combination. Since Joomla doesn’t let you choose the admin username when installing they already know the username, this makes it twice as easy. Fortunately is is easy to add several layers of protection.

1. Change the admin username

The first step you should take is changing your admin username. Login to cPanel, go to phpMyAdmin, select your Joomla database, browse the jos_users table and edit user id 62, this is the original super admin user. Change the username to something other than admin. This step will already almost eliminate any chance of your login being guessed since most hackers will just use admin for the username.

2. Improve your admin password

Next you’ll want to make sure your admin password is sufficiently difficult to guess. You’ll want to have at least 8 characters with a mix of lower case letters, upper case letters, numbers and special characters. A good password generator can be found here.

3. Add .htaccess protection

The firewalls on our Joomla hosting accounts automatically check for failed login attempts on .htaccess logins, so potential hackers will automatically be blocked after 5 login attempts. To add .htaccess protection login to cPanel and click on the Protect a Directory button. There you will be able to select the directory to protect (in this case your “administrator” directory) and add users who can login.

Taking this steps will help protect your Joomla admin login from would-be hackers.

We get asked all the time how to add Google Analytics tracking to Joomla sites. Until now we’ve recommended doing it manually because that was the only way to get the code just above the </body> like Google recommends. All the modules would place the code in the middle of your page. There is a new plugin that allows you to get the code inserted just above the </body> without needing to edit the template file.

BIGSHOT Google Analytics is a free Joomla 1.5 native plugin that allows you to insert your Analytics tracking code from the administrator with no file editing required.

It would be nice if the plugin allowed the option to prevent it showing if you are logged in as various levels on the frontend if you didn’t want to track admin or editor visits.

There is a fairly major security issue with Expose, and a fix is available. This issue affects all versions. First, you want to make sure to upgrade to the latest release (4.6.1) and apply the patch available at http://joomlacode.org/gf/project/expose/frs/.

We have had a number of requests recently asking about various page caching components. It’s always nice to be able to squeeze that extra bit of performance out of your site. We decided to test out the page cache component from Ircmaxell as it seemed to have the most promise.

We first installed it on MamboDemo and noticed page loading times decrease between 90%-98%. We’re using about half of the server resources today that we were using yesterday. That’s a pretty impressive decrease.

The we decided to see what it would do on a high traffic site and popped it on MamboHUT. We got the same 90%+ decrease in page loading times. The impact on server load wasn’t as great, but that’s because we’re running phpAdsNew on MamboHUT as well and that is the cause of almost all of the load it creates.

We didn’t notice any bugs on either site and installation was a breeze. We highly recommend this component for use on our servers.

We at BuyHTTP would like to wish everyone a happy 2007 and start the year with a new tip for your Joomla or Mambo site.

When uninstalling components it’s not at all unusual for them to leave their database tables behind. Many do this to help with upgrading, making it a simple uninstall/reinstall situation. But if you are completely uninstalling a component, make sure to check the database using phpMyAdmin as see if the tables have been removed as well.

Have to thank friesengeist of the Joomla core team for this very nice tip for your Joomla or Mambo site.

There has been a lot of discussion lately on further securing your Joomla or Mambo installations and what can be done. We do everything possible at the server level but there are a few things that can done in your individual site to help ensure a hackless Joomla or Mambo existence.

This tip explains how to move your configuration.php file outside of your webroot as well as making it unwritable by the server. That makes it nearly impossible for someone to corrupt or gain access to the information in the file.

Read more »