BuyHTTP Company Blog» Joomla Tips Archives – BuyHTTP Web Hosting Blog

Joomla 1.5.16 Security Update

admin — Sun, 25 Apr 2010 07:32:26 +0000

Joomla has released 1.5.16, a security release in the 1.5 line. All versions of 1.5 are affected and all users are encouraged to upgrade.

Joomla Multi-site Has Never Been Easier

admin — Sat, 11 Jul 2009 02:40:07 +0000

One of our clients has written up a good overview of how to quickly and easily turn your Joomla 1.5 installation into a multi-site setup. The basic steps:

Setup Joomla on your main domain
Park the second domain on your main domain
Add a php header redirect to your template’s index.php file

If you want multiple templates for each site that is also easy to control. So if you need to control multiple sites from one Joomla installation, this will work perfectly for you.

View the writeup at docs.joomla.org.

Attack of the Joomla Extensions

admin — Mon, 29 Jun 2009 20:27:10 +0000

Brian Teeman is running a Joomla developer showdown, similar to extension competitions that are done with other systems. These competitions often lead to some of the most used extensions so it will be exciting to see what will be produced. Visit his site for info on the competition and how to get involved.

Joomla Resources Directory

admin — Wed, 24 Jun 2009 20:08:29 +0000

If you are looking for any Joomla related services there is a new easier way to find what you are looking for. resources.joomla.org has been created due to intense community desire. This is also a great way to get your Joomla services company more exposure.

Protect Your Joomla Admin from Hackers

admin — Mon, 22 Jun 2009 20:46:34 +0000

One very popular way for hackers to try to gain access to your Joomla administrator is to brute force attack to guess your password. Using this method they bombard your admin form with thousands of usernames/password until they find the right combination. Since Joomla doesn’t let you choose the admin username when installing they already know the username, this makes it twice as easy. Fortunately is is easy to add several layers of protection.

1. Change the admin username

The first step you should take is changing your admin username. Login to cPanel, go to phpMyAdmin, select your Joomla database, browse the jos_users table and edit user id 62, this is the original super admin user. Change the username to something other than admin. This step will already almost eliminate any chance of your login being guessed since most hackers will just use admin for the username.

2. Improve your admin password

Next you’ll want to make sure your admin password is sufficiently difficult to guess. You’ll want to have at least 8 characters with a mix of lower case letters, upper case letters, numbers and special characters. A good password generator can be found here.

3. Add .htaccess protection

The firewalls on our Joomla hosting accounts automatically check for failed login attempts on .htaccess logins, so potential hackers will automatically be blocked after 5 login attempts. To add .htaccess protection login to cPanel and click on the Protect a Directory button. There you will be able to select the directory to protect (in this case your “administrator” directory) and add users who can login.

Taking this steps will help protect your Joomla admin login from would-be hackers.

Adding Google Analytics to Your Joomla Site

admin — Fri, 19 Jun 2009 19:59:11 +0000

We get asked all the time how to add Google Analytics tracking to Joomla sites. Until now we’ve recommended doing it manually because that was the only way to get the code just above the like Google recommends. All the modules would place the code in the middle of your page. There is a new plugin that allows you to get the code inserted just above the without needing to edit the template file.

BIGSHOT Google Analytics is a free Joomla 1.5 native plugin that allows you to insert your Analytics tracking code from the administrator with no file editing required.

It would be nice if the plugin allowed the option to prevent it showing if you are logged in as various levels on the frontend if you didn’t want to track admin or editor visits.

Security issue in Expose

admin — Fri, 27 Jul 2007 07:46:54 +0000

There is a fairly major security issue with Expose, and a fix is available. This issue affects all versions. First, you want to make sure to upgrade to the latest release (4.6.1) and apply the patch available at http://joomlacode.org/gf/project/expose/frs/.

Page Caching in Joomla

admin — Sat, 07 Apr 2007 15:49:19 +0000

We have had a number of requests recently asking about various page caching components. It’s always nice to be able to squeeze that extra bit of performance out of your site. We decided to test out the page cache component from Ircmaxell as it seemed to have the most promise.

We first installed it on MamboDemo and noticed page loading times decrease between 90%-98%. We’re using about half of the server resources today that we were using yesterday. That’s a pretty impressive decrease.

The we decided to see what it would do on a high traffic site and popped it on MamboHUT. We got the same 90%+ decrease in page loading times. The impact on server load wasn’t as great, but that’s because we’re running phpAdsNew on MamboHUT as well and that is the cause of almost all of the load it creates.

We didn’t notice any bugs on either site and installation was a breeze. We highly recommend this component for use on our servers.

Happy New Year

admin — Mon, 01 Jan 2007 04:36:50 +0000

We at BuyHTTP would like to wish everyone a happy 2007 and start the year with a new tip for your Joomla or Mambo site.

When uninstalling components it’s not at all unusual for them to leave their database tables behind. Many do this to help with upgrading, making it a simple uninstall/reinstall situation. But if you are completely uninstalling a component, make sure to check the database using phpMyAdmin as see if the tables have been removed as well.

Move your Mambo or Joomla configuration.php file outside of webroot

admin — Thu, 14 Dec 2006 05:45:27 +0000

Have to thank friesengeist of the Joomla core team for this very nice tip for your Joomla or Mambo site.

There has been a lot of discussion lately on further securing your Joomla or Mambo installations and what can be done. We do everything possible at the server level but there are a few things that can done in your individual site to help ensure a hackless Joomla or Mambo existence.

This tip explains how to move your configuration.php file outside of your webroot as well as making it unwritable by the server. That makes it nearly impossible for someone to corrupt or gain access to the information in the file.

The first step is to move the file. Your webroot is /home/USERNAME/public_html, where USERNAME is your cPanel username. Joomla and Mambo can access files located at /home/USERNAME, but those files cannot be directly accessed from the internet. Login to your favorite FTP program and download your configuration.php from /home/USERNAME/public_html/configuration.php . Rename it to “site.conf” then upload it to /home/USERNAME/site.conf.

Now that we’ve uploaded it to the new location we need to edit the original configuration.php file. Open it in your favorite text editor and replace the contents of the file with the following:

 require( '/home/USERNAME/site.conf' );
?>

Make sure to replace USERNAME with your cPanel username. Then upload the new file to /home/USERNAME/public_html/configuration.php. At this point your site should still function normally.

Next, we need to make the file unwritable by the server. Most FTP programs allow you to do this. Right-click on the /home/USERNAME/site.conf file and select the option to edit permissions (normally “Permissions” or “Info”) and change the permissions to 444. This lets the server read the file without any problems, but it will not be able to edit the file.

If you ever need to edit the file you will need to change the permissions back to 644 before making your changes.

You can view the thread that inspired this post at http://forum.joomla.org/index.php/topic,122450.0.html