How to view template module positions in Joomla! 2.5?

In Joomla! 1.5.x we used to append ?tp=1 at the end of the URL (i.e. http://www.yourdomain.com/index.php?tp=1) to view the module positions of the current template. In Joomla! 2.5, its same but you need to enable "Preview Module Positions".   Following steps Read more

Joomla! vs WordPress Security Updates in 2011 (The number game)

This article gives a detail statistics on Joomla! and WordPress security updates in 2011. Both CMS went through re-design and re-modeling process in 2011. Joomla! was in the process of developing 1.7/2.5 which was released in January 2012 and Read more

Solution to GoDaddy .htaccess Problem

  Recently, Gododdy hosting is having various issues with .htaccess and its nightmare for Joomla! administrator if you are running SEF URL or using product like sh404SEF.       Please try following possible solution to address your problem.   In Joomla! Turn OFF all the Read more

Simple Joomla! Replication Procedure

There are various ways to replicate Joomla! environments we can use 3rd party tools like XCloner, etc… In this article, I am going to show rather simple way to achieve the replication of Joomla! or any other CMS. Background: We Read more

Joomla! 1.7 to Joomla! 2.5

I know there are auto update tools out there on Joomla! extension directory to update Joomla! from 1.7.X to 2.5.X but I will recommend everybody to follow instruction mentioned by Joomla! community. http://docs.joomla.org/Upgrading_from_an_existing_version If you have used utilities like Joomla! Pack Read more

Akeeba Backup Review

I have been using Akeeba Backup for more than an year now. Here is my analysis of the product. Advantages: Akeeba backup is wonderful tool if you are want to backup your Joomla! CMS on the fly. This is where I Read more

joomla! 2.5

How to view template module positions in Joomla! 2.5?

In Joomla! 1.5.x we used to append ?tp=1 at the end of the URL (i.e. http://www.yourdomain.com/index.php?tp=1) to view the module positions of the current template. In Joomla! 2.5, its same but you need to enable “Preview Module Positions”.

 

Following steps will help you to enable “Preview Module Positions” option from “Template Manager Options” of Joomla! 2.5.

 

 

    • Login to Joomla! 2.5.x administrator section (i.e. http://www.yourdomain.com/administrator)
    • Click on “Extensions” > “Template Manager”
    • Under “Template Manager: Styles” click on “Options”
    • Under “Template Manager Options” > Enable “Preview Module Positions” and click on “Save and Close”
    • Under “Template Manager: Styles” click on the template icon to see the modules positions of the style you want to preview as shown in the screenshot below
    • Alternative way to view module positions is to append ?tp=1 to the end of your URL (i.e. http://www.yourdomain.com/index.php?tp=1)
When you are done previewing module positions, remember to set “Preview Module Positions” to disable. Its recommend to disable the ?tp=1 function for security reasons.
Posted on by Hassan Janjua in CMS, Joomla! Leave a comment

Joomla! vs WordPress Security Updates in 2011 (The number game)

This article gives a detail statistics on Joomla! and WordPress security updates in 2011. Both CMS went through re-design and re-modeling process in 2011. Joomla! was in the process of developing 1.7/2.5 which was released in January 2012 and WordPress released 3.3.x and development started from 3.0.x.

Following chart represents totals number of security issues reported and fixed in 2011.

Joomla! vs WordPress Security Updates in 2011

Security Updates

Joomla! (v.1.6/v.1.7)
34
WordPress
13
Notice:
– Joomla! number was calculated for version 1.6.x and 1.7.x. Other assumption made in calculation was all security issues recorded were reported and fixed in 2011.
– WordPress number was difficult to calculate because the security updates and level of details presented by WordPress community is very minimal. I had to drill down to change logs to identify the total number of security vulnerabilities. There might be a possibility that I have missed few.

 

While developing Joomla! 1.7/2.5 Joomla! community was maintaining version 1.5 as well.

Security Updates

Joomla! (1.5)
2

Joomla! security updates by type of security vulnerabilities

Joomla! security updates by type of security vulnerabilities (2011)

Joomla! security updates by type of security vulnerabilities (2011)

Path Disclosure
2
SQL Injection
2
XSS Vulnerabilities
12
Information Disclosure
9
Redirect Vulnerabilities
1
Unauthorised Access
3
CSRF Vulnerability
2
DOS Vulnerabilities
1
Clickjacking
1
Password Change
1

WordPress security updates by type of security vulnerabilities

WordPress security updates by type of security vulnerabilities (2011)

WordPress security updates by type of security vulnerabilities (2011)

Path Disclosure
1
XSS Vulnerabilities
3
Information Disclosure
1
Redirect Vulnerabilities
1
Unauthorised Access
1
CSRF Vulnerability
1
Clickjacking
1
Media Security
1
Uploader Security
1
Others
2

Conclusion: As the number shows both products went through re-design and re-model phase in 2011. But 2012’s data, will give us better understanding of the stability of these two products.

References:
Joomla! Security News URL: http://developer.joomla.org/security/news.html?limitstart=0
WordPress Security News URL: http://wordpress.org/news/category/security/

Security Vulnerabilities Information Links:
Path Disclosure:
https://www.owasp.org/index.php/Full_Path_Disclosure
Information Disclosure:
http://searchsecurity.techtarget.com/definition/vulnerability-disclosure
Redirect Vulnerabilities:
https://www.owasp.org/index.php/Open_redirect
http://developer.joomla.org/security/news/333-20110302-core-redirect-vulnerabilities
DOS Vulnerabilities:
http://en.wikipedia.org/wiki/Denial-of-service_attack
CSRF Vulnerability:
http://en.wikipedia.org/wiki/Cross-site_request_forgery
Clickjacking:
http://en.wikipedia.org/wiki/Clickjacking

Posted on by Hassan Janjua in CMS, Joomla! Leave a comment

Solution to GoDaddy .htaccess Problem

 

Recently, Gododdy hosting is having various issues with .htaccess and its nightmare for Joomla! administrator if you are running SEF URL or using product like sh404SEF.

 

 

 

Please try following possible solution to address your problem.

 

1

In Joomla! Turn OFF all the SEF options.

 

2

Its important to know, GoDaddy does not process the .htaccess immediately. It can take up to 24 to 48 hours for your .htaccess file to process.

 

3

Remove existing .htaccess from the server and use the htaccess.txt file delivered with out of the box Joomla.

 

4

Rename htaccess.txt to .htaccess

 

5

Use notepad to edit the .htaccess file. At the top of the .htaccess file add following lines:

AddHandler x-httpd-php5 .php
AddHandler x-httpd-php .php4

6

Uncomment the “RewriteBase /” line remove the #

 

Notice: If you are hosting multiple domains with godaddy shared linux hosting you will have one “primary domain” and other domain(s). You have to change “RewriteBase /” to the sub folder where you domain points for example

domain1.com points to sub folder domain1

“RewriteBase /domain1” (without quotation!)

Note: Sometime it even works with RewriteBase / for other domains. Its tricky!

 

7

Save the .htaccess file and upload the file to your server. Once the file is uploaded turn “ON” SEF options in Joomla!

 

 

Posted on by Hassan Janjua in CMS, Joomla! Leave a comment

Simple Joomla! Replication Procedure

There are various ways to replicate Joomla! environments we can use 3rd party tools like XCloner, etc… In this article, I am going to show rather simple way to achieve the replication of Joomla! or any other CMS.

Background: We are replicating server1 to server2

Assumptions: Both servers have Joomla! installed up and running

Process:

Step 1 (Server2): Rename configuration.php to configuration.server2

Step 2 (Server1): Backup file system to a *.tar file. We will name it backup_server1_ddmmyyyy.tar

Step 3 (Server1): Backup database of Server1. We will name it db1

Note: You can achieve step 2, and step 3. Using following bash script

Sample Script Link

Step 4 (Server2): Drop all tables in db2

Note: You can use following sample script for Step 4

Sample Script Link

Step 5 (Server2): Extract backup_server1_ddmmyyyy.tar (overwrite mode!)

Step 6 (Server2): Restore db1 using db2 connection string

Note: You can use following script for Step 5 and Step 6

Sample Script Link

Step 7 (Server2): Delete configuration.php

Step 8 (Server2): Rename configuration.server2 to configuration.php

This is one way to replicate or sync to Joomla! websites. There can be many solutions if you know a better tool or way please share.

 

Posted on by Hassan Janjua in CMS, Joomla!, WordPress Leave a comment

Joomla! 1.7 to Joomla! 2.5

I know there are auto update tools out there on Joomla! extension directory to update Joomla! from 1.7.X to 2.5.X but I will recommend everybody to follow instruction mentioned by Joomla! community.

http://docs.joomla.org/Upgrading_from_an_existing_version

If you have used utilities like Joomla! Pack or admin tools. All third party utilities are not simply capable of performing proper Joomla! upgrade (i.e. from 1.7 to 2.5). I will recommend using following instructions to fix the issues you might be having with your Joomla! installation after the use of 3rd party upgrade tools.

  1. Download the “1.7 to 2.5.1 Upgrade Package” using following link
    http://www.joomla.org/download.html
  2. Unzip the package and upload (overwrite mode!) it to the root of your Joomla! installation. Note: If you have customize out of the box Joomla! templates delete the template folder after extracting the zip file.
  3. Update the Database. Log into the back end of your site. Navigate to Extension Manager: Database.
    – Click on “Fix”
  4. Install New Extension(s). Navigate to Extension Manager: Discover
    – Click on “Purge Cache”
    – Click on “Discover”
    – If new extension(s) have been found, select them all and click on “Install”

This should fix the issues you might be having with your update to Joomla! 2.5.x.

 

Posted on by Hassan Janjua in CMS, Joomla! Leave a comment

Akeeba Backup Review

I have been using Akeeba Backup for more than an year now. Here is my analysis of the product.

Advantages:

  1. Akeeba backup is wonderful tool if you are want to backup your Joomla! CMS on the fly. This is where I use this tool on daily basis for example, If I am modifying the Joomla! website (i.e. installing component, plugin, module, etc.). I always create a full backup of the Joomla! website before modifying anything and I think this where Akeeba backup is at its best. Akeeba Backup gives administrators to backup up the content and the database on the fly.
  2. Moving Joomla! site from one hosting to another company. Secondly, I think the most strongest point of the Akeeba Backup Solution is the creation of backup archive (*.jpa). This gives the portability to Joomla! administrator to move or migrate Joomla! website easily and smoothly . Here is the process I follow to move a Joomla! site from one hosting company to another.
    – Create a full Joomla! backup using Akeeba backup (Professional)
    – Using your FTP client download the *.jpa file
    – Upload the *.jpa file to “new” hosting FTP root directory
    – Download “Kick Start” from Akeeba Backup official website (Link: https://www.akeebabackup.com/download/official/akeeba-kickstart.html)
    – Upload kickstart.php file to “new” hosting FTP root directory
    – Run the Kick Start wizard which is very simple. The Kick Start wizard will extract the content from *.jpa file and will guide you through the installation steps. (Knowledge base: https://www.akeebabackup.com/documentation/akeeba-kickstart-documentation.html)

Disadvantages:

  1. Don’t just rely on Akeeba Backup. Its a wonderful backup tool but FTP upload configuration has failed on multiple occasions while I was using this product with Akeeba FTP upload configuration. In order to solve the problem, I have created a custom bash script to upload the archive file (*.jpa file) to remote FTP server. I run this script nightly using cron job.
  2. Large Content Joomla! website and Shared Hosting. Based on my experience I have seen “Internal Server Error” creating a backup for large content website (i.e. 4000+ files). Now, I have experienced this on Godaddy Hosting. I would like to mention the hosting company name as this is very important.
  3. Updates every month. Akeeba backup as a company updates their extensions every month and with every Joomla! release. I have been monitoring them for an year now. From my experience its little too much of updates; I haven’t ran the diffs between the two updates but I believe the changes will be very minimal. I can understand the security releases are critical but literally they release new version every month. Updates of the product are easy but still another job for Joomla! administrator to watch.
  4. Cost. I think the cost of the product (i.e. pro version) for yearly subscription is on the higher side, this product cost around $53 USD/year (i.e. 40 EURO/year).

Alternative to Akeeba Backup: There is really one alternative to Akeeba Backup and that is XCloner and its FREE. Link: http://www.xcloner.com/

Disclaimer: This is just a professional review on the Akeeba Backup product. I wish good luck to the developer of the product.

 

 

Posted on by Hassan Janjua in CMS, Joomla! Leave a comment
  • Hassan Janjua is a Sacramento, CA, USA based web designer specializing in Joomla! development. Hassan is involved in many aspects of the Joomla! and open source content management community. Hassan holds project manager postion with JoomClan.com where he is managing 3rd party Joomla! extensions like JoomRSS, JoomListings, JoomClip, and JoomDocs. Hassan has more than 8 years of experience in Mambo and Joomla!.

    Let me know what you think

    You can contact me via email button below or submit online

    Feedback Form