Move your /temp and /log folders outside of webroot
It's always a wise move to move your sensitive files outside of the so called WEBROOT, the directory which is used by Apache to show your website. This way you can be sure, that nobody else, but your Joomla core code can use these files.
Moving some files/folders, like the main configuration.phpor the location of admin login may be tricky, but mowing these two key folders is relatively simple.
Multi-currency store: wrong currency on PayPal checkout
VirtueMart is great when you want to set up a store which works with multiple currencies. You can set up your own prices for each currencies in your shop, or you can use one of available currency converters. The core functionality supports the use of European Central Bank's live currency rates, but there are plugins supporting other rates too.
But you can run into trouble where you'd expect to not have any surprises: on PayPal checkout page.
Multilanguage Joomla and UTF-8
Joomla supports out of the box the UTF-8 character encoding, so someone building a multilingual website should not have any problems using UTF-8 character encoding in his site. Right?
Yes and no, the CORE Joomla is problem free as I write this, but some non-core add-ons, templates - and yes, your own, home-cooked code can produce garbled output. Let's see why, and how we can fix it!
Never-ending database installation
If you’ve been trying to install a quickstart package received after a template purchase, and the installation freezes at the database creation/restoration step you might have to make few changes in the server/PHP environment in order to fix the issue.
Other usual hacker tactics
There are numerous other tactics that can be used to break into a computer system, and these usually involve discovering weaknesses or loopholes in the server software's defenses. When a programmer writes software that runs on a web server, he tries to make sure that the software cannot be abused - but it can be very difficult to foresee every eventuality; vandals and hackers are always pushing software to the limit and trying out operations which the software was not designed to handle, in an attempt to discover a way in.
Pagination Links Overrides
Before the Joomla 1.5, pagination override was a nearly impossible task. The control the display of items-per-page and the pagination links used with lists of information has become much easier.
Password strenght checker - for free!
It's one of besk keept "secrets" of Joomla 2.5+ - there is a built in password strenght meter, ready to be used. And some are selling for good money - and others offering free plugins - to let you unleash the hidden power.
But if you aren't afraid to make your hands dirty with some PHP code, here is how you can do this:
Patch your outdated Joomla installs
As I write this, both Joomla 1.5 and 2.5 have reached their EOL (End Of Life) for long time, and are not developed or supported anymore. This is a huge security risk, so the best advice here is to upgrade your Joomla site to the latest version. But what if you don't have the time/funds to do it right now?
PHP code snippets to conditionally add things to your template
The Joomla ItemID-related management of modules is a powerful tool, but sometimes you need to show/hide parts of your site on two special cases not covered by this tool: when you need to show/hide things regardless of the active ItemID - for example on all detail listings page of a given component, or when you need to deal with a component which have poor support of ItemIDs - as VirtueMart, which is notoriously misbehaving in this regard.
PHP Warning: It is not safe to rely on the system's timezone settings....
With recent upgrade of a great number of servers to PHP 5.3.8 may clients reported that their site began to show error messages like
Quickstart installation problems
If you purchased a commercial Joomla template it is very likely that in the package you got you have a special installation package, called Quickstart which let you have the carbon copy of the template demo site in just couple of clicks. It is a gread bonus, helpful especially for beginners. but once in a while you might have problems by installing this package, especially if you try to install it on your local machine.
Many of you probably had seen already the red warning in Joomla's admin interface, that you need to have the Register Globals set to "on", otherwise your site is exposed to security treats.
And also many of you haven't a clue how to do it...
So, let's see what an average webmaster can do about this problem.
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. His pair, Local File Inclusion or LFI is basically the same technique, used on sites which have been successfully penetrated, and the hacker "planted" his files already on the server.
Running Joomla on a Windows server
Yeah, you may say that nothing coming out from that Redmond-based factory does not qualify as LAMP environment, and Joomla is built yo be used on LAMP servers, am I right? Yes... and no. Why not let them to play with the best CMS around .
So, what a Windows aficionado should know if wants to run Joomla on his favorite server?
Secure your standalone scripts used in a Joomla site
Joomla has everything you may need. Right? If you take a look to the Joomla Extensions site, you may agree with this. But, as always, there may be cases, when the above statement is wrong. For specific need he simplest approach may be to use for specific purposes a standalone script. You can solve the problem - apparently - by using Joomla's wrapper feature, and use your scripts as they where part of your Joomla site. Almost perfect solution you may think... but your scripts are directly accessible by their physical URL, not only through the Joomla interface. What you can do about?
A lot. And surprisingly easily.
Joomla specifies certain settings that are recommended for proper functioning of the system. A list of the recommended and actual settings is displayed when you install Joomla. One of the recommended settings is to have 'Display Errors' switched on. This is very useful when developing and debugging a site, but there is a security vulnerability in PHP (not Joomla, but the language in which Joomla was written) which may allow cross-site-scripting attacks when the display errors option is enabled, if you have a script which produces an error.
Smart contact module
How to build a smart Contact Us module?
Smart in what way, you can ask... Simple: to let you know, in which page of the site the user filled it and send it to you! Why? you never get a criptyc message from your clients you wasn't able to find out what they are referring to?
One popular and potentially devastating method of attack against Joomla powered sites is SQL injection. Any web application that makes use of a database usually communicates with the database for necessary functions using a special language known as 'Structured Query Language', or SQL. Joomla, by the way, uses an open source implementation of this language, MySQL.
The 301 redirect
Just upgraded from a static site to Joomla? Or just reorganised your content? And, of course, you don't want to loose your existing Google PageRank and your external links...
What you can do?
301 redirect is the most efficient and Search Engine Friendly method for webpage redirection. It's not that hard to implement and it should preserve your search engine rankings for that particular page. If you have to change file names or move pages around, it's the safest option. The code "301" is interpreted as "moved permanently". This is the solution Google recommends for webmasters to keep their ratings.
The return of classic Joomla blog view
Did you already seen that since the advent of Joomla 1.6 the blog view has been changed? Let me refresh your memory! In Joomla 1.0 and 1.5 the Leading Articles - the articles on the top of Blog view - where shown on full by default, and for the rest of articles only the Article Intro part was shown. With Joomla 1.6 this has been changed, for all articles in a Blog view is shown only the introtext. You didn't even noticed that, right? Me either, until one of my clients has specifically requested the feature.