David Burgess

So after I got all setup with MediaTemple and had made the decision to switch, there ended up being some issues that kept me from going with them as the hosting provider for my sites as well as the site of my clients.

The first issue was one that made me feel as though I had been a bit misled. They told me that they had a fully automated billing system that came as an included feature with the reseller service.

Though this was true, they didn’t tell me that in order to use it I would have to buy an SSL to get all of the functionality out of it. Also, when I had questions about integrating it into their reseller service, they told me that because it was a third-party application that they didn’t support it.

The other issue is that they run on a Plesk server setup. I’ve got nothing against Plesk, but I’m much more familiar with cPanel and migrating my clients’ sites from cPanel to Plesk would have been much more time consuming and frustrating in the long run.

There were things that I liked about MediaTemple, though. The speed at which their servers run is great. The customer service is top-notch. I even like the user interface of their customer area.

After doing some more research and getting a recommendation, I ended up switching my entire hosting platform to VPS Latch.

They offer cPanel hosting and their prices are reasonable. They also run a fully managed hosting service but still offer their VPS clients root access to their accounts. So, basically, if I want to I can log in and make the changes I want. On the other hand, if I want or need someone else to take care of something they will do it. And they do things in a very short amount of time.

I’ve been using Joomla! for years now and have a lot of respect for the people who build the core of it. Thing is, they put the Joomla! generator code in there that is essentially free advertising for them. I understand why they do it, but there are inherent security risks with leaving that code in there.

There are people out there who think it’s fun to hack websites and put up pages that say stuff like, “This site has been hacked by ‘Whoever’”. This is frustrating for the website owner and their developer (if they have one) because if there isn’t a VERY recent backup of the website, then there may be several hours of work to get the site back up and running.

So, with that having been said, here are some things to think about when building a Joomla! website to help ensure a bit more security.

1. Remove the Joomla generator tag. This will help conceal the core of your website and, in turn, make hacking the website more difficult since hackers will have a harder time knowing what platform you’re on. To remove the tag, all you need to do is add this to the <head> area of your template’s index file:

// Remove the generator meta tag
$this->setGenerator(”);

Make sure that is wrapped in <?php ?> code somewhere along the line.

Also, you can put your own information in there so it could be:

// Remove the generator meta tag
$this->setGenerator(‘This website was built by me’);

2. Backup your site regularly. Depending on how frequently you update your website, you may want to do updates in a range of once a month to once every few days. There is a software called Akeeba Backup that will help you do that.

Go to the Akeeba Backup information page to learn more.
Go to the Akeeba Backup download page to download the software.

3. Make sure your Joomla! install is kept up-to-date. Joomla!’s current version is 1.5.22 (at the time of this article) so if you are running anything lower than that, you should consider upgrading to patch any security issues.

4. Make sure that your file and folder permissions are set correctly. One of the biggest vulnerabilities most hackers look for are folder permission issues. It can be time consuming and tedious to verify the permissions on the literally thousands of files in a Joomla! install, so I’ve found a software that does it for you.

This software is made by the same people who built the Akeeba Backup software. The software is called, simply enough, “Admin Tools” and it will take care of items 3 and 4 for you.

Admin Tools will make sure that your website is kept to the newest version (as long as you remember to run Admin Tools) and will install the newest upgrade for you. Admin Tools will also check and correct any file and folder permissions for you with a single click.

One other nice thing that it does is it will verify the integrity of your database and clean it up as well.

5. This one is optional, but I encourage you to use it. There is a plugin that you can install called kareebu that will add an additional level of administrator area security.

Note: kareebu does require registration to download, but it’s free.

If someone were to go to http://www.yourwebsite.com/administrator, they would be able to see that you are running Joomla! and could be well on their way to hacking your website. kareebu, once enabled, will make the new login URL for your website http://www.yourwebsite.com/administrator?yourpassword where “yourpassword” would be replaced with whatever you setup in the plugin.

Of course, all of these steps are next to useless if you use short, easy to guess password. Don’t use “password” as your password. Don’t use your name, your nickname, your spouse’s or pet’s name. I suggest using a sentence as your password. Your password should always be a minimum of 8 characters and should contain uppercase and lowercase letters as well as numbers, and (if whatever system you creating a password for lets you) even some punctuation.

I hope this has been helpful and please leave comments, questions or additional security tips in the comments area. Thanks!

One of the biggest things I run into on a day to day basis when I build a Joomla! template is dealing with the scripts that Joomla! puts in the header by default. This can cause problems with whatever code I write and sometimes (though, not often) components that I install.

Here’s how to remove those header scripts for compatibility’s sake and for the sake of cleaner code:

<?php
//Only call these if required, helps combat conflicts and load times
unset($this->_scripts[$this->baseurl .'/media/system/js/mootools.js']);
unset($this->_scripts[$this->baseurl .'/media/system/js/caption.js']);
unset($this->_scripts[$this->baseurl .'/media/system/js/validate.js']);
unset($this->_scripts[$this->baseurl .'/plugins/system/jceutilities/js/jceutilities.js?v=224']);
?>

I’m going to be adding content to a new category on here called “Tech and Code”. There are 2 main reasons for it:

1. I find myself wanting to talk about coding and my day-to-day work stuff, but I’m very limited to who I can have a conversation about it with.
2. I’d like to make it a resource for thoughts, ideas and even some code snippets to reference later down the road.

If you’re interested, please feel free to leave comments, thoughts, ideas, suggestions, etc. Also, this category might be worth adding to any RSS reader you use for your news updates!

Thanks,
David