Joomla 1.5.14 Released

Joomla 1.5.14 has been released. This release contains fixes for two material bugs that were introduced in version 1.5.13 and one low level security issue. The issue is with the mailto component. In com_mailto, it was possible to bypass timeout protection against sending automated emails. It has been eight days since Joomla 1.5.13 was released on July 22, 2009.

Conversion Tracking code on Virtuemart

Google Conversion Tracking is one of the common goal conversion technique used by PPC Managers. To implement the conversion tracking code on Virtuemart, the code needs to be inserted in the thankyou page template. The instructions are as follows:

Download the file “checkout.thankyou.tpl.php” which resides in com_virtuemart/themes/theme_name/templates/pages

The code needs to be placed just after code as shown in the image.

Upgrade to Joomla 1.5.12

Joomla 1.5.12 has been released with a number of bug fixes and three moderate-level security fixes. It has been less than a month since Joomla 1.5.11 was released on June 3, 2009.

Apart from the security fixes, this release contains an important upgrade to TinyMCE v 3.2.4.1.

Download Joomla 1.5.12 (Full package)

Download Joomla 1.5.11 > 1.5.12 update package

For more details and instructions, logon to Joomla.org

Why should you upgrade your Joomla website design from 1.0.x to 1.5.x?

Is it really important to upgrade your Joomla website design from 1.0.x to 1.5.x? Joomla 1.5 code has been re-written to make it more user friendly and scalable in terms of development.

For site administrators, the look and feel of the admin panel has been significantly revamped. The extension installer has been merged so that components, modules, plugins and languages can be installed and managed from single tab.

The media manager has become very user friendly with Ajax based uploader and ability to view the media in icons and list formats.

The article manager has become simpler to use. Now there is a single editor with a “Read More” button for separating the introduction from the full article. The addition of images in the content has improved a lot using Ajax. Now updating the articles on sites like News Portal has become quite fast.

The global configuration has been organized better. The option to enable SEF urls is a great relief. The inbuilt SEF urls are very good for small sites. Another good option is to edit the menu item for menu type which was not present in 1.0.

For designers and developers, the code base has been better organized by separating program logic from presentation logic. Now, template designers can use custom layouts, often referred to as template overrides. A beautiful addition is the ability to define template parameters which can be managed from the Template Manager.

And last but not the least, one of the most powerful features of the framework is the new MVC based component objects.  Developing using the MVC design pattern gives developers a platform for rapid application development and prototyping.  The clear separation between logic and presentation helps ensure code reusability and maintainability.

In all, Joomla web design 1.5.x version is far better and great than 1.0.x. If you are installing Joomla on a new site, it’s preferable to start with 1.5 versions. The joomla community has also quickened the pace and you will find that most of the popular extensions are now 1.5 native.

ICPD15India’s NGO website launched

Joomla.in launches the official website using Joomla 1.5 for ICPD +15: A Civil Society Review in India. The International Conference on Population and Development (ICPD, Cairo 1994) marked a watershed in the understanding of population and development issues. This led to integration of population issues into all development planning, policies and programmes.

A custom design was created for the website with professional look and feel. The website features informative content pages, newsletter subscription, interactive blog for the users to post topics and comments, site search and other interactive features.

Joomla NGO website

Redirecting index.php to root in Joomla 1.5

Its very important that the homepage of the website is accessible through one URL only. For example, a typical joomla site would be accessible by domainname.com, www.domainname.com, domainname.com/index.php and www.domainname.com/index.php. If you are using frontpage component on the homepage, you may have an additional URL for homepage.

This way, the power of backlinks and google PR is distributed across several URLs. This can be easily taken care of by using the following code in .htaccess file.

For redirecting /index.php to www.domainname.com:

Options +FollowSymLinks
DirectoryIndex index.php

RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ http://www.domainname.com/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

For redirecting domainname.com to www.domainname.com:

Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^domainname.com [nc]
rewriterule ^(.*)$ http://www.domainname.com/$1 [r=301,nc]

Once you have done this, you can check the redirection using a fantastic redirect check tool I can across. This tool will provide all possible URLs for your homepage along with the response code. The response code of 200 which is an OK response should be returned by just one URL.

10 tips to secure your joomla site

Joomla is undoubtedly one of the best CMS available in the market. As more and more websites have started using Joomla, its important that the site is configured properly to prevent any security compromises. I have compiled 10 security tips to secure your joomla website.

1. Proper Hosting Environment
   A properly configured server is highly recommended for your joomla website. Host your site on a server that runs PHP in CGI mode with su_php. This means that PHP runs under your own account user instead of the global Apache user and you don’t need to set insecure global permissions like CHMOD of 777.

   a. Set register_globals OFF
   b. Disable allow_url_fopen
   c. Adjust the magic_quotes_gpc directive as needed for your site. The recommended setting for Joomla! 1.0.x is ON to protect against poorly-written extensions. Joomla! 1.5 ignores this setting and works fine either way.
   d. Don’t use PHP safe_mode

2. Change the Default Database Prefix (jos_)
   While installation, change the default database prefix to something random. This will prevent most of the SQL injection attacks as hackers try to retrive superadmin details from jos_users table.
3. Disable FTP Layer
   While installation, dont enable the FTP layer as it opens up a potential security hole since your FTP details are stored in plain text under a Joomla! configuration file. FTP layer is not required if your hosting is secured and configured properly for Joomla.
4. Change superadministrator username
   After installation, change the username for the super-administrator. By default, its admin. So change it something like ravi.chamria so that the username/password combination becomes difficult to guess or crack.
5. Strong password
   Always use strong password for the administrator accounts. An example of strong password is E@^M!$<9@k. You can use sites like www.strongpasswordgenerator.com to generate a strong password.

   A good addition is to password protect the administrator folder. In apache web server, you can do this htaccess file or in cpanel, you can use Password Protected Directory option to setup a password. This will add another layer of username/password before someone reaches your Joomla admin details. Needless to say, have this password different from Joomla admin password.

6. Enable SEF URLs
   Most hackers use the Google inurl: command to search for a vulnerable exploit. So enable SEF urls from site configuration if you are using Joomla 1.5. You can also use extensions like SH404SEF for both Joomla 1.0 and Joomla 1.5. This will prevent hackers from finding the exploits as well as benefit you in SEO perspective.
7. Upgrade to latest release of Joomla
   Always upgrade to the latest release of Joomla as soon as possible. The current release is 1.5.11. You can subscribe to http://feeds.joomla.org/JoomlaSecurityNews or our blog feeds http://feeds2.feedburner.com/joomlainblog to get updates about the latest security releases.

   Always download Joomla! from official sites, such as the Joomla! Forge, and check the MD5 hash

8. Third party extensions
   There are more than 4000 extensions available for Joomla many of which are non-commercial. But dont take this as an opportunity to install unnecessary extensions on your website. Remember that most hacking attempts occur due to vulnerability in these extensions. So, always use extensions which are popular, has strong community backing and development process.
9. Proper file/folder permissions
   The proper file/folder permissions for your joomla website is:
   * PHP files: 644
   * Config files: 666
   * Other folders: 755

   You can CHMOD the files and folders using your FTP client.

10. Setup a backup and recovery process
    Always rely on a strong backup and recovery protocol for your live website. Its not just hacking that may compromise your website but other factors like a faulty upgrade or extension install, hardware failure, hosting provider issues. You can use JoomlaPack, a non-commercial component native for both Joomla 1.0 and 1.5 for backup.

Upgrade to Joomla 1.5.11 Security Release

Joomla has announced the release of Joomla 1.5.11 [Vea]. This is a security release and users are strongly encouraged to upgrade immediately.

This release contains 26 bug fixes, two moderate-level security fixes and one low-level security fix. It has been 11 weeks since Joomla 1.5.10 was released on March 28, 2009.

You can download the Joomla 1.5.11 Full Package from here.

You can download the Upgrade package here.

Business Directory site in Joomla 1.5 launched

Joomla.in launches the Business Directory project using Joomla 1.5. Emaratonline.biz is a business-to-business and business-to-consumer portal for UAE and MENA region. The objective is to be one of the primary facilitator of business within UAE and MENA region and around the globe.

A custom design was created for the portal with professional look and feel. The portal features business directory, free and paid membership subscription, business offers, notice board, discussion forum, members chat, business recources, career section for resume upload and job search and other interactive features.

Custom 404 page in Joomla 1.5

Joomla 1.5 has a default 404 error page which is devoid of the main website theme. It looks something like this:

In SEO perspective, the website should have a 404 error page with proper links to the site. According to Google SEO guide, avoid using a design for your 404 pages that isn’t consistent with the rest of your site.

To change the default 404 error page in Joomla 1.5 is quite easy. Just follow these easy steps:

Create a normal article with some message to the users who have arrived on the error page. Publish this article as a menu item and grab the URL for the article. It will be like:

http://www.joomla.in/index.php?option=com_content&view=article&id=122

Now you need to edit the file which contains the code for 404 error page in Joomla. Open the file templates/system/error.php in any editor. Just below this line: defined( ‘_JEXEC’ ) or die( ‘Restricted access’ ); add the following code:

if (($this->error->code) == ’404′) {
header(‘Location: ‘ . $this->baseurl .’index.php?option=com_content&view=article&id=122′);
exit;
}
?>

Replace the old error.php file with this one.

Now you can open any non-existent URL on your website like http://www.domainname.com/non-existent-url.html and you will find that the custom error page has opened.