Joomla Security: Beware the Forgotten Installation

Details

Published: Tuesday, 16 April 2013 15:24

Written by Alan Langford

It's common practice for developers to put test or new development sites in a subdomain. Most hosting control panels, notably cPanel, default the root directory of the subdomain to a subdirectory of the main site, so if I was going to create a "test" subdomain, cPanel will suggest "/home/youracct/public_html/test" as the root directory (youracct is the name of your hosting account). The problem is that these test installations are soon forgotten and can become a major security risk.

Let's say your client — let's call them client.com — finally has the budget to get off the old Joomla 1.5 site you built years ago. You create a subdomain to hold that shiny new web site. Maybe you call it "new.client.com", or being a leading edge kind of person maybe it's "joomla31.client.com" (Joomla 3.1 will be here very shortly). If you use the default directory and don't password protect it, anyone can see the new site by accessing the subdirectory. Entering client.com/joomla31/ exposes the new site to the world. If you used "new" it's an easy guess. There's a also good chance that backups of your main site are also now a lot bigger (you are backing up the site, right?) because they include also include the new version.

You work away on your spanking new Joomla 3.1.0 site and a few weeks later it's ready for launch. If you have the site in a subdirectory, you make a backup there and restore the new site in the web root. Over time you update the new site, applying security updates, fixing a vulnerable extension... everything is running smoothly. Then months later despite thinking you've done everything right, the site is hacked! What happened?

Read more: Joomla Security: Beware the Forgotten Installation

An Argument for Complex User Interfaces

Details

Published: Monday, 14 January 2013 08:00

Written by Alan Langford

User Experience (UX) design is an important aspect of almost every software application. Most users benefit from having a simple, easy to understand interface that offers intuitive choices to achieve their goals. Advocates of the simple approach point to surveys that measure how users respond to the design of an application, where simpler interfaces almost always garner a better rating.

The challenge is that not all applications can be reduced to a simple model. The current trend in UX design is to break a complex task down into a set of smaller, simpler interfaces, and then give the user a method of selecting or stepping through each of these interfaces. In some cases where a lot of this input is required, the user is guided through a sequence of simple steps to achieve a complex goal. This doesn't work. It's the opposite of the one-step checkout process that works so well for commerce sites, and we need a better solution.

Read more: An Argument for Complex User Interfaces

Save Time and Money by Using ACP for Joomla Content

Details

Published: Tuesday, 08 January 2013 18:21

Written by Alan Langford

The title of this post is what I should have titled my presentation at the 2012 Joomla World Conference. That's also how I should have structured the presentation. Much the same material, but the benefits first. The marketer's version of "Keep it Simple, Stupid" should be "Present the Benefits First, Idiot". Next time I do this presentation it's going to be organized to do just that. Until then, this will have to do.

The best way to put it is this: ACP is very useful when you have a lot of articles with similar elements and you want the flexibility to change the way all those articles are presented with a single update. If you have something like 300 product brochure pages in your site, or 10 executive profiles, then ACP is worth learning.

Read more: Save Time and Money by Using ACP for Joomla Content

Louis Landry to Joomla: So Long and Thanks for All the Fish

Details

Published: Sunday, 23 December 2012 00:00

Written by Alan Langford

With this reference to The Hitchhiker's Guide to the Galaxy, Louis Landry – a major contributor to the Joomla project as a principal architect of Joomla 1.5, Joomla Platform, Core Team member, frequent speaker at Joomla events, and generally all-round sensible person – announced his departure from the project "for the forseeable future".

Read more: Louis Landry to Joomla: So Long and Thanks for All the Fish

The Two Most Important Things You Can do to Secure Your Joomla Site

Details

Published: Friday, 07 December 2012 09:37

Written by Alan Langford

Maintaining a secure web site is a top concern for many people. Everyone is looking for the one way to make sure their site is always running, safe, and secure. When someone expresses concern about the security of their site, I usually ask them how old their most recent backup is. Most don't know, or don't have any backup at all.

The harsh reality is that no system is ever going to be 100% secure. It doesn't matter what that system is, be it Joomla or the mainframe system that runs your bank account. It's important to keep your system up to date and to defend against hackers, but at the same time keeping your site up and running means defending against several other factors that include hardware failures, failed business relationships, and security issues beyond your control. For example, if your hosting company doesn't keep their control panel software up to date there's nothing you can do — short of switching hosts.

Read more: The Two Most Important Things You Can do to Secure Your Joomla Site