There is a known issue with the Joomla! 1.5.7 upgrade regarding the way articles are ordered in Front Page Blog Layout. If you upgrade an existing site to 1.5.7, and if you have two or more columns, the Front Page Layout will default to ordering articles down the columns instead of across the columns.

To fix this, all you need to do is

1. Navigate to the Menu Item Manager for the menu containing the Front Page layout.
2. Open the Front Page Menu Item for editing.
3. Press the Save icon.

This will initialize the default parameter and cause the articles to be ordered across columns as before.

This bug was a side effect of a new feature that allows you to have Section Blog, Category Blog, and Front Page layouts order either down or across columns. Note that this issue will also affect the Joomla! Sample website in a new 1.5.7 installation. New sites are not affected by this issue.

The simple answer as to why this happens is in the term 'WYSIWYG'. Content editors like TinyMCE attempt to allow users to see what the text they're entering will look like when it appears on the front-end of the website. To this end, they show the text against the color or image specified in the template_css.css file of whatever template the front-end of the website is using.

This often presents a problem for users when their website is designed to appear as a lighter content pane floating over a darker-colored background. The darker background is what appears in the editor windows, making the text almost impossible to see. In such cases, it may be necessary to tell the editor not to use the template_css.css file as a reference, but rather to use a different css file instead.

In Joomla! versions prior to 1.5 there was a distinctive difference on static and normal content. Both content types are still around, but are not handled as separate items. If you want to create static content, just select "uncategorized" as section and category and the content is handled as static content.

The improved installer can be found under the extensions option. With versions prior to 1.5 you needed to select a specific extensions type when you wanted to install it, with Joomla! 1.5 you just select the extension you want to upload, and click on install. The installer will do all the hard work for you.

In Joomla! versions prior to 1.5 there was a distinctive difference on static and normal content. Both content types are still around, but are not handled as separate items. If you want to create static content, just select "uncategorized" as section and category and the content is handled as static content.

If you are coming from a traditional website made up of separate html pages, you may well wonder where the pages are.

In Joomla! almost everything that you would normally think of as a web page is actually stored in a MySQL database. When you create a new page, your content is stored in a database record, not in a separate file.

Then when your site is viewed, Joomla! calls up different items from your database and puts them together to make what is displayed to the user.

One exception is that your images are usually stored in the images directory and not the database.

Your MySQL database usually is created by you during the installation process (unless you use a Fantastico or a similar installer that will create the database automatically). If you have a control panel on a linux host, you can usually access MySQL through a program called phpAdmin. This will allow you to view your database.

For a short tutorial on converting a static HTML web site to Joomla!, see How to Convert an existing Web site to a Joomla! Web site.

In Joomla! 1.5, the content parameters are not in the global configuration anymore. Joomla! 1.5 provides component specific settings, which are not set in a global configuration screen for each component itself. For Articles, select Content / Article Manager and press the "Parameters" button in the toolbar. For Banners, Contacts, News Feeds, and Web Links, select the desired component from the Components menu and press the "Parameters" button in the toolbar.

Normally, you should use the latest version of Joomla! for a new site unless you have a specific reason not to. The latest version can be downloaded from the Joomla! download site.

• Make sure that you subscribe to the Joomla! Security Announcements forum. You can do it now by clicking here. This forum is used to make announcements, including the availability of new releases, that could affect the security of your site.
• For the Joomla! 1.5 series, check for the latest version. If you are not on the latest release, read the release notes to see if you need to upgrade. If a release is being made in order to address security issues then it is strongly advised that you upgrade as soon as possible.
• If you are running an earlier release of the current version (for example, you are running 1.5.2 and the current version is 1.5.6), you should upgrade to the current version if you experience any problems. Each minor release fixes a number of bugs, so it is always good practice to upgrade to the latest minor version as a first step in troubleshooting a problem.

If you have a site that is working well on an older Joomla! version, you do not need to upgrade the site. At the time of this writing, both Joomla! version 1.0 and 1.5 are supported, although all new development effort is going into version 1.5. Version 1.6 is planned for release in a few months time.

Many Joomla! Extensions have been released for version 1.5, with more being offered each week. However, there may be specific cases where an Extension is available for version 1.0 and not available for version 1.5, and this could be a reason to use version 1.0.

This article is a basic outline of the differences between a Sub-Domains, Parked Domains, and Add-On Domains. Creation of each domain type on your selected hosting service may differ depending on what control control panel is offered. Each hosting service is diffferent in what their hosting plans include, so all three options may not be available under your plan. Any questions about what options are available with your particular plan, or for help in setting up these options on your hosting plan should be directed to your hosts support Help/FAQ pages or to your hosts support team.

Here are some basic differences between the three:

A vulnerable extension is one that has been found to contain (or contribute to) a security vulnerability.

Vulnerable extensions are not necessarily poorly-coded. As the Web evolves, technical requirements and commonly accepted coding practices change. Active projects release new versions of their extensions as requirements change. For this reason, it is important to:

1. Know the version numbers of all installed extensions.
2. Use only the latest stable version of all extensions.
3. Completely remove all files of insecure or unused extensions.
4. Check the Vulnerable Extension List on a regular basis and remove or update any extension version found to be vulnerable.

The Template controls the overall look and layout of your site. It provides the framework that brings together common elements, modules and components as well as providing the cascading style sheet for your site. Both the Front-end (Site) and the Back-end (Administrator) of your site have templates.

When Joomla! is installed several templates are automatically included. You can find many more templates at other websites. Some are available without charge under various licenses, and some are for sale. In addition, there are many designers available who can make custom templates. You can also make your own template.

Templates are managed with the Template Manager, which is located on the site menu on the Back-end of your site.

Open Source Matters is a non profit organization that provides financial, legal and organizational support for the Joomla! project. For more information on Open Source Matters, please visit the OSM FAQ http://www.opensourcematters.org/content/view/92/63/.

Joomlacode.org is the repository for the Joomla! source code as well as many open source Joomla! extensions. It requires separate registration from the the other joomla.org sites.

Overview

ModSecurity is an Apache module that functions as an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure. It is also an open source project that aims to make web application firewall technology available to everyone.

When configuring ModSecurity, it is important to know that it is not only the Joomla! application that may require unique rules, but also the data that the application processes.

Quality hosting providers customize mod_security rules to suit each customer.

If you have a conflict between Joomla and ModSecurity, it is often third party components, and sometimes even contact form submissions that trigger the problem. Joomla out of the box usually works with typical ModSecurity settings, but this is dependent on each hosting provider's unique configuration.

Overall, mod_security is a excellent tool, but this is really something your host should manage.

ModSecurity configurations are far too varied and complex to describe here. To learn more, see the following resources:

Resources

1. Official ModSecurity Site
2. ModSecurity and Apache

Legacy mode is a Plugin that can be activated by enabling the "System - Legacy" Plugin in the Plugin Manager. This Plugin emulates Joomla! 1.0 and allows many version 1.0 extensions to run on Joomla! 1.5. There is a minimal performance decrease by this, but in most cases it is not significant.

Extension providers still need to test and certify that their 1.0 extensions work in legacy mode. This is indicated by the tab "1.5 Legacy" in the Joomla! Extensions Directory listing.

Legacy mode should be viewed as transitional software that allows you to work with version 1.0 extensions until the extension provider has reworked the extension to work with 1.5 in native mode.

The Joomla! project does not aggregate the copyrights of its code contributors. No contributor is required to transfer his/her copyright to Joomla! and each individual contribution will forever remain in the ownership of its author. This also applies to translations of the Installation language set as these alone are included in the core release of Joomla!.

Open Source Matters Inc., a not-for-profit organisation, holds the Joomla! project's assets and represents Joomla!'s legal matters. Joomla! project claims copyright over the total aggregated creation which is the CMS and framework. This copyright is held by Open Source Matters Inc. This is why each file in the release is marked "Copyright - Open Source Matters Inc." This does not violate the copyright and ownership of the individual contributions. These always remain the authors' property. Attributions of the copyrights of contributors and other included code elements is detailed in the main copyright file in the root directory of the Joomla! installation. As the contributors do not transfer copyright they instead declare that their code contributions are licensed to Open Source Matters Inc. in a limited and non-exclusive fashion. Limited meaning that Open Source Matters Inc. may only use their contribution if it is released under GNU/GPL for the entire Joomla! CMS (or GNU/LGPL in the specific case of the Joomla! Framework Libraries). Non-exclusive meaning that the contributors are free to do whatever they wish with their own creations including using it for their own releases under any licence they wish (including commercial).

If you simply install Joomla! without any modifications or extensions, the following (incomplete) list of features will be included.

   * Content component which allows creation and display of "content items" usually in the middle of the page.
   * Front page component, which displays multiple recent content items designated as "front page" in the content manager. Configurable for layout and number of items.
   * Weblinks component for entering and displaying a list of weblinks.
   * Media manager for uploading and managing images and other media.
   * User manager (administrative end) and user registration module (front end).
   * Newsflash module for displaying specific content items as "newsflashes."
   * Modules for latest items, most popular, and related items.
   * A simple poll component
   * A menu system
   * A choice of several templates for your site[/li]
   * Installers for third party extensions (templates, components, modules and plugins/mambots).
   * The TinyMCE wysiwyg editor. 1.5 Also includes xStandard Lite
   * Administrative interface for managing your site

At any given time you may see a padlock next to a specific item in Joomla!'s administrative backend. These padlocks may be displayed next to any of the following (Content Items, Menu Items, Modules, etc).

The Joomla! system places these padlocks next to an item to indicate that a user is currently editing the item (i.e. the item is "checked out"). The lock is removed by the system administrator when the user clicks on the "Save" button for that item. If the user never clicks "Save" and instead hits the "Back" button or navigates to another page, then the item remains locked. If a different user needs to work with an item that is in the "checked out" state he or she must first ask a manager or administrator to check the item in before any new changes can be made.

There are two ways of checking items back in. One way is to contact the person that has the item checked out to see if they are done with the item. This can be difficult if you do not know who has the item checked out.

The other option utilises the administrative back end; Click on "System => Global check in" This option should be used very carefully, especially in multi-user environments. This single action checks in all previously checked out items, whether they were checked out by you or not. Possible undesirable side effects may be that multiple editors end up working on the same document. In this case whoever clicks the save button last has their version saved as the final copy.

Error 1 = FATAL ERROR: MySQL not supported...

You need to compile MySQL support into PHP or the MySQL server is down.

Error 2 = FATAL ERROR: Connection to database ...

Joomla! cannot talk to the database, most likly you have a typo in the username or password settings in configuration.php, or you are trying to access a database table with the wrong table prefix.

Error 3 = FATAL ERROR: Database not found...

The database cannot be found. Check the database settings in configuration.php

The MySQL variables in configuration.php (found in Joomla!'s root directory) can be modified to correct these problems.

For Joomla! 1.0.xx

$mosConfig_host = 'localhost';
$mosConfig_user = 'accountname__username';
$mosConfig_password = 'userpassword';
$mosConfig_db = 'accountname_dbName';
$mosConfig_dbprefix = 'jos_';

Modifying the $mosConfig_host to an IP Address of a remote host works for hosts that have separate MySQL servers from the client hosting servers.

Your "home" page in a traditional HTML site--the page that shows when you type mydomain.com for example--is the page in the index.html file.

Joomla! is a database-driven content management system (CMS); it does not have HTML pages, but rather assembles the pages from the MySQL database.

When you install Joomla! by default it has a menu link to the frontpage component as the home page. However, any content, component or other link can be used as the home page.

Changing the Home Page

The "page" that shows is determined by the Main Menu. Go to Menu > Main Menu. Select the item you would like as the home page and click the default icon.

See also

• How to determine if the user is viewing the front page (for developers).

Frontpage is a component that is part of the core of Joomla!, like the front page of a newspaper, it shows (usually) multiple pieces of content arranged in some way.

When you install Joomla! the front page component is by default set as the homepage of your site (that is it is the first link on your Main Menu) but front page does not have to be your "home" page.

What exactly appears on the front page and how it is laid out is controlled in two ways. First, if you open the menu link in your menu manager in the back end there are numerous parameters that control the number of items shown, the number of columns etc.

To control which items are shown you must also indicate that an item should be placed on the front page by editing the parameters for the content item. In the back end this will be indicated by an icon in the front page column of the list of content items/articles.

In addition, you can use the front page manager (in the content menu of the backend) to control the publication dates and other variables for content items that are on the front page.

Overview

Attackers sometimes hide code away from prying eyes by URL Encoding it.

The purpose of URL Encoding is to allow non-URL compatible characters to be passed via the URL. There are many legitimate reasons for doing this, such as hiding email from spammers, dealing with spaces in file names. etc.

However, if you find odd, URL-encoded text in your site's files, you should investigate immediately. URL encoded text is very easy to translate using PHP, javascript, or one of the many free, online translators.

Here are some trivial, non-functioning examples of URL Encoded text:

Resources

1. Text Unescape Utility
2. HTML URL-encoding Reference

10. Use the cheapest hosting provider you can find.

Preferably use a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites. Don't check the list of recommended hosting providers.

FYI: You can use a tool such as Robtext (if you are using a shared Hosting Provider) To see who you are sharing space with and if you should be proactive to request a move to another shared space. For example: http://www.robtex.com/dns/joomla.org.html or for REALLY cool information: Google.com: http://www.robtex.com/dns/google.com.html shows domain,shared,whois,blacklist,analysis,contact

Depending on the security configuration of your Web server the recommended default permissions of 755 for directories and 644 for files should be reasonably secure.

Full details can be found in Technical Requirements.

Articles

This gives you access to content. You can then choose from section, category, archive, articles, front page. Within section, category and archive you can choose list or blog layouts.

Blog Layout

Blog layout will show a listing of all Articles of the selected blog type (Section or Category) in the mainbody position of your template.

List Layout

Table layout will simply give you a tabular list of all the titles in that particular Section or Category.

Wrapper

Wrappers allow you to place stand alone applications and Third Party Web sites inside your Joomla! site. The content within a Wrapper appears within the primary content area defined by the "mainbody" tag and allows you to display their content as a part of your own site. A Wrapper will place an IFRAME into the content Section of your Web site and wrap your standard template navigation around it so it appears in the same way an Article would.

Each Component

Each component will have its own link. Some may require you to make additional choices of options.

External Link

Lets you link to an external site. There may be occasions where you also want to point to a link directly to a apage on your site.

Separator

This lets you make a text or image only (non-linkable) menu item.

Alias

Lets you make a link matching an existing menu item. This avoids the problem of having multiple URLs pointing to the same content.

There are three traditional backup types--full, cumulative and differential.

Full Backups

A complete backup of all associated files at a known point in time.

Both of these are considered Incremental backups, they can be used independently of each other or in conjunction with each other but always relate back to a FULL backup.

Cumulative Backups

This is a backup of the differences since the last FULL backup, so each cumulative backup gets bigger each cycle as it is also backing up data previously backup, since the last FULL backup.

Joomla! is a content management system. Sections and categories allow you to organize your content.

The basic structure is: Sections include Categories. Categories include content items (1.0)/articles (1.5).

Section A

Category A1
                content items/articles
Category A2
                content items/articles
Category A3
                content items/articles

Site templates divides the "pages" displayed on a site into a series of positions, each with a different name.

Extensions => Templates. Select the template you wish to preview and click the edit icon. Click the preview icon.

You can add or remove positions by modifying your template html.

You assign a module to a position using the module manager.

In the module manager, edit the module. In the left column select all, none or the specific pages you would like it to appear on.

Notes: Modules that are not pubished (1.0) or enabled (1.5) will not display. Modules can be assigned to unused positions (positions not in the template) if you want to have them published but not displayed in a position (for example, if you want to display a module in content using {mosloadposition} (1.0) or (1.5)). Multiple modules may be assigned to the same position. They will be displayed in the order shown for modules in that position in the module manager. If you want to display a module in more than one position, use the module manager to create another copy. 1.0 copy the module and assign the copy to the second position. 1.5 use the new icon and create another instance of the module.

This is how you apply the switches:

switch: -1

Strips all surrounding code from the module.

 <?php mosLoadModules ( 'user1', -1 ); ?>

The outputted html code looks like this:

<div class="user1_inner">
<ul class="latestnews">
  <li class="latestnews">
  <a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=3&Itemid=9"    
  class="latestnews">Newsflash 2
  </a>
  </li>
   <li class="latestnews">
  <a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=4&Itemid=9"  
  class="latestnews">Newsflash 3
  </a>
  </li>
  <li class="latestnews">
  <a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=2&Itemid=9" 
  class="latestnews">Newsflash 1
  </a>
  </li>
  <li class="latestnews">
  <a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=9&Itemid=2" 
  class="latestnews">
  Example News Item 4
  </a>
  </li>
  <li class="latestnews">
  <a href="http://localhost/projects/1112rc2/index.php?option=com_content&task=view&id=7&Itemid=2" 
  class="latestnews">       
  Example News Item 2
  </a>
  </li>
</ul>
</div>

Components

Content elements or applications that are usually displayed in the center of the main content area of a template. This depends on the design of the template in use. Components are core elements of Joomla!’s functionality. These core elements include Content, Banners, Contact, News Feeds, Polls and Web Links. Members of the Joomla! community produce third party Joomla! components on a continuous basis. They are freely available to download from http://extensions.joomla.org/ and a number of other web sites. See also Modules.

Plugins and Mambots

Plugins and mambots are the same thing. Plugin is the term used in 1.5 while mambot is used in 1.0.

A plugin or mambot is a small, task-oriented function that intercepts content before it is displayed and manipulates it in some way. Joomla! provides a number of Plugins in the core distribution, e.g. WYSIWYG editors, but there are many other plugins available for specific tasks. Some 3rd Party developer components have their own plugins which need to be installed in order to make the component work properly.

Unable to Connect to the Catabase: Could Not Connect to MySQL

If during or after installation, you received "Unable to connect to the database" error, verify that you have entered your MySQL database details correctly. The installation script will not allow you to continue unless the details are correct.

If the failure occurs after moving your site to another host, check the following items of your configuration.php file. The normal database settings are the following:

var $dbtype = 'mysql';
var $host = 'localhost';
var $user = 'user_with_database_access';
var $db = 'the_actual_database_name';
var $dbprefix = 'table_prefix_';

The Most Common Reasons

1. Sometimes you will see this message if MySQL has stopped running on your server. Your server administrator may temporarily turn MySQL off to run maintenance utilities. In such circumstances, your site will likely return shortly.
2. Your database user has been deleted. If this is the case, you will need to recreate your database user with the same username and password that existed when you first installed Joomla. Use your domain control panel to administer this or contact your server administrator.
3. Your database username or password has changed.

How do I eliminate the pathway or breadcrumbs?

The pathway or breadcrumb is a hierarchical trail that shows your current location on the site. The breadcrumb follows the Section, Category, Content Item hierarchy and a site's home page is always listed as the root of the hierarchy as "Home".

An example is as follows; You are currently reading a content item "New Page". This content item is a member of the "Pages " category. In the turn the pages category is a member of the "Books" section. In this case the breadcrumb for that page would look like: "Home >> Books >> Pages >> New Page".

There are two ways to configure Apache to use PHP:

1. Configure Apache to load the PHP interpreter as an Apache module
2. Configure Apache to run the PHP interpreter as a CGI binary

(PS: Windows IIS normaly configures as CGI by the way)

It is the intention of this post to provide you information relating to the configuration and recognition of each method. "In general" historically only one method or the other has been implemented, however, with the architectural changes made to PHP starting with PHP5, it has been quite common for hosting firms to configure for both. One version running as CGI and one version running as a Module. It is generally accepted more recently that running PHP as a CGI is more secure, however, running PHP as an Apache Module does have a slight performance gain and is generally how most pre-configured systems will be delivered out of the box.

We are sorry for any basic language used in this document. Before you post in the joomla security forum please read this checklist summary, then use it as a post template.

On Line Action List

• Take your site offline temporarily to prevent others being infected

• Run the forum post assistant and security tool The simple Instructions available here

• Ensure you have the latest version of Joomla

• Notify your host and work with them to clean up the site, and to make sure there are no back doors to your site.

This is now implemented by inserting a tag (button is in the editor area) a dotted line appears in the edited text showing the split location for the "Read more...". A new bot takes care of the rest.

It is worth mentioning that this does not have a negative effect on migrated data from older sites. The new implementation is fully backward compatible.

Many times you install Joomla in a sub-directory and then want to move it to a higher level directory, here's a short tutorial on how to do it. Note that this is written for Joomla 1.5, in case you are still using Joomla 1.0, migrate now!

Say you have installed Joomla in the following folder public_html/tryjoomla Now that you are satisfied with the site, you'll want to move to public_html

One challenge in Joomla! is ensuring that certain PHP files in public_html (or otherwise known as httpdocs or www depending on your server setup) containing executable code or confidential data are protected from direct Internet access.

There are various ways to protect such files, but most are not optimal. Many users and developer groups, such as Gallery2 and Apache.org strongly recommend against keeping vulnerable files and confidential data inside public_html.

The following method seems to be the simplest and most elegant way to protect read-only files that, for whatever reason, must be stored in public_html. In this example, we protect configuration.php, perhaps the most confidential file of any Joomla! site. Using this method, even if the Web server somehow delivers the contents of PHP files, for example due to a misconfiguration, nobody can see the contents of the real configuration file.

Short answer

Potentially, yes. Your site can be secure, but you must be careful and vigilant.

Long answer

A common security principle is to create various security levels and then grant access at each level only as required. On UNIX servers this is done by setting the user, group, and world permissions on directories and files.

Introduction Because passwords are stored using a one-way "salted" MD5 hash which prevents recovering the password, you cannot recover an existing password, but you can reset it to a new password by editing the password field in the database. In the following directions, you will set the password MD5 value to a known value and then log-in using the password that matches that value. Once logged in, you can change the password again using normal Joomla! user access screens.

What is a CSRF Attack?

A Cross Site Request Forgery (CSRF) attack relies on the trust a website has for a user to execute unauthorized requests and or transactions. For example, say a user is logged into their Joomla! websites' administrator interface in one tab and is browsing a compromised site in another tab. A simple CSRF attack can be launched simply by tampering with IMG elements in some browsers so that they point to something like

http://some/joomla/site/administrator/index2.php?option=com_users&task=delete...

15 megabytes (mb) of disk space should be enough for a default installation without additional extensions or media (such as image, audio, or video files). The database will be small when starting, and will grow when adding more content.

When PHP runs from FastCGI, your server runs the PHP interpreter like an Apache module, but with the rights of your user account. Usually, the PHP interpreter is either running as the user of the webserver (which is fast, but insecure, since everyone's scripts run with the same rights), or as a CGI program, which is slow. Thus, FastCGI is a good solution for shared hosting.

Since the PHP interpreter runs as a single instance, it does (AFAIK) not parse the .htaccess or php.ini files per directory. To change php.ini settings, your host must offer you a method to set up or modify your own php.ini, or at least parts of it. Here is how one of host does this: it parses one php.ini file (which the user can modify) once an hour, and puts some well-defined settings into the web server's main php.ini file. Thus, users are able to change some settings for their site only, such as turning register_globals off, switching between PHP4 and PHP5.

If your server uses FastCGI, you can ask them to enable a method such as the above example, or you may be able to ask them adjust some settings for you.

You can migrate a Joomla! 1.0.x site or a Mambo 4.5.x to Joomla! 1.5.

Joomla 1.5 does not provide an upgrade path from earlier versions. Converting an older site to a Joomla 1.5 site requires creation of a new empty site using Joomla 1.5 and then populating the new site with the content from the old site. This migration of content is not a one-to-one process and involves conversions and modifications to the content dump.

There are two ways to perform the migration:

• An automated method of migration has been provided which uses a migrator component to create the migration dump out of the old site (Mambo 4.5.x up to Joomla 1.0.x) and a smart import facility in the Joomla 1.5 Installation that performs required conversions and modifications during the installation process.
• Migration can be performed manually. This involves exporting the required tables, manually performing required conversions and modifications and then importing the content to the new site after it is installed.

Automated migration

This is a two phased process using two tools. The first tool is a migrator component named 'com_migrator'. This component has been contributed by Harald Baer and is based on his 'eBackup' component. The migrator needs to be installed on the old site and when activated it prepares the required export dump of the old site's data. The second tool is built into the Joomla 1.5 installation process. The exported content dump is loaded to the new site and all conversions and modification are performed 'on-the-fly'.

This is just a point by point summary of how I've been tuning and tweaking our Joomla sites to get them running as quickly as possible. For reference, we run all our sites off a Rackspace dedicated server, with 1Gb RAM, a 2Ghz dual core Athlon, running Apache 2.0.x (current revision), PHP 5.0.x (current revision) and MySQL 5.0.18.

These are listed in terms of apparent speed increase - that is, not the sheer speed for the full page, but the speed before the page is usable to view content, even if not all features are loaded.

1. PHP caching. I had been running eAccelerator, but switched to APC today, and it has made the system even faster than before, and eAccelerator was a big boost over uncached PHP. Joomla is a big complex system, so using precompiled code is a big time saver. I use a 128Mb in-memory cache, which is plenty for our needs.

Overview

Many shared server environments currently run .php scripts using the PHP4 interpreter and .php5 code using the PHP5 interpreter. Rather than changing all your file extensions, and perhaps breaking many links, use a .htaccess file to dynamically map one extension to the other.

IMPORTANT CAVEAT: One common reason for doing this is that hosts leave PHP4 configured with register_globals ON in order to support legacy code while offering PHP5 with register_globals OFF. If you are on a shared server at a host that has configured register_globals ON server wide, you should be very worried!

Turning register globals OFF via a local php.ini or a .htaccess file will NOT offer you any extra protection. Another exploited account on your server can simple hack yours. For server security, and since php 4.2, register globals is OFF server wide by default (php default). Any host overriding this is inviting trouble. If you need register globals ON for a specific site, simple use a .htaccess file for that specific directory, and server wide security will not be compromised. Of course, if you do this be sure all effected scripts fully sanitize input data.

Requirements

1. Your Apache server must be configured to use .htaccess files. If not, you may be able to request this from your host. 2. Your Apache configuration must allow the following setting. If not, you may be able to request this from your host. 3. Your host must have configured the .php and .php5 file extensions as described above. If not, they may possibly have chosen other extensions. Check with your host.

Directions

1. Check to be sure your site is configured to use .htaccess files.

2. Make a backup of the .htaccess file in your root public_http directory. If you don't have a .htaccess file at this location, create one now.

3. There are various ways to set the comman, depending on your server configuration. One of the following will probably work. Add ONE the following lines at the end of your .htaccess file. If unsure which to use, check with your hosting provider on which version works best for your configuration.

AddType x-mapp-php5 .php
AddHandler application/x-httpd-php5 .php
AddHandler cgi-php5 .php

4. Carefully test.

5. Delete the backup .htaccess file. Don't leave backups of .htaccess files in public directories.

Overview

Most users may not need more than 3 levels of passwords and webmasters no more than 5. Each level must be completely unrelated to the others in terms of which ids and passwords are used.

Directions

• Level 5 (Public) - is the password you use on public sites. It is not imperative that you use a different password on every site. In fact it's more effective to use a different username on every site than it is to use a different password truth be told! Knowing the username allows easy hacking...half the work is done! knowing the password is useless unless you know what account it goes to!

• Level 4 (Webmaster) - Reserved for SQL Only. this is a password that would only be used by SQL and limited to a specific database in SQL. The best way to protect SQL is by limiting each account to just being able to do the minimum that DB requires. In some cases it is even wise to have a read only account for display and a separate write account that the backend write functions use. But that doesn't apply to J! at all... for J! the best practice is to set up an individual account (not root for sure) that only has read and write access to the J! DB nothing else.

• Level 3 (Webmaster) - FTP and Server Access. these can be the same user:pass combo since both if compromised can do the most damage. doesn't matter if the backend or Cpanel is safe if the FTP is not and the same goes the other way!

• Level 2 (Personal Data Access) - This password should be used for any sites or locations that contain personal data with the exception of Banking (see level 1). these sites are often used for social engineering data such as medical records, service accounts and any financial records not directly related to banking! You want these to be secure but also different from the real threat of security...your money!

• Level 1 (Banking!) - this needs to be the most secure in fact if you have two different banks it actually pays to have a different user:pass for each just to be sure!

There are multiple methods available for creating a local development and testing environment for Joomla! on Win XP including:

• Xampp
• Bitnami Stack
• WampServer

XAMPP

1. Download latest version of Xampp for windows from Apache Friends.
2. Create an xampp directory at the root of C:\
3. Extract downloaded xampp zip file into newly created xampp directory
4. Locate extracted file xampp-control within the xampp directory and double click to execute xampp control panel.
5. Select services that you would like to start
6. Click Start

1. Click on Apache Admin button to view local web server main page

**Apply Xampp Post Installation Security Settings Utilizing the Security Option on the Left Menu.**

In Joomla! 1.5, many Article parameters, such as Show Title, Show Author, and so on, can be set in three places:

1. the individual article (the Article:[Edit] screen)
2. the menu item (Menu Item:[Edit] screen)
3. global parameters (Article Manager / Parameters)

Typically, parameters at the individual article and menu item levels can be set to a specific value or to a value of "Use Global". If the individual article's parameter is set, then that value controls the setting. If this is set to "Use Global" then the menu item parameter is checked. If the menu item is set to a specific value, that value is used. If the menu item is set to "Use Global", then the global parameter setting is used.

A similar hierarchy is used for other content items, such as Banners, Contacts, News Feeds, and Web Links.

Global preferences in content are set in the article manager.

In the backend, go to Content>Article manager.

On the tool bar, second from the right, there is the preferences icon.

Click that and set your global preferences.

The forum search is somewhat tricky. Here are some tips for effective searching:

1. Searches are case sensitive, so try upper and lower case. For example, xml and XML will give different results.
2. Searches are for whole words, so for example error and errors will give different results.The forums are spidered by external search engines so you may be more successful using one of these.
3. Advanced search will let you search with more parameters.

Overview

This can be a very effective way to protect your Joomla! administrator directory. Any other directory in public_html can be protected in the same way. This method only works if you have a static IP address assigned to you. Anyone attempting to browse such directories using a different IP Address will get a 403 Forbidden error.

Directions

1. In the directory you wish to protect, open (or create) a file called, .htaccess. (Note the dot at the beginning of the file name.)
2. Add the following code to this file, replacing 100.100.100.100 in this example with the static IP address you plan to allow:

Order Deny,Allow
Deny from all
Allow from 100.100.100.100

• Optional: You can enter partial IP Addresses, such as, 100.100.100. This allows access to a range of addresses.

• Optional: You can add multiple addresses by separating them with comma's.

100.100.100.101, 100.100.100.102

You can request a feature here:

http://forum.joomla.org/index.php/board,38.0.html

or here:

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemBrowse&tracker_id=20

You will need to register at joomlacode.org to submit a feature request.

If you think you have found a bug, please report it.

Please start by posting a description in the Quality and Testing Forum for the release. This will allow others to see if the problem can be reproduced.

1.5: http://forum.joomla.org/index.php/board,199.0.html

Before reporting a bug to the issue tracker, we strongly recommend reading How to Test and Report

To report a bug using the tracker you need to register at joomlacode.org.

For bugs in the 1.5 series, please file the report here: http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemBrowse&tracker_id=32

The setting for the Page Title is located in the parameters of each Menu Item under "Parameters (System)".

For Example to change the Page Title for the Home page of the Sample web site, you would navigate to Menus / Main Menu, click on "Home" to open the Menu Item:[Edit] screen. Then click on "Parameters (System)" to show the System Parameters, and either change the "Page Title" parameter or set "Show Page Title" to "No".

Select the redirection page from the list of menu links offered. Make sure that the link is to a published item.

Note: The same procedure is used for redirecting users on successful logout except you enter the page where you want to redirect successful logouts to where it says "Logout Redirection URL."

If you would like to override the default login specified in your Administration back end from your custom code you can do so with the following:

Using Joomla! Administration

In the Back-end, go to Site --> Global Configuration --> Server.

Using the UNIX shell

Note: The find command automatically assumes that it should start from the current directory. To be safe, go to your public_html directory and specify a path as the first argument. Some shells, such as bash on Apple OS X, must have a path specified in the find command.

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chmod 707 images
chmod 707 images/stories
chown apache:apache cache

Notes:

1. Test all third party extensions after changing permissions.
2. You may need to reset write permissions to install more extensions.

Normally, you can add, edit and delete users and passwords from the back-end User Manager. To do this, you must be logged in as a member of the Super Administrator group.

In some situations, this may not be possible. For example, your site may have been "hacked" and had the passwords or users changed. Or perhaps the person who knew the passwords is no longer available. Or maybe you have forgotten the password that was used.

You will usually want to associate modules with articles in some way. The modules are allocated to module positions and the module positions appear somewhere on the web page as determined by the template. However, it is sometimes useful to have a module actually embedded in the article content itself.

To insert a module inside an article you use the "" command, as follows:

1. Create a module and set its position to any value that doesn't conflict with an existing template position. You can type in the position value instead of selecting it from the drop-down list. For example, use the position "myposition".
2. Assign the module to the Menu Items that contain the articles that you want the module to show in. You can also just assign the module to "All" Menu Items.
3. Edit the articles where you want this module to show and insert the text "" in the article, at the place where you want the module to show.

The module will show at that point in the article.

Note that this only works when the plugin 'Content - Load Module' is enabled. If this plugin is disabled, the text "" shows unchanged in the article.

Overview

This FAQ explains how to protect the Joomla! /administrator/ directory on Apache servers using the htpasswd utility. You can easily adapt these instructions to protect other directories. If you need help finding or creating your .htaccess file, start here.

Caveat (From Apache.org)

Basic authentication should not be considered secure for any particularly rigorous definition of secure. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text across the network. Anyone listening with any variety of packet sniffer will be able to read the username and password in the clear as it goes across.

If you're just getting started, take a look at the Absolute Beginners Guide to Joomla!. There are a great many conceptual ideas there that you need to understand.

There are five parts to setting up your frontpage.

1. Choose a desirable template for your site. Install it, and get it basically working. The template determines the column layout for your site.
2. Choose and configure your modules, so your frontpage displays the right menus, etc. Modules are those things like menus, login forms, banner-ad positions, "Breaking News" boxes, etc., that show up on the pages of your site.
   • Use Extensions/Module Manager in your backend menu to do this. Edit each module in turn to place it in the correct spot on your template (for example, right, left, breadcrumb, etc.)
   • You can disable the modules you don't want to see, enable the ones you do, position them within your template, and control their order from the Module Manager. When you're doing this, make sure you have not enabled caching.
   • If caching is enabled, it may look like your changes are not taking effect, which can drive you crazy.
   • Use the Preview button on the backend (upper right), and Shift-Reload on your browser, liberally to make sure you have things right. Change one thing in the backend, then view the frontpage again.
   • Note well: all modules in 1.5 are controlled from Extensions / Module Manager, even the ones that aren't really extensions.
3. Make sure your frontpage is configured so that the front page manager can control the order of articles in your front page. You need to set certain advanced parameters correctly.
4. Use the Content Manager to enable certain articles to be published on the frontpage. Only enable the ones you want on the frontpage.
5. Use the Front Page manager to set the order of articles on your frontpage.

Templates are just a series of xml, php, html and image files that are stored in the templates directory of your site. You can edit these files or you can use the editing interface available in the Template Manager.

In the Back-end, select Site>>Extensions>>Templates. Select the template you wish to modify. Click the edit icon.

both You are given the choice of editing "html" and "css."

CSS stands for cascading style sheets. This controls many elements of the look and feel of your site. HTML is the file that controls where positions are defined and positioned. Other than that, it should be noted that, with a few exceptions, what is in the .css and what is in the HTML files largely depends on the approach of the tempate designer.

One common change is to use your own graphic/image. Graphics are linked to in the HTML file. Simply change the reference to the image of your choice. Keep in mind that it if it is a different size than the original image this may change the appearance of the site in unexpected ways.

To make a menu link that does not connect to anything (is not clickable) use the link type Separator/Placeholder

The simple answer is that you get the page URL you want to link to and then make a link using whatever text editor you are using or (if you have no wysiwyg) with html.

The more complicated answer is that some text editors have fancier links managers. A number of these editors are available in the Joomla! Extensions Directory.

See the Tips and Tricks article How_to_control_module_display_when_linking_to_an_article_with_no_menu_item for more detailed information.

Before starting it always is wise to read the documentation associated with an extension. Most extensions have homepages and forums, and it is a good idea to look at them first. If there is a README file included with the extension, you should read it.

For most extensions and most users, the procedure will be:

• Download the extension to your local machine as a zip file package.
• From the backend of your Joomla site (administration) select Extensions -> Install/Uninstall.
• Click the Browse button and select the extension package on your local machine.
• Click the Upload File & Install button.
• Some extensions may provide further instructions on installation.
• Note that modules and plugins must be enabled before they will work.

There are some situations in which this procedure will not work.

Sometimes you need to unzip the file locally prior to installing. If you get an error saying that the file is not in the correct format, the need to unzip is a common cause of this. After unzipping try installing the individual items. Note that the files you upload using the installer still need to be zipped.

Sometimes you cannot use the automated installer. For example, very large extensions may exceed the maximum upload size allowed by your host.

Also, If you see an error like this:

Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(/) is not within the allowed path(s): ...

this is because of a restriction of your hosting account and a Joomla bug (trying to check if the root directory exists). You will not be able to use the automated installer.

Manual Installation

First, unzip all of the files locally. Then transfer the files (using FTP) to a folder in the install directory (for example administrator/components/com_installer/components) for the type of extension you are installing. Then use the installer, but select "install from directory" indicating the correct folder name. This folder name should be an absolute path from the root of the filesystem.

In the Back-end of the site, go to Extensions>>Install/Uninstall.

Browse for the template zip file and click Upload File and Install.

Alternatively, you can install from a directory or URL.

To make the new template the default template for your site, select it and click the default icon (star).

Instructions for installation can be found here. http://help.joomla.org/content/section/48/302/

 

1. Rename htaccess.txt to .htaccess.

• If Joomla is installed in its own folder, uncomment "RewriteBase /" and enter the Joomla folder name after the backslash. Example: RewriteBase /joomla

2. Make sure that Mod_rewrite is working. Check that the line shown below in the file "apache/conf/httpd.conf" is uncommented. If necessary, uncomment the line and re-start the Apache web server.

LoadModule rewrite_module modules/mod_rewrite.so

3. In Global configuration, select yes to all three SEF options. The action of the three parameters is as follows:

• Search Engine Friendly URLs. Converts the URLs from the native Joomla! format to the SEF format.
• Use Apache mod_rewrite. Uses the Apache "mod_rewrite" function to eliminate the "index.php" portion of the URL. If you don't want to use mod_rewrite, set this to "No" and don't rename the htaccess.txt. The SEF URLs feature will still work. The only difference is that you will see "index.php" in the URL, for example, http://www.yoursite.org/index.php/faq.html.
• Add suffix to URLs. Adds ".html" to the end of URLs.

Breadcrumbs are a core module in Joomla! 1.5 and can be enabled or disabled for all pages directly through the Module Manager in the Back-end. Just navigate to the Module Manager, find the Breadcrumbs Module, and disable it.

To prevent the breadcrumb pathway from displaying on the Frontpage only, change the code of the index.php file of your template as follows:

Replace

<jdoc:include type="module" name="breadcrumbs" />

with

<?php if( JRequest::getVar( 'view' ) == 'frontpage' ) { ?>
    <p>&nbsp;</p>
<?php } else { ?>
    <p>You are here: <jdoc:include type="module" name="breadcrumbs" /></p>
<?php } ?>

Any Joomla! Module can be disabled from the Module Manager. To do so,

1. Log in to the Joomla! back end and navigate to the Module Manager.
2. Locate the desired Module (for example, News Flash).
3. Click on the icon next for this module name in the "Enabled" column. This will toggle the Module between "enabled" and "disabled".

Check the active processes

Use the "ps" command to look for odd or unknown processes, if you aren't sure what to look for there, user "netstat -ae | grep irc" and/or "netstat -ea | grep 666" and look for ports 6666, 6667, 6668, 6669, these are common ports used for running IRC bots, they may have the name "irc" listed against them, or may have "httpd" or sometimes other regular services names.

Check crontab

Check your crontab and see if there is a strange entry, these are used in many exploits to restart IRC bots, even when admins or automated process monitors are used to kill a rogue process.

Check for hidden files or directories

Check for hidden files or directories you dont expect to see, those starting with "." (dots) and also look for ". " (dot, space) often favored to try and catch searches for hidden directories.

Other examples of searches that may help pin down exploits and/or unexpected files and folders:

find /home -type f | xargs grep -l MultiViews
find . -type f | xargs grep -l base64_encode <<< this can produce false positives, it is valid in many mail/graphics scripts
find . -type f | xargs grep -l error_reporting
find / -name "[Bb]itch[xX]"
find / -name "psy*"
ls -lR | grep rwxrwxrwx > listing.txt

The official Joomla! extensions site: http://extensions.joomla.org/ is the main source for extensions. If you cannot find what you need there, you should also search the Joomla! Extensions Directory Forum.

If you still cannot find the right component then you should post a request or question in the Extensions Directory forum.

• 1.5:
• 1.0:

Problem Your PM-box is full and nobody can send you anymore messages. How to solve this?

Solution go to your messages and "check" the box and click delete for those you want to delete.

Note: READ them first before you delete them!

• Go to extensions>>Module Manager
• Find the Feed Display module
• Enter the URL of the feed.
• Save and display the module like any other module.

A second way is to use the News Feeds component that comes with Joomla!

• In the administrator go to components>>News Feeds
• In the component you can manage your news feeds and assign them to categories.
• To show the feeds on the front end make a component link in your menu.

To make a custom module, go to the module manager and then click on "new." This will give you a detailed list of existing modules. Look for "Custom html." Select this, and then click on next.

When you are first trying out Joomla!, it is often recommended that you install it on your local system. (e.g., "localhost"), for example with XAMPP, and get your site running locally. Eventually you may want to copy this site to your remote host. Fortunately, this is easy to do.

This article assumes you have installed Joomla! 1.5 on your local computer, you have created a website and you now wish to copy this website to your remote host.

Here are the steps:

Introduction

When using PHP as an Apache module, you can change the configuration settings using directives in Apache configuration files (e.g. httpd.conf and .htaccess files). You will need "AllowOverride Options" or "AllowOverride All" privileges to do so. If you control your own Apache configuration, you can and should use httpd.conf. If you do not control your Apache configuration (such as on a shared server), you must use .htaccess files.

Directions

1. First look for the file, htaccess.txt in your root directory. It should have been installed during the Joomla! installation. (Note that this file name does not begin with a dot.) Open and carefully read htaccess.txt. It contains important suggestions on how to protect your site.
2. Make any adjustments to this file as appropriate for your site, and then save it in your site's home directory as, .htaccess (including the dot).
3. Test your site's front end and back end. If it produces errors, rename the file back to htaccess.txt, and troubleshoot your edits. If you are unable to get this working, you may have to leave the file named htaccess.txt.
4. Use phpinfo() to ensure that all configurations set as you intended. Note: Web-accessible files that include phpinfo() are potential security risks they offer attackers lots of useful information about your server. Always remove such files after use.

More Information

• Official PHP Manual: How to change configuration settings
• Official PHP Manual: List of PHP INI directives

The optional style="" attribute is available for the module and modules types of <jdoc:include /> statements. The attribute value refers to the "chrome" style used to wrap the output generated by a module. If no style is provided, a value of "none" is used by default. The standard styles which are declared in /templates/system/html/modules.php include:

• table
• horz
• xhtml
• rounded
• outline

Template designers may add additional chrome names by adding a custom version of this file to /user-template/html/modules.php.

For more information on module positions in templates, see jdoc statements.

The most important thing anyone can do is make good decisions regarding the extensions they choose to use on a site. Once an insecure or malicious extension is installed you should consider your entire site compromised. There is NO POSSIBLE WAY to protect or stop a component from accessing database tables it should not be accessing. There is no possible way to stop a component from sending all of the information it found back to a cracker website. Once an insecure or malicious component is installed, your entire site is insecure.

With all of that said, here are some pretty easy tips for making good choices regarding the extensions you install:

1. When was the last version released?

If it has been over a year, consider the project abandoned and find something else. Do not install old components.

2. What kind of release is it?

The following is a short list of security-related requirements. Depending on your specific needs, you may have many other security requirements such as shell access, cron access, SSL server, etc.

• Choose *NIX: Joomla! requires at least PHP and MySQL to run. Because Apache/PHP/MySQL run best on UNIX or GNU/LINUX servers, choose a host that offers these options.
• Use Secure FTP: Choose a host that requires SFTP (Secure FTP) for transferring files. This prevents others from snooping your user name and password from packets as they travel over the Internet.

One common template change is to use your own graphic/image. Simple graphics (not banners) are linked in the HTML file. Simply change the reference to the image of your choice in the HTML file of your template. Do this by, in the adminsitrative interface, going to Site>>Template Manager and then selecting your template. Click the icon for html.

In Joomla v1.5+ from the adminsitrative interface go to the drop down menu item Extensions to find the Template Manager.

Keep in mind that if it is a different size than the original image this may change the appearance of the site in unexpected ways.

The images for a given template are generally located in this folder:

/templates/templatename/images 

(where you substitute the name of the template you are using.)

Favicon is the favorites icon that is associated with your site and appears in the browser address bar. Both Joomla! 1.0.x and 1.5.x come with a default favicon that displays the Joomla! Logo. You may change that as long as your new favicon is in the ICO format and sized 16×16 pixels. Here's how to do it:

Unlike the 1.0.x series, the only name you are allowed to use for your favicon is favicon.ico but you are offered the flexibility to associate different favicons with different templates. You only need to upload your favicon.ico into the main folders of your front-end and back-end templates, which are found in the /templates/ and the /administrator/templates/ folders respectively, overwriting any favicon files that came with your templates.

However, if you'd rather use a single favicon.ico for all your templates, just upload it into Joomla!'s main folder (that's where your index.php resides) and into the /administrator/ folder. Make sure you delete all favicon.ico files found in the template folders mentioned above because Joomla! will check your template folder first for the favicon.ico file.

Note

To see the new favicon you will need to empty your browser cache.

The date format information for Joomla! 1.5 is stored in the file <Joomla! home>/language/<your language>/<your language>.ini. For example, for English, it is <Joomla! home>/en-GB/en-GB.ini.

To change the date format, find and edit the values "DATE_FORMAT_LCx". By default, the date is in international format (for example

If you try to delete or block a user who is a Super Administrator, you will get an error message saying "You cannot delete (block) a Super Administrator". If you need to delete or block such a user, do it in two steps as follows:

1. In the User Manager, change the user's group to something other than "Super Administrator". For example, change the user to the "Registered" group. Press Save or Apply to save the change.

As of 1.5.9, if the SA user is already blocked (since 1.5.9 seems to not allow blocking a Super Admin, this is probably an obscure case where the SA was blocked, then Joomla upgraded) unblock him/her and Save. THEN demote the user, then...

1. Delete or block the user in the normal manner. To delete, select the user in the User Manager and press the Delete icon in the toolbar. To block the user, open the user for editing and set "Block User" to "Yes".

Directions

Add Apache rewrite rules to your .htaccess file. For example, the following will redirect all attempts to access files with names starting with, "phpMyAdmin" to index.php.

Sample Apache Rewrite Rule

RewriteRule ^/phpMyAdmin.*$ /index.php

Some Regular Expression Tips

^ Means start of filename
. Means any character other than newlines
* Means one or more of the previous character
$ Means end of line

Caveats

1. Your server must allow .htaccess files for this technique to work.
2. If you do not have a .htaccess file in your root directory, see the related FAQ first.
3. Do not use this method to redirect image hot links to HTML pages or to servers that are not your own.
4. Hot linked images can only be replaced by other images, not with HTML pages.
5. As with any .htaccess rewrite, you may block legitimate traffic, such as users behind proxies or firewalls.

Directions

1. Create a jpeg image called no_hot_link.jpe. Note that the odd file extention (.jpe) is intentional and important. Place this file in your images directory.

In Joomla! there is a default template, but you can assign other templates to specific "pages" that are defined by menu links.

To assign a template to a page, you must first make sure that there is a direct menu link to the page.

• Go to Extensions>>Template Manager
• Select the Template and click the edit icon (or click the template name)
• In the left column, change "None" to "Select from List."
• Select the links you want to apply the template to.
• Save

Note that you cannot assign the default template to individual pages.

Understanding

The templating system uses the ItemID to determine which template to show. ItemIDs are created when you create a menu link. This is why only menu items are shown in the list of pages to which you can assign templates.

Navigate to Extensions>>Module Manager. Select the module you want to assign and edit it.

On the left there is a list of menu items. You can chose between None, All and Select Menu Item(s) from the List. To assign to some but not all pages choose the third option and select the menu links that you want the module associated with.

Notes:

• If your module is assigned to a position that does not exist in the template used to display a page, the module will not appear even if it is assigned to a specific page.
• If your module is not published/enabled it will not appear even if assigned to a page.
• You cannot assign a module to a URL link. This is because URL links do not have Itemids assigned to them.
• You cannot directly assign modules to pages that are only linked via content (for example, a link from one article to another) or other, non-menu modules (for example, a link to an article from a module), because these also do not have Itemids. One work-around for this problem is to have an unpublished menu that contains links to the items you wish to link through non-menus. This will create an itemid that can be included in the url you link to.

Navigate to Extensions>>Module Manager.

(Note: all available modules show up under this Module Manager, even though some of them are built into Joomla! and are not extensions.)

On the left side of the page, on the third line, there is a menu that lets you select the position. You also can create a new position name on the fly but typing it in the same space as the menu. (In that case, make sure the same position name also appears in the template file.)

Modules that are not published will not display.

Modules can be assigned to unused positions (positions not available in the template) if you want to have them published but not displayed in a position (for example, if you want to display a module in content). See How do you put a module inside an article? for instructions on putting a module inside an article.

Multiple modules may be assigned to the same position. They will be displayed in the order shown for modules in that position in the module manager.

If you want to display a module in more than one position, use the module manager new icon to create an additional copy and assign that copy to the second position.

Edit your /includes/defines.php file. Below is the relevant code.

define( 'JPATH_ROOT' , implode( DS, $parts ) );
define( 'JPATH_SITE' , JPATH_ROOT );
define( 'JPATH_CONFIGURATION', JPATH_ROOT );
define( 'JPATH_ADMINISTRATOR', JPATH_ROOT . DS . 'administrator' );
define( 'JPATH_LIBRARIES' , JPATH_ROOT . DS . 'libraries' );
define( 'JPATH_INSTALLATION' , JPATH_ROOT . DS . 'installation' );

The list of available positions where you can insert a module is controlled by the template you are using. It is possible to add new positions to a template. In this example, we will add a new position to the default rhuk_milkyway template. Here are the steps.

PayPal, Google, and other sites often provide HTML code that you can use to insert links into your website. You can insert this type of HTML code, including forms, either inside an Article or using a Custom HTML Module. However, the TinyMCE editor will normally strip out this type of HTML code. So if you try to paste in some types of HTML code using this editor, it will not work, since the editor will remove the code when you save the Article or Module.

To avoid this problem, do these steps:

Unix/Linux file permissions can be confusing. The basic UNIX permissions come in three flavors;

Owner Permissions : Control your own access to files.
Group Permissions : Control access for you and anyone in your group.
Other Permissions : Control access for all others.

In Unix, when permissions are configured the server allows you to define different permissions for each of these three categories of users. In a Web server environment permissions are used to control which Web site owners can access which directories and files.

What do Unix permissions look like?

When viewing your files through an FTP client or from the servers command line;

filename.php username usergroup rwx r-x r-x

Introduction

The method described below should be used for relatively minor modifications, such as adjusting menus or quickly reorganizing content sections. More complex tasks, such as installing new components or adjusting complex configuration settings should be performed and tested on a development server first. Not only does this keep your public site up and running, but it also lets you test at your leisure, thus reducing errors. One way to do it is to create a sub-domain (i. e., dev.yourdomain.com) and install Joomla! there just as it is installed on your public site.

Directions

1. Login to the administrator section, and choose: Site > Global Configuration.

2. The first option you'll see is is to set the site offline. Choose "Yes" and press the Save button. This will hide prevent display of all site pages, and replace them with the following message:

"This site is down for maintenance. Please check back again soon. message instead."

3. While you are logged into the "back end" administrator system, you can still view the "front end," by choosing Site > Template > Preview. This will display the site as it would appear to users along with a warning at the top that the site is down for maintenance.

There are several ways you can help the extension submission process go faster and smoother. As you may know, the Joomla! Extension Directory is supported by volunteers and it takes time to go through all the extensions. To make things easier:

• Make sure your download link leads directly to the download page. It makes downloading and testing the extension a whole lot easier.
• Make sure a front-end/public/guest user can actually download the extension.
• Test your extension to make sure the package can be installed.
• If you have use the Joomla! logo anywhere, make sure it follows the logo guidelines.
• If you need to make changes to your extension listing and it has not been published, do not submit another application. Removing duplicates takes up precious time. Instead, either email your changes to This e-mail address is being protected from spambots. You need JavaScript enabled to view it with detailed information about your extension or wait until your extension is published.

Use the free Joomla extension, Joomla! Tools Suite (JTS), which is a Joomla! environment audit, maintenance and diagnostic application written in PHP. The JTS suite of tools can diagnose, report and advise on common installation, health and security issues, including performing several common performance and recovery actions.

Project Home: http://joomlacode.org/gf/project/jts/

Many problems with search engine optimization (SEO) arise from the fact that a host has not enabled mod_rewrite on the server.

1. Enable SEO in your administrator! (administrator > SEO > Enable > Save)

2. Rename your htaccess.txt to .htaccess, or use your existing .htaccess file.

3. Place ONLY the following lines in your .htaccess file.

     Options +FollowSymLinks
     Redirect /joomla.html http://www.joomla.org

4. Point your browser to: http://www.mysite.com/joomla.html

(Replace 'mysite.com' with your site's actual URL.)

5. If you are redirected to www.joomla.org, mod_rewrite is working. If you get an error, mod_rewrite is not working.

6. Note: if your site is located in a sub-domain, for example "test" you need to modify .htaccess as follows:

     Options +FollowSymLinks
     Redirect /test/joomla.html http://www.joomla.org

Introduction

This FAQ explains how to set boolean PHP configuration directives using php_flag. The format for php_flag is: php_flag name on|off

Directions

1. Open the .htaccess file located in your site's home directory, or if you don't have one, create a blank one now. Note the period character (.) at the beginning of the file name.

2. Add any of the following code samples to your .htaccess file, each on it's own line. These sample commands will prevent common global variable injection attacks, cross site scripting (XSS) sttacks, and code injection attacks.

php_flag register_globals off

php_flag allow_url_fopen off

php_flag magic_quotes_gpc on

Note that although the magic_quotes_gpc directive adds a layer of security, for performance reasons it is not considered a best practice. If you have verified that your site correctly filters and validates all user data (and every production site really should), then there is no need to add this directive. If you have any doubt, add it.

3. Save the .htaccess file in your site's home directory.

4. Test your site's front end and back end.

On a private server with a small, controlled set of users, there is no need to use a chmod 777 to make the Joomla! folders writable in order to perform installs. You can set the server up so that both Apache and FTP have control of site files.

Directions

1. Edit the Apache user.conf file and tell apache to run under the FTP account.
2. chmod the entire site to 644 or 744. Apache should be able to run just fine that way.

Optional

1. chgrp the entire web space to the FTP group so that only those with FTP access can write to the server.
2. chmod the entire web space to 764 or 664 will be possible giving other users write access as well

Directions

1. Change all relevant passwords: Assume your passwords have been harvested and immediately change all critical passwords, including shell access, FTP access, Joomla! Administrator accounts, and the database account.
2. Check raw logs: Identify when and how the attackers gained access to your site by carefully reviewing your raw server logs. Make careful note of the date/time and names of attacked files. Note that these logs may have been deleted or altered, so a lack of evidence does not prove a lack of activity.
3. List recently modified files: Before making any changes to your site, generate a list of recently modified files. Here's a php script that will list the files for you. Remove this script as soon as you have your list and don't publish a link to it!
4. Note suspicious newly-created files: Use this list to identify new files that don't belong. Pay particular attention to their creation and modification dates, and correlate them to the dates of attacks shown in your log files.
5. Note suspicious recently-modified files: Check the modified files list for any files that were recently changed. Pay particular attention to the modification, and correlate them to the dates of attacks shown in your log files.
6. Check for bogus CRON Jobs: Hacked cron jobs can be setup to reinfect your site over and over again.
7. Coordinate with your host: If you have identified how you were cracked, report the method to your host. If you are on a shared server, you may habe been attacked through another vulnerable site on your server. Report this to your host. A reputable host will appreciate your efforts in this area.
8. Delete the entire public_html directory: This is the best way to guarantee that every potential vulnerability in that site is removed.
9. Delete related database records: This step may only be possible if you have good backups. Simple script kiddies, who are only trying to mark your index page, may not attack your database, but professionals are usually very interested in confidential data, such as passwords. They may pose as script kiddies to avoid suspicion while repeatedly harvesting confidential information from your database.
10. Reinstall everything: Use pre-crack backups. If you don't have good backups, go on to step 10.
11. Reset critical passwords again: You must reset your passwards again now that your server is finally cleaned of any possible, hidden trojan horses.
12. Rebuild site: If you are unable to rebuild from clean backups, rebuild your entire site using original, pre-crack installs. Use only the latest stable versions of all software, and check the List of Vulnerable Extensions
13. Review security processes: Follow standard security precautions for important settings in php.ini, globals.php, configuration.php, .htaccess, etc.
14. Review backup processes: If you don't already have one, add a dependable backup process to your site administration practices.
15. Stay watchful: Attackers often return repeatedly. Closely monitor your raw logs for suspicious activity.

No. In Joomla! 1.5, the home page can be any type of menu item and can have any name. The only requirement is that one menu item must be assigned as the "Default" menu item. This is the menu item that will display when a user navigates to your URL.

Also, any menu item can be assigned to use the "Front Page" menu item type.

The problem

After entering the Global Configuration area on the site Administrator “back-end” and then clicking on either the “Save” or “Apply” button to save the current choice of site configuration, the following error message appears: “An Error has occurred! Unable to open configuration.php file to write!”, possibly accompanied by: “JFTP::write: Bad response” if you are working in FTP enabled mode.

Reason for this error

The configuration update script in Joomla! has been unable to change the contents of the file “configuration.php” to reflect any changes you made on the Global Configuration page. Joomla! has either been unable to write to the file and/or unable to make the file writeable (i.e. R/W). Since Joomla! 1.5.x attempts to make “configuration.php” writeable before saving the configuration, the latter is more usually the case. The most common reason for this is

[Joomla 1.5+] Starting with Joomla 1.5 and its move to Internationalization and full support of UTF-8, messages for footer.php and other Joomla pages has been moved to a language specific file.

If you want to change the text, go to the language directory, go to the folder of the language you want to change, find the mod_footer.ini file and change the relevant text. For British English, the specific file is language/en-GB/en-GB.mod_footer.ini. Remember that you may not remove copyright and license information from the source code.

If you want to remove the footer entirely, go to Extensions > Module Manager and unpublish the footer module.

Other places where can look for options to make changes are these. If you find code related to footers in these files, you can either "comment it out" or remove it:

• /includes/footer.php file.
• index.php file for your active template

[Joomla 1.0] Yes. You may remove that message, which is in footer.php. You may however not remove copyright and license information from the source code.

No, Articles and other content items cannot be assigned to multiple categories or sections. In Joomla! 1.0 and 1.5, content items are restricted to a single category in a single section.

Possible work-arounds include:

• creating duplicate articles in multiple categories.
• using menus rather than dynamic lists of content items.
• using various third party extensions that simulate assignment to multiple categories.
• using key words to simulate categories and sections.

Upload Using Media Manager

The simplest way to add images is to upload them from your computer using the Media Manager. First, of course, you have to download the image onto your computer and be able to find it. Then, from the Control Panel (back-end administrative interface) navigate to Site -> Media Manager.

On the left is a directory tree, with the root directory "Media". This corresponds to the default "images" directory, yoursite/joomla/images. Pick a subdirectory where you want the image located, or else do nothing to upload the image to the default images directory.

At the bottom of the page is a typical Upload box. Click "Browse" to locate the image on your computer, then "Upload" to upload the file to the server.

FTP

Of course, you can upload images to a server using any standard FTP client. You might find this handier for adding images to template directories; however, if you have FTP set up, you probably don't need an explanation of how to add an image. Also, many server administration panels such as Cpanel and Plesk have upload capabilities.

Extensions

There are several extensions, available from the Joomla extensions section, that handle image uploads.