Joomla Hosting BLOG

Blog about Joomla, Technologies and Hosting Service

Joomla Hosting - ASPHostPortal.com :: Joomla Security Issues that Get Sites Hacked

clock February 22, 2017 04:56 by author Armend

As Joomla site recovery specialists, we're regularly approached for help and see the same Joomla vulnerabilities come up time and again. What's sad is that they are incredibly easy to correct, but once a Joomla site is hacked it comes at considerable cost to get it fixed and secure again.

The Security Issues

#Issue 1: Build it and Forget It
The number one cause of hacked sites is lack of maintenance. It is incredibly simple and doesn't require much investment in time, but most sites get hacked simply because they do not stay up-to-date with the security releases for the Joomla core or its extensions.


The problem stems from the fact that hackers are more and more aggressive and use automated tools to execute attacks at scale. 10 years ago you could leave a site as it was for several years, but these days any open source software, including Joomla, requires maintenance and security patch application.
The web is a wild west and your website needs to stay up-to-date if you're going to keep the desperadoes out.

The fix:

  • Create a schedule for checking for and applying updates.
  • Sign up for notifications from the Joomla vulnerability database and the Joomla core security notification list.

If you're the site builder: make sure and offer your clients some form of maintenance service. Include it on any estimates or proposals you provide them along with the rationale for why it is important.

#Issue 2: Lazy Passwords

If you don't take password security seriously, your site will be hacked. Password guessing is an incredibly common attack because of how often it's successful. No one likes to have to remember difficult passwords but it is essential to security.
Passwords that are simple words with numbers or relatively short are quickly guessed using automated "brute force" attacks.

The fix:

Use long passwords that are nonsensical and use a few special characters, but that you can remember. This works because password length creates complexity which makes using a computer script to guess them difficult so long as there is some variation.
For example: president!Tokyo!furious!zebra
If you're the site builder: make sure and explain to your clients why this is important and provide them with these longer passwords.

#Issue 3: Self Hosting (or Bottom Barrel Hosts)

It's not difficult to get a virtual private server, dedicated server, or even in-house box set up. For some agencies and freelancers its attractive because you can host many sites at a cost savings compared to shared or reseller hosting. However, it's critical that the server environment is set up with the security packages and configured correctly. Additionally, just like for any Joomla website, servers require maintenance in order for the security to remain effective.
Even if your Joomla site is in good shape, if your server is vulnerable, you're going to end up hacked. We get many requests for help from agencies and individuals that have self hosted or chosen bottom barrel hosting providers and ended up in trouble.

The fix:

Either use some form of a managed server or hire a system administrator to regularly audit your server security.

#Issue 4: Poorly Chosen Extensions & Templates

Poorly chosen extensions and templates often create flaws in Joomla security (more on this below.) Here are a couple common scenarios:

  • A site builder needs functionality which is more esoteric and has a hard time finding a solution. They find an extension which fits the need fairly well, but doesn't appear to be of high quality or well-maintained. They install the extension anyways and trust that everything will work out.
  • A site builder tries to save some money by downloading a commercial extension or template from a free scripts website and not the developer (it's not quite pirating because it's open-source, but still unethical because they are sticking the developer by not supporting their work.)

These are scenarios in which not only may holes be being created in the Joomla security, but that the site builder may actively be incorporating malware and other malicious code without realizing it.

The fix:

Use extensions and templates from reputable sources. If you can't find one, either hire a Joomla developer or Joomla development company to create it bespoke or find another solution for the need if you can't afford custom work.
Sometimes it's better to do without then to do with!

#Issue 5: Legacy Directories/Code

For any site that's been on the web for more than a couple years, it's likely that it has accumulated some legacy code. If this code isn't cleaned up, it significantly increases the chances that the site will be compromised. This is because over time more and more vulnerabilities are discovered by hackers.

The 3 most common scenarios:

  • The webmaster or site builder installs an extension, doesn't end up using it, and forgets about it.
  • A Joomla developer working on the site creates a staging or backup directory to test some updates in and once the updates are incorporated in the live site forgets to remove the staging directory from the server.
  • The website uses multiple applications and while one is actively updated the others are neglected. For example, a Joomla site with a WordPress blog that is not updated.

The fix:

  • Once or twice a year audit your Joomla extensions for anything that you're no longer using and uninstall it.
  • Check for and remove any staging or backup directories. Whenever you're finished using a staging directory, make sure you clean it up as a final step.
  • Remember that vulnerabilities can be exposed by any code on your server, so make sure and keep all applications updated with the latest security patches.

What About Joomla Security Holes?

Joomla is developed by veteran developers who are highly aware of the security environment of the Internet and the risks involved. Joomla has a built-in security model to combat common vulnerabilities in web applications. Because of these factors, even though the core application is under an incredibly high level of scrutiny by hackers it rarely has significant security issues and when they are discovered they are patched very quickly.

Security holes are more likely to appear in poorly coded extensions that don't use the Joomla security model due to the inexperience or laziness of the developer. This is why it's critical to be particular when choosing extensions and not haphazardly installing everything that might work.

Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $1/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.



Joomla Hosting - ASPHostPortal.com :: How To Remove Index.php in Joomla

clock February 8, 2017 05:26 by author Armend

So you setup your Joomla! website, produced it live, as well as a couple of weeks/months/years later realised that you'd forgotten to allow the HTAccess file for SEF URL's. The finish result becoming that as an alternative to obtaining a nice Search Engine (and user) friendly URL like /category/Blogs/post/, you as an alternative have /index.php/category/Blogs/post/.
You may just enable the HTAccess file, but all of the old URL's will return a 404. Not excellent if your web site has currently been indexed by search engines, even significantly less fantastic if you have got a great deal of inbound links on other web sites.

 


It's in fact incredibly straightforward to resolve, and within this post I'll be displaying you the two simple steps you need to take to configure your web site to redirect the old /index.php/* URLs towards the nice SEF ones you would like.

The very first step is easy, we want to allow the HTAccess file (assuming you haven't currently). In the root of one's Joomla! internet site can be a file named htaccess.txt, rename it to .htaccess

Second step: We need to have to add a mod_Rewrite rule to catch the old-style hyperlinks. Open .htaccess inside a text editor and uncover the line "RewriteEngine On". Right away under add the following (lines with a hash are comments, it is possible to skip these if required)

# Make sure the requested URL isn't a file or directory
# Why you'd create a directory called index.php, but best to be sure
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f

# Use a reg-Ex to find URL's where index.php is followed by something.
# If so, create a redirect to whatever followed the slash
RewriteRule ^index.php/(.*)$ /$1 [R=301]

Do not forget to save the file!

Now in the event you visit http://yoursite/index.php/category/Blogs/post/ you should be redirected to http//yoursite/category/Blogs/post/. Due to the fact you are sending a 301 (Permanently moved), the search engines must update their indexes at the same time.

It really is something folks encounter a good deal, but as you'll be able to see it's incredibly straightforward to resolve.

Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $1/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.



Joomla Hosting - ASPHostPortal.com :: How To Disable Joomla in Home Page

clock February 1, 2017 05:00 by author Armend

In case you are utilizing Joomla CMS dependent web-site and hate overlapping visibility of Joomla components on the website property web page, then you definitely have found the appropriate write-up to receive rid off with this monsters trouble. However, Joomla parts plays a crucial function in improving the practical talents of a web-site, although the overt existence of these equipment can destroy the appears of your enticing website homepage.

 

Step: 1

Develop a new module and set the location as frontcomp:
You need to place below given codes into the index file of your Joomla template.

<?php if($this->countModules(‘frontcomp’)) : ?>
<jdoc:include type=”modul es” name=”frontcomp” style=”xhtml” />
<?php endif; ?>


Step: 2

Now Replace Below Code With Display Component:

<?php if(!$this->countModules(‘frontcomp’)) : ?>
<jdoc:include type=”message” />
<jdoc:include type=”component” />
<?php endif; ?>

Step:3

Creation of Custom Module

It is the third step of your process. Now, you need to create a new and customized HTML module, set the position of module as Frontcomp and select homepage only to display.
That’s it! You have done it fabulously, Now, you can visit your website and check the expected changes. If you did not find overlapping Joomla components at the home page of your website, then you have certainly did a great job.

Best Joomla Hosting

ASPHostPortal.com is the leading provider of Windows hosting and affordable Joomla Hosting. Joomla 3.4 Hosting from ASPHostPortal.com provides a safe, reliable and performance-driven foundation for your Joomla website. Joomla is the perfect Content Management System for managing and developing your website with one of ASPHostPortal’s Hosting plans. ASPHostPortal has ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2015, .NET 5/ASP.NET 4.5.2, ASP.NET MVC 6.0/5.2, Silverlight 6 and Visual Studio Lightswitch, ASPHostPortal guarantees the highest quality product, top security, and unshakeable reliability, carefully chose high-quality servers, networking, and infrastructure equipment to ensure the utmost reliability. 



Joomla Hosting - ASPHostPortal.com :: How to enable two-step authentication in Joomla

clock January 25, 2017 05:01 by author Armend

How to enable two-step authentication in Joomla

Two-step authentication is a safety feature that adds an extra layer of security on your Joomla site. Two factor authentication (2FA) is widely used in most of the popular online services. Here is how to enable 2-step authentication in your Joomla site.
First login to your Joomla administrator area. Go to Users > User Manager. It will show a link to your profile with name, username, email address etc. You need to edit your profile to enable two step verification. So, click on your name to open the profile editing page.


Navigate to the Two Factor Authentication tab.

There are two methods for using the two-step authentication. One is powered by Google Authenticator and another method provided by YubiKey.

 

We will explore both of them one by one. Let's start with the Google Authenticator (GA) method.

Enabling Google Authenticator

To use this method, select Google Authenticator from the drop-down menu. It will bring the initial setup page.

 

Step 1: Get the Authenticator App

Get the official Google Authenticator app in order to activate and use the service in your Joomla site. There are some unofficial apps as well that can be used with Google Authenticator.

Step 2: Setup the Feature

Run the Google Authenticator app on your device. It will show two options to add the site to GA. You can either scan the barcode or enter the provided key on the setup page of your site.

Step 3: Activate GA

 

This step checks whether your device is compatible with the Google Authenticator app. Open the app after linking the site with the service using the QR code or the key. It will display a security code for your newly added site. Enter that code into your site's specific field and press the Save button.
Note, the Google Authenticator app generates new codes in every 30 seconds. A code directly provided by the app is usable within 30 seconds after it is created.

Enabling Yubikey Authenticator

Yubikey is a physical two-factor verification tool. If you have this option enabled, you will need to insert the key token into the USB port of your computer. In login area, type your username-password and click inside the security key field. Then press the Yubikey golden disk- you will be signed in.
To enable Yubikey, select it from the drop-down menu.

Now insert the Yubikey tool inside your computer's USB port. Click inside the security code field and touch the golden disk for one second. Save the profile settings.

The Yubikey authenticator will be enabled for your site.

After enabling a two-step authentication method, you will get 10 backup codes (on the edit profile page) that can be used in case you ever lose access to the two-factor authenticator device. Keep these codes in a safe place. Please remember, you won't be able to sign-in to your site if you don't have any valid security code. So, print the backup codes and preserve safely. You have been warned!


Best Joomla Hosting

ASPHostPortal.com is the leading provider of Windows hosting and affordable Joomla Hosting. Joomla Hosting from ASPHostPortal.com provides a safe, reliable and performance-driven foundation for your Joomla website. Joomla is the perfect Content Management System for managing and developing your website with one of ASPHostPortal’s Hosting plans. ASPHostPortal has ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2015, .NET 5/ASP.NET 4.5.2, ASP.NET MVC 6.0/5.2, Silverlight 6 and Visual Studio Lightswitch, ASPHostPortal guarantees the highest quality product, top security, and unshakeable reliability, carefully chose high-quality servers, networking, and infrastructure equipment to ensure the utmost reliability



Joomla Hosting - ASPHostPortal.com :: Improve SEO in Joomla Using Microdata

clock January 18, 2017 06:12 by author Armend

Microdata is quickly becoming a must-have tool for site developers that want to improve their overall SEO strategy. By using Microdata tags, sites can tell search engines what type of content is being presented.
Let’s say you want to feature a movie on your site somewhere, and you would like to let the search engine know that you are listing a movie, as well as some important information about it.


Enter Microdata tags. These let search engines like Google, Bing, and Yahoo know that people searching for that particular movie might find your site useful. If anything, it makes it a lot more clear to their crawlers what the content on your site is about, so it can better determine how you fit in the results.
Microdata is more accurate than traditional metadata because it is content specific, not page specific. You can tag individual blocks of text differently, making a clear difference between a person’s name, their address, and a recipe for lobster ravioli.

Microdata has been one of the top features requested for Joomla! from marketers!

Developers will now be able to incorporate microdata more easily into their extensions and sites. From automating the Author tag in articles, to generating detailed markup for directories of information, the microdata library will significantly enhance how you can optimise SEO with Joomla!

Going Big on SEO & Better visibility in Search Engine results with MicroData

Joomla’s new microdata library, being released in Joomla, is going to significantly change how search engines can interpret the information you have on your site. The addition of microdata is one of the most significant SEO improvements since the release of Joomla 3.
When search engines process pages for indexing in their databases, they usually don’t know what the context of the text on the site is. Context is extremely important in delivering the correct information to end users.  For instance when you have ‘Avatar’ on a page, how does the search engine know whether its being referenced as an image avatar or the movie avatar, or just a regular image?

Microdata takes the guesswork out of this for the search Engines. Microdata places markup code inside your content that the search engine can read, and then rather than just indexing words, it can apply a context to them to identify features within the content.
This then lets the search engines identify things like who your article authors are, details about your business as a place, or details about events in your calendar on the site.

The next great benefit of using microdata is the ability to create Rich Snippets. Rich Snippets allows you to configure your content to show up as specially formatted data in search engine results. For example you can configure microdata on reviews and ratings on your site so that they then appear as part of the snippet when the search engine result is displayed.

How to use the JMicrodata library?

To use the new microdata semantics library you need to make an instance of the library in your extensions.

EXAMPLE:


        $microdata = new JMicrodata('Article');

So let's suppose that we have the following string:

        Written by ASPHostPortal Web Hosting

And we need to add an author property:

        echo 'Written by' . $microdata->content(“ASPHostPortal Web Hosting”)->property('author')->fallback('Person', 'name')->display();
   

The library will display:

        Written by
        <span itemprop='author' itemscope itemtype='https://yourdomain.com'>
            <span itemprop='name'>
                ASPHostPortal Web Hosting
            </span>
        </span>

   
What happens if the current scope is something other than 'Article', for example a 'Product' scope, and the current scope doesn't have an author property?
Well it will fall back in:

        <span itemscope itemtype='https://yourdomain.com'>
            <span itemprop='name'>
                ASPHostPortal Web Hosting
            </span>
        </span>       


If we want to disable the microdata semantics output?
You can simply disable the microdata output:

        $microdata->enable(false);


Best Joomla Hosting

ASPHostPortal.com is the leading provider of Windows hosting and affordable Joomla Hosting. Joomla Hosting from ASPHostPortal.com provides a safe, reliable and performance-driven foundation for your Joomla website. Joomla is the perfect Content Management System for managing and developing your website with one of ASPHostPortal’s Hosting plans. ASPHostPortal has ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2015, .NET 5/ASP.NET 4.5.2, ASP.NET MVC 6.0/5.2, Silverlight 6 and Visual Studio Lightswitch, ASPHostPortal guarantees the highest quality product, top security, and unshakeable reliability, carefully chose high-quality servers, networking, and infrastructure equipment to ensure the utmost reliability.



Joomla Hosting - ASPHostPortal.com :: Tips To Disable Element in Joomla

clock January 11, 2017 05:18 by author Armend

In case you are utilizing Joomla CMS dependent web-site and hate overlapping visibility of Joomla components on the website property web page, then you definitely have found the appropriate write-up to receive rid off with this monsters trouble. However, Joomla parts plays a crucial function in improving the practical talents of a web-site, although the overt existence of these equipment can destroy the appears of your enticing website homepage.

Step: 1

Develop a new module and set the location as frontcomp:

You need to place below given codes into the index file of your Joomla template.

<?php if($this->countModules(‘frontcomp’)) : ?>
<jdoc:include type=”modul es” name=”frontcomp” style=”xhtml” />
<?php endif; ?>


Step: 2

Now Replace Below Code With Display Component:

<?php if(!$this->countModules(‘frontcomp’)) : ?>
<jdoc:include type=”message” />
<jdoc:include type=”component” />
<?php endif; ?>

Step:3

Creation of Custom Module

It is the third step of your process. Now, you need to create a new and customized HTML module, set the position of module as Frontcomp and select homepage only to display.
That’s it! You have done it fabulously, Now, you can visit your website and check the expected changes. If you did not find overlapping Joomla components at the home page of your website, then you have certainly did a great job.

Best Joomla Hosting

ASPHostPortal.com is the leading provider of Windows hosting and affordable Joomla Hosting. Joomla Hosting from ASPHostPortal.com provides a safe, reliable and performance-driven foundation for your Joomla website. Joomla is the perfect Content Management System for managing and developing your website with one of ASPHostPortal’s Hosting plans. ASPHostPortal has ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2015, .NET 5/ASP.NET 4.5.2, ASP.NET MVC 6.0/5.2, Silverlight 6 and Visual Studio Lightswitch, ASPHostPortal guarantees the highest quality product, top security, and unshakeable reliability, carefully chose high-quality servers, networking, and infrastructure equipment to ensure the utmost reliability. 



Joomla Hosting - ASPHostPortal.com :: How To Develop a Joomla from scratch

clock January 4, 2017 06:43 by author Armend

Want a customized joomla template for the business requirements? It really is so easy to construct a template of one's decision as an alternative to paying thousands for it. So lets commence now.

 


To produce a joomla template you may require at the least two files.

  1. templateDetails.xml which can be mainly configuration file containing info like autor name, e mail, template version, folders and file names and module names (we'll discuss it leter).
  2. index.php which can be entry point for all pages
    These are standard files required to create a joomla template, but furthermore you will need some a lot more files to produce a beautiful and powerful template like css, images, language, javascript, html and so forth.

Now lets generate our xml file

<?xml version="1.0" encoding="utf-8"?>
 
<extension version="2.5" type="template" client="site">
<name>template_name</name>
<creationdate>29 January 2014</creationdate>
<author>write Your name here</author>
<authoremail>write your email here</authoremail>
<authorurl>your website url here</authorurl>
<copyright>Copyright here. All rights reserved.</copyright>
<license>License here</license>
<version>2.5.0</version>
<description>TPL_NAME_XML_DESCRIPTION</description>
<files>
<filename>index.html</filename>
<filename>index.php</filename>
<filename>templateDetails.xml</filename>
<filename>template_preview.png</filename>
<filename>template_thumbnail.png</filename>
<filename>favicon.ico</filename>
<filename>component.php</filename>
<filename>error.php</filename>
</files>
<positions>
<position>debug</position>
<position>top</position>
<position>position-2</position>
<position>position-3</position>
<position>position-4</position>
<position>position-5</position>
<position>position-6</position>
<position>banner</position>
<position>left-navigation</position>
<position>position-login</position>
<position>position-footer</position>
</positions>
</extension>

As you can see further files are right here like index.html (just to avoid direct access of this folder) , template_preview.png and template_thumbnail.png to show in administrator panel. Here several positions are defined which we'll use in our index.php file.

Your xml is prepared, now produce your index.php file.

<?php defined( '_JEXEC' ) or die( 'Restricted access' );?>
<!DOCTYPE html>
<html xml:lang="<!--?php echo $this--->language; ?>" lang="<!--?php echo $this--->language; ?>" >
<head>
<jdoc:include type="head" />
<link rel="stylesheet" href="<?php echo $this->baseurl ?>/templates/template_name/css/template.css" type="text/css">
</head>
<body>
<jdoc:include type="modules" name="top" />
<jdoc:include type="modules" name="banner" />
<jdoc:include type="modules" name="left-navigation" />
<jdoc:include type="component" />
<jdoc:include type="modules" name="footer" />
<jdoc:include type="modules" name="position-3" />
</body>
</html>

As you see we have included defined( '_JEXEC' ) or die( 'Restricted access' );
just for security reasons to prevent direct access. is here to tell browsers and crawlers that its a html5 web page.


body{padding:0;margin:0;font-family:"arial";font-size:12px;color:#5d6060;background-color:#fff}
a{text-decoration:none;outline:0}
a:focus,a:active{outline:0}
img{border:0;outline:0}
.container{height:auto;width:1044px;margin-right:auto;margin-left:auto}
.container_sub{height:auto;width:1044px;float:left}
#header_main{height:auto;width:1044px;float:left}
#header{height:118px;width:1044px;float:left}
.header_top{height:auto;width:1044px;float:left}
#logo{height:75px;width:231px;float:left;margin-top:4px}

Your template is ready now but to perform with joomla you've got to upload it below templates folder. Following uploading it to templates folder log in for your joomla administrator and open extensions -> Templates manger. Right here you'll not be able to see your template as you expected. This can be since it calls for one more step, to set up the template. Ok, visit Extensions -> Extension Manager then click Learn tab now click on discover icon around the top-right corner from the page. It's going to search all of the extensions accessible inside your joomla installation, here you will be able to see your template name, select it and click on set up icon on the top-right corner of the page. This will likely install your template. Now you happen to be done. Go to Extensions-> Template manager , right here you'll be able to see your installed template.

Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $1/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice



Joomla Hosting - ASPHostPortal.com :: How To Optimization Joomla Site

clock December 21, 2016 04:43 by author Armend

So, you've installed and setup your brand new Joomla web site already. Have you offered some thought to how you could optimize it to load faster but? We'll provide you a few pointers within this write-up.

First of all, an important step one is to enable Joomla's built in caching. You can do this simply using the following steps:

  • Login to your Joomla Administrator Panel
  • Goto > Site > Global Configuration > System (depending on your version this may be slightly different)
  • Set Caching to ON. I'd suggest you leave it set to File and 15mins. Conservative caching in Joomla 3.4 is probably the best option to start with
  • Save your Configuration

Some notes:

  • Once caching is enabled, while new content will prompt a refresh of the system cache, you can trigger this yourself to ensure that 3rd party components that use the inbuilt cache are also refreshed (see the next point)
  • You can manually refresh the cache in Site > Maintenance > Clear Cache (you'll need to, in most cases, select all items, and then press 'delete' up the top right

Next? Properly, the globe is actually your oyster. Depending on your template, there might be quite a few optimization alternatives currently implemented. Most of the 'well known' Joomla template clubs produce outstanding templates that may already be optimized.

Some other critical reading suggestions are:

  • Google's: Minimize payload size and
  • A little more advanced: Optimize browser rendering
  • You may also like to run your site through GTmetrix or this testing tool

Do not overlook as well, the kind of hosting you decide on may also possess a massive impact around the speed of one's Joomla Website. We've not touched on this situation at all in this artilce since it must be obvious.

For additional help in this Joomla Optimization region, make sure to head over for the Joomla Forum, in particular the forum section on Joomla Overall performance (choose the section for the Joomla version you're operating with).

Best Recommended Joomla Hosting

ASPHostPortal.com
ASPHostPortal.com is the leading provider of Windows hosting and affordable Joomla Hosting. Joomla Hosting from ASPHostPortal.com provides a safe, reliable and performance-driven foundation for your Joomla website. Joomla is the perfect Content Management System for managing and developing your website with one of ASPHostPortal’s Hosting plans. ASPHostPortal has ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2015, .NET 5/ASP.NET 4.5.2, ASP.NET MVC 6.0/5.2, Silverlight 6 and Visual Studio Lightswitch, ASPHostPortal guarantees the highest quality product, top security, and unshakeable reliability, carefully chose high-quality servers, networking, and infrastructure equipment to ensure the utmost reliability. 



Joomla Hosting - ASPHostPortal.com :: How to Create an authentication bridge between Joomla and .Net

clock December 14, 2016 04:41 by author Armend

How  to integrate a Joomla site with some ASP.Net pages. User had to login to Joomla, but some pages in the site were built with .Net. The .Net pages had their own SQL Server database, where Joomla used a MySQL database.

The interesting part was how the .Net pages could verify if a Joomla user was logged in. In this post I will share how I did it. Important is that this is a way it will work, but it is not the safest way. It is hackable, because I used a cookie that stored the (encrypted) Joomla user id. So, if you know which cookie you need and are able to decrypt and/or encrypt with the same keys, you’ll be able to fake a logged in user. Note that this was an acceptable risk. The effect of a break in would be small.
As mentioned I used a cookie to store the Joomla user id. It had to be encrypted to provide as much security as possible. With the next Joomla plugin code the cookie is created on the login event. On the logout event the cookie is deleted. This plugin is written for Joomla 1.5, so in newer version you might need to change some bits

// no direct access
defined( '_JEXEC' ) or die( 'Restricted access' );
 
require_once('TripleDES.php'); // See phpseclib: http://phpseclib.sourceforge.net/
 
// Import library dependencies
jimport('joomla.plugin.plugin');
 
class plgUserSystemIntegration extends JPlugin
{
    function plgUserOVSystemIntegration( &$subject, $config )
    {
        parent::__construct( $subject, $config );
    }
    
    function onLoginUser( $credentials, $options )
    {
        $user = &JFactory::getUser();
 
        // Joomla session parameters
        $userId   = $user->get('id');
 
        // Encrypt the userId to store in cookie
        $key = $this->params->get('key'); // these keys are both used in PHP and .Net
        $iv = $this->params->get('iv');
 
        $crypt = new Crypt_TripleDES();
        $crypt->setKey($key);
        $crypt->setIV($iv);
        $value = $crypt->encrypt(strval($userId));
        // Encode string as text
        $value = bin2hex($value);
        
        setcookie("SIJ10", $value); // The cookie name is the identifier. It might be best to make this configurable
        
        return true;
    }  
    
    function onLogoutUser( $credentials, $options )
    {
        // Overwrite cookie
        setcookie("SIJ10", "", time()-3600);
        
        return true;
    }
}

Besides the logout event, some session management needed to be done in case a user didn’t logout. With the next plugin the cookie is deleted if the Joomla session has ended.

// no direct access
defined( '_JEXEC' ) or die( 'Restricted access' );
 
// Import library dependencies
jimport('joomla.plugin.plugin');
 
class plgSystemSystemIntegrationLogout extends JPlugin
{
    function plgSystemOVSystemIntegrationLogout( &$subject, $config )
    {
        parent::__construct( $subject, $config );
    }
 
    function onAfterDispatch()
    {
        $user = &JFactory::getUser();
 
        // If no user is logged in
        if (!$user->get('id'))
        {
            // If cookie value was set
            if(isset($_COOKIE["SIJ10"]))
            {
                // Overwrite cookie
                setcookie("SIJ10", "", time()-3600);
            }
        }
    }
}

Now the .Net part. With the next method(s) the cookie is retrieved and decrypted. The hex2bin is the equivalent of the PHP function, the binary data can’t be put in a cookie. After that the text is decrypted en parsed to an integer. The basic assumption is that as long as that is possible, a user is logged in. What’s more important, in the SQL server database one table included an application level user (used for backend services) that ‘knows’ the Joomla ID. This way the user could be verified against the database, which would make it more secure.

private void Authenticate()
{
    string CookieUserId = "SIJ10";
    if (Request.Cookies[CookieUserId] != null)
    {
        try
        {
            // Decode from hex
            byte[] encodedDataAsBytes = hex2bin(Request.Cookies[CookieUserId].Value); // Change the text to the binary values
 
            // Decrypt
            TripleDES decryptor = TripleDES.Create();
            UTF8Encoding encoding = new UTF8Encoding();
            decryptor.Key = encoding.GetBytes("abcdefgajdhshsgshsjss12"); // It is best to make these keys configurable!
            decryptor.IV = encoding.GetBytes("abcdefgh");
 
            ICryptoTransform decrypt = decryptor.CreateDecryptor();
            byte[] result = decrypt.TransformFinalBlock(encodedDataAsBytes, 0, encodedDataAsBytes.Length); // Decrypt
 
            string returnValue = encoding.GetString(result);
 
            int id = 0;
            if (int.TryParse(returnValue, out id))
                this.UserId = id;
            else
            {
                // Redirect to the login page
                Response.Redirect("~/Login");
            }
 
            // Some session management is needed
            // Check for session timeout
            if (Session["SessionTimeout"] == null)
            {
                // This is the first page request
                Session["SessionTimeout"] = DateTime.Now;
            }
            else
            {
                // This needs to be included in every page (or use a baseclass) or
                // called with every request
                DateTime lastRequest = (DateTime) Session["SessionTimeout"];
 
                if (DateTime.Now.Subtract(lastRequest).Minutes > 20)
                {
                    Response.Redirect("~/Login");
                }
                else
                {
                    // Update the timeout value
                    Session["SessionTimeout"] = DateTime.Now;
                }
            }
        }
        catch (Exception e)
        {
            Response.Redirect("~/Login");
        }
    }
    else
        Response.Redirect("~/Login");
            
}
 
private byte[] hex2bin(string hexdata)
{
    if (hexdata == null)
        throw new ArgumentNullException("hexdata");
    if (hexdata.Length % 2 != 0)
        throw new ArgumentException("hexdata should have even length");
 
    byte[] bytes = new byte[hexdata.Length / 2];
    for (int i = 0; i < hexdata.Length; i += 2)
        bytes[i / 2] = (byte)(HexValue(hexdata[i]) * 0x10
        + HexValue(hexdata[i + 1]));
 
    return bytes;
}

 
private int HexValue(char c)
{
    int ch = (int)c;
    if (ch >= (int)'0' && ch <= (int)'9')
        return ch - (int)'0';
    if (ch >= (int)'a' && ch <= (int)'f')
        return ch - (int)'a' + 10;
    if (ch >= (int)'A' && ch <= (int)'F')
        return ch - (int)'A' + 10;
    throw new ArgumentException("Not a hexadecimal digit.");
}

Best Joomla Hosting Recommendation


ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $5/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.



Joomla Hosting - ASPHostPortal.com :: How to Redirect Multiple URLs with .htaccess

clock December 7, 2016 07:35 by author Armend

If you've changed menu items or aliases on your website, the old links will still be indexed on Google until it gets back around to checking them again. This means that if someone is linked to your website in Google and it gives them an old link, they will get a 404 error and won't be able to view anything.


This is where redirecting comes in. We need to redirect all the old links to the new ones to ensure a viewer still gets to the correct page. This can be done individually but can take hours - this is where we can utilise a batch redirect to speed up our process. This basically enables you to take any links with a certain alias and point it to a new alias.

Here is what a default Joomla htaccess file looks like:

##
# @package		Joomla
# @copyright	Copyright (C) 2005 - 2013 Open Source Matters. All rights reserved.
# @license		GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

To add our redirects, we must ensure we put them before the Joomla SEF rewrites which is generally the last part of the file. See below how you can rewrite a URL.

 

######PTP SEO Redirections -- BEGIN
#301 Redirect Entire Old directories
RewriteRule blog/blog-category-1(.*)$ blog/blog-category-2$1 [R,L]
######PTP SEO Redirections -- END


This basically tells anything that has blog/blog-category-1 in it to redirect to the URL blog/blog-category-2. so the url withblog/blog-category-1/sub-category/item-to-view will automatically update toblog/blog-category-2/sub-category/item-to-view

Below is where we need to add this into our htaccess file - just before the SEF rewrites.

######PTP SEO Redirections -- BEGIN
#301 Redirect Entire Old directories
RewriteRule blog/blog-category-1(.*)$ blog/blog-category-2$1 [R,L]
######PTP SEO Redirections -- END

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

Best Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $5/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.

 

 




About ASPHostPortal.com

We’re a company that works differently to most. Value is what we output and help our customers achieve, not how much money we put in the bank. It’s not because we are altruistic. It’s based on an even simpler principle. "Do good things, and good things will come to you".

Success for us is something that is continually experienced, not something that is reached. For us it is all about the experience – more than the journey. Life is a continual experience. We see the Internet as being an incredible amplifier to the experience of life for all of us. It can help humanity come together to explode in knowledge exploration and discussion. It is continual enlightenment of new ideas, experiences, and passions

Corporate Address (Location)

ASPHostPortal
170 W 56th Street, Suite 121
New York, NY 10019
United States

Sign in