Joomla Hosting BLOG

Blog about Joomla, Technologies and Hosting Service

Joomla Hosting - ASPHostPortal.com :: How To Optimization Joomla Site

clock December 21, 2016 04:43 by author Armend

So, you've installed and setup your brand new Joomla web site already. Have you offered some thought to how you could optimize it to load faster but? We'll provide you a few pointers within this write-up.

First of all, an important step one is to enable Joomla's built in caching. You can do this simply using the following steps:

  • Login to your Joomla Administrator Panel
  • Goto > Site > Global Configuration > System (depending on your version this may be slightly different)
  • Set Caching to ON. I'd suggest you leave it set to File and 15mins. Conservative caching in Joomla 3.4 is probably the best option to start with
  • Save your Configuration

Some notes:

  • Once caching is enabled, while new content will prompt a refresh of the system cache, you can trigger this yourself to ensure that 3rd party components that use the inbuilt cache are also refreshed (see the next point)
  • You can manually refresh the cache in Site > Maintenance > Clear Cache (you'll need to, in most cases, select all items, and then press 'delete' up the top right

Next? Properly, the globe is actually your oyster. Depending on your template, there might be quite a few optimization alternatives currently implemented. Most of the 'well known' Joomla template clubs produce outstanding templates that may already be optimized.

Some other critical reading suggestions are:

  • Google's: Minimize payload size and
  • A little more advanced: Optimize browser rendering
  • You may also like to run your site through GTmetrix or this testing tool

Do not overlook as well, the kind of hosting you decide on may also possess a massive impact around the speed of one's Joomla Website. We've not touched on this situation at all in this artilce since it must be obvious.

For additional help in this Joomla Optimization region, make sure to head over for the Joomla Forum, in particular the forum section on Joomla Overall performance (choose the section for the Joomla version you're operating with).

Best Recommended Joomla Hosting

ASPHostPortal.com
ASPHostPortal.com is the leading provider of Windows hosting and affordable Joomla Hosting. Joomla Hosting from ASPHostPortal.com provides a safe, reliable and performance-driven foundation for your Joomla website. Joomla is the perfect Content Management System for managing and developing your website with one of ASPHostPortal’s Hosting plans. ASPHostPortal has ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2015, .NET 5/ASP.NET 4.5.2, ASP.NET MVC 6.0/5.2, Silverlight 6 and Visual Studio Lightswitch, ASPHostPortal guarantees the highest quality product, top security, and unshakeable reliability, carefully chose high-quality servers, networking, and infrastructure equipment to ensure the utmost reliability. 



Joomla Hosting - ASPHostPortal.com :: How to Create an authentication bridge between Joomla and .Net

clock December 14, 2016 04:41 by author Armend

How  to integrate a Joomla site with some ASP.Net pages. User had to login to Joomla, but some pages in the site were built with .Net. The .Net pages had their own SQL Server database, where Joomla used a MySQL database.

The interesting part was how the .Net pages could verify if a Joomla user was logged in. In this post I will share how I did it. Important is that this is a way it will work, but it is not the safest way. It is hackable, because I used a cookie that stored the (encrypted) Joomla user id. So, if you know which cookie you need and are able to decrypt and/or encrypt with the same keys, you’ll be able to fake a logged in user. Note that this was an acceptable risk. The effect of a break in would be small.
As mentioned I used a cookie to store the Joomla user id. It had to be encrypted to provide as much security as possible. With the next Joomla plugin code the cookie is created on the login event. On the logout event the cookie is deleted. This plugin is written for Joomla 1.5, so in newer version you might need to change some bits

// no direct access
defined( '_JEXEC' ) or die( 'Restricted access' );
 
require_once('TripleDES.php'); // See phpseclib: http://phpseclib.sourceforge.net/
 
// Import library dependencies
jimport('joomla.plugin.plugin');
 
class plgUserSystemIntegration extends JPlugin
{
    function plgUserOVSystemIntegration( &$subject, $config )
    {
        parent::__construct( $subject, $config );
    }
    
    function onLoginUser( $credentials, $options )
    {
        $user = &JFactory::getUser();
 
        // Joomla session parameters
        $userId   = $user->get('id');
 
        // Encrypt the userId to store in cookie
        $key = $this->params->get('key'); // these keys are both used in PHP and .Net
        $iv = $this->params->get('iv');
 
        $crypt = new Crypt_TripleDES();
        $crypt->setKey($key);
        $crypt->setIV($iv);
        $value = $crypt->encrypt(strval($userId));
        // Encode string as text
        $value = bin2hex($value);
        
        setcookie("SIJ10", $value); // The cookie name is the identifier. It might be best to make this configurable
        
        return true;
    }  
    
    function onLogoutUser( $credentials, $options )
    {
        // Overwrite cookie
        setcookie("SIJ10", "", time()-3600);
        
        return true;
    }
}

Besides the logout event, some session management needed to be done in case a user didn’t logout. With the next plugin the cookie is deleted if the Joomla session has ended.

// no direct access
defined( '_JEXEC' ) or die( 'Restricted access' );
 
// Import library dependencies
jimport('joomla.plugin.plugin');
 
class plgSystemSystemIntegrationLogout extends JPlugin
{
    function plgSystemOVSystemIntegrationLogout( &$subject, $config )
    {
        parent::__construct( $subject, $config );
    }
 
    function onAfterDispatch()
    {
        $user = &JFactory::getUser();
 
        // If no user is logged in
        if (!$user->get('id'))
        {
            // If cookie value was set
            if(isset($_COOKIE["SIJ10"]))
            {
                // Overwrite cookie
                setcookie("SIJ10", "", time()-3600);
            }
        }
    }
}

Now the .Net part. With the next method(s) the cookie is retrieved and decrypted. The hex2bin is the equivalent of the PHP function, the binary data can’t be put in a cookie. After that the text is decrypted en parsed to an integer. The basic assumption is that as long as that is possible, a user is logged in. What’s more important, in the SQL server database one table included an application level user (used for backend services) that ‘knows’ the Joomla ID. This way the user could be verified against the database, which would make it more secure.

private void Authenticate()
{
    string CookieUserId = "SIJ10";
    if (Request.Cookies[CookieUserId] != null)
    {
        try
        {
            // Decode from hex
            byte[] encodedDataAsBytes = hex2bin(Request.Cookies[CookieUserId].Value); // Change the text to the binary values
 
            // Decrypt
            TripleDES decryptor = TripleDES.Create();
            UTF8Encoding encoding = new UTF8Encoding();
            decryptor.Key = encoding.GetBytes("abcdefgajdhshsgshsjss12"); // It is best to make these keys configurable!
            decryptor.IV = encoding.GetBytes("abcdefgh");
 
            ICryptoTransform decrypt = decryptor.CreateDecryptor();
            byte[] result = decrypt.TransformFinalBlock(encodedDataAsBytes, 0, encodedDataAsBytes.Length); // Decrypt
 
            string returnValue = encoding.GetString(result);
 
            int id = 0;
            if (int.TryParse(returnValue, out id))
                this.UserId = id;
            else
            {
                // Redirect to the login page
                Response.Redirect("~/Login");
            }
 
            // Some session management is needed
            // Check for session timeout
            if (Session["SessionTimeout"] == null)
            {
                // This is the first page request
                Session["SessionTimeout"] = DateTime.Now;
            }
            else
            {
                // This needs to be included in every page (or use a baseclass) or
                // called with every request
                DateTime lastRequest = (DateTime) Session["SessionTimeout"];
 
                if (DateTime.Now.Subtract(lastRequest).Minutes > 20)
                {
                    Response.Redirect("~/Login");
                }
                else
                {
                    // Update the timeout value
                    Session["SessionTimeout"] = DateTime.Now;
                }
            }
        }
        catch (Exception e)
        {
            Response.Redirect("~/Login");
        }
    }
    else
        Response.Redirect("~/Login");
            
}
 
private byte[] hex2bin(string hexdata)
{
    if (hexdata == null)
        throw new ArgumentNullException("hexdata");
    if (hexdata.Length % 2 != 0)
        throw new ArgumentException("hexdata should have even length");
 
    byte[] bytes = new byte[hexdata.Length / 2];
    for (int i = 0; i < hexdata.Length; i += 2)
        bytes[i / 2] = (byte)(HexValue(hexdata[i]) * 0x10
        + HexValue(hexdata[i + 1]));
 
    return bytes;
}

 
private int HexValue(char c)
{
    int ch = (int)c;
    if (ch >= (int)'0' && ch <= (int)'9')
        return ch - (int)'0';
    if (ch >= (int)'a' && ch <= (int)'f')
        return ch - (int)'a' + 10;
    if (ch >= (int)'A' && ch <= (int)'F')
        return ch - (int)'A' + 10;
    throw new ArgumentException("Not a hexadecimal digit.");
}

Best Joomla Hosting Recommendation


ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $5/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.



Joomla Hosting - ASPHostPortal.com :: How to Redirect Multiple URLs with .htaccess

clock December 7, 2016 07:35 by author Armend

If you've changed menu items or aliases on your website, the old links will still be indexed on Google until it gets back around to checking them again. This means that if someone is linked to your website in Google and it gives them an old link, they will get a 404 error and won't be able to view anything.


This is where redirecting comes in. We need to redirect all the old links to the new ones to ensure a viewer still gets to the correct page. This can be done individually but can take hours - this is where we can utilise a batch redirect to speed up our process. This basically enables you to take any links with a certain alias and point it to a new alias.

Here is what a default Joomla htaccess file looks like:

##
# @package		Joomla
# @copyright	Copyright (C) 2005 - 2013 Open Source Matters. All rights reserved.
# @license		GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

To add our redirects, we must ensure we put them before the Joomla SEF rewrites which is generally the last part of the file. See below how you can rewrite a URL.

 

######PTP SEO Redirections -- BEGIN
#301 Redirect Entire Old directories
RewriteRule blog/blog-category-1(.*)$ blog/blog-category-2$1 [R,L]
######PTP SEO Redirections -- END


This basically tells anything that has blog/blog-category-1 in it to redirect to the URL blog/blog-category-2. so the url withblog/blog-category-1/sub-category/item-to-view will automatically update toblog/blog-category-2/sub-category/item-to-view

Below is where we need to add this into our htaccess file - just before the SEF rewrites.

######PTP SEO Redirections -- BEGIN
#301 Redirect Entire Old directories
RewriteRule blog/blog-category-1(.*)$ blog/blog-category-2$1 [R,L]
######PTP SEO Redirections -- END

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

Best Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $5/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.

 

 




Joomla Hosting - ASPHostPortal.com :: How To Create Module in Joomla

clock November 30, 2016 07:08 by author Armend

A module is a lightweight and flexible extension that is used for page rendering. They are used for small bits of the page that are generally less complex and are able to be seen across different components.

You can see many examples of modules in the standard Joomla! install: - menus - Latest News - Login form - and many more.

This tutorial will explain how to go about creating a simple Hello World module. Through this tutorial you will learn the basic file structure of a module. This basic structure can then be expanded to produce more elaborate modules.


File Structure

There are four basic files that are used in the standard pattern of module development:

  • - mod_helloworld.php - This file is the main entry point for the module. It will perform any necessary initialization routines, call helper routines to collect any necessary data, and include the template which will display the module output.
  • - mod_helloworld.xml - This file contains information about the module. It defines the files that need to be installed by the Joomla! installer and specifies configuration parameters for the module.
  • - helper.php - This file contains the helper class which is used to do the actual work in retrieving the information to be displayed in the module (usually from the database or some other source).
  • - tmpl/default.php - This is the module template. This file will take the data collected by mod_helloworld.php and generate the HTML to be displayed on the page.


Creating mod_helloworld.php

The mod_helloworld.php file will perform three tasks:

  • Include the helper.php file which contains the class to be used to collect the necessary data
  • Invoke the appropriate helper class method to retrieve the data
  • Include the template to display the output.


The helper class is defined in our helper.php file. This file is included with a require_once statement:

require_once( dirname(__FILE__).DS.'helper.php' );

require_once is used because our helper functions are defined within a class, and we only want the class defined once.

Our helper class has not been defined yet, but when it is, it will contain one method: getHello(). For our basic example, it is not really necessary to do this - the “Hello, World” message that this method returns could simply be included in the template. We use a helper class here to demonstrate this basic technique.

Our module currently does not use any parameters, but we will pass them to the helper method anyway so that it can be used later if we decide to expand the functionality of our module.

The helper class method is invoked in the following way:

$hello = modHelloWorldHelper::getHello( $params );

Completed mod_helloworld.php file

The complete mod_helloworld.php file is as follows:

<?php
/**
 * Hello World! Module Entry Point
 *
 * @package    Joomla.Tutorials
 * @subpackage Modules
 * @link http://dev.joomla.org/component/option,com_jd-wiki/Itemid,31/id,tutorials:modules/
 * @license        GNU/GPL, see LICENSE.php
 * mod_helloworld is free software. This version may have been modified pursuant
 * to the GNU General Public License, and as distributed it includes or
 * is derivative of works licensed under the GNU General Public License or
 * other free or open source software licenses.
 */

// no direct access
defined( '_JEXEC' ) or die( 'Restricted access' );

// Include the syndicate functions only once
require_once( dirname(__FILE__).DS.'helper.php' );

$hello = modHelloWorldHelper::getHello( $params );
require( JModuleHelper::getLayoutPath( 'mod_helloworld' ) );
?>

The one line that we haven’t explained so far is the first line. This line checks to make sure that this file is being included from the Joomla! application. This is necessary to prevent variable injection and other potential security concerns.

Creating helper.php

The helper.php file contains that helper class that is used to retrieve the data to be displayed in the module output. As stated earlier, our helper class will have one method: getHello(). This method will return the ‘Hello, World’ message.

Here is the code for the helper.php file:
<?php

/**
 * Helper class for Hello World! Module
 *
 * @package    Joomla.Tutorials
 * @subpackage Modules
 * @link http://dev.joomla.org/component/option,com_jd-wiki/Itemid,31/id,tutorials:modules/
 * @license        GNU/GPL, see LICENSE.php
 * mod_helloworld is free software. This version may have been modified pursuant
 * to the GNU General Public License, and as distributed it includes or
 * is derivative of works licensed under the GNU General Public License or
 * other free or open source software licenses.
 */
class modHelloWorldHelper
{
    /**
     * Retrieves the hello message
     *
     * @param array $params An object containing the module parameters
     * @access public
     */   
    function getHello( $params )
    {
        return 'Hello, World!';
    }
}
?>

There is no rule stating that we must name our helper class as we have, but it is helpful to do this so that it is easily identifiable and locateable.

More advanced modules might include database requests or other functionality in the helper class method.

Creating tmpl/default.php

The default.php file is the template which displays the module output.

The code for the default.php file is as follows:

<?php // no direct access
defined( '_JEXEC' ) or die( 'Restricted access' ); ?>
<?php echo $hello; ?>

An important point to note is that the template file has the same scope as the mod_helloworld.php file. What this means is that the variable $hello can be defined in the mod_helloworld.php file and then used in the $hello file without any extra declarations or function calls.

Creating mod_helloworld.xml

The mod_helloworld.xml is used to specify which files the installer needs to copy and is used by the Module Manager to determine which parameters are used to configure the module. Other information about the module is also specified in this file.

The code for mod_helloworld.xml is as follows:

<?xml version="1.0" encoding="utf-8"?>
<install type="module" version="1.5.0">
    <name>Hello, World!</name>
    <author>Jervis</author>
    <version>1.5.0</version>
    <description>A simple Hello, World! module.</description>
    <files>
        <filename>mod_helloworld.xml</filename>
        <filename module="mod_helloworld">mod_helloworld.php</filename>
        <filename>index.html</filename>
        <filename>helper.php</filename>
        <filename>tmpl/default.php</filename>
        <filename>tmpl/index.html</filename>
    </files>
    <params>
    </params>
</install>

You will notice that there are two additional files that we have not yet mentioned: index.html and tmpl/index.html. These files are included so that these directories cannot be browsed. If a user attempts to point their browser to these folders, the index.html file will be displayed. These files can be left empty or can contain the simple line:

<html><body bgcolor="#FFFFFF"></body></html>

which will display an empty page.

Best Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $5/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.



Joomla Hosting - ASPHostPortal.com :: 11 Tips on How to Protect Your Joomla Website Against Hackers

clock November 23, 2016 06:50 by author Armend

11 Tips on How to Protect Your Joomla Website Against Hackers

Joomla is an open source Content Management System, which will make it easy for you to create awesome websites. Joomla has been around since 2005 and ever since has been working hard to improve its security and usability. But of course this does not mean that it is an uncrackable platform.
Since its open source it can be subjected to all kinds of hacks that could affect the security of your precious data. It is very important to make it sure your sites are safe, thankfully there are ways you can easily avoid most of these attacks by just simply following this handful of good tips that will guarantee you benefit for your data’s security in the future.

1. Keep Joomla up-to-date

It’s one of the most basic things that you can do to make your website secure enough. Every new update contains a new bug fix or a security flaw fix or feature, so it is important to always have the newest version of Joomla’s websites and extensions. Be sure your website is always updated to the latest stable Joomla release!

2. Remove all unused extensions

By doing so, you can have double benefits. It not only makes Joomla so much more secure it makes it run faster too. If you have unused extensions and done experimenting with them it is advised to remove them since it can cause security risks to Joomla’s extension.

3. Use a strong password

It is strongly advised to use strong passwords, not just for Joomla but for all the sites that you are using. This is one of the key components to keep all your data secure online. It is recommended to use different passwords for different websites but you better make sure that the password you are using is hard to guess or hard to crack, it is a very useful thing to do. Do the following to make sure you have a secure password:
   

  • Don’t use words that are very common and short: admin, strong, love, black, etc.
  • Avoid using personal information as your password, like names, date of birth or favorite animal’s name.
  • Make sure that your passwords are longer than eight characters.
  • Your password should never contain your user name, real name or your company’s name.
  • It should not be a single word
  • Avoid using any password generators that are online. These passwords are generated by a certain rule that can make it easy to hack.
  • Try using special characters in your password such as: @!+(=. Maybe add some capital letters and numbers too. The more complex a password is the harder it is to crack.
  • Make sure that your new password is different from all the previous ones you made up.
  • An easy way to create a secure password is to memorize a sentence and combine it with numbers and uppercase characters such as: You1Can’t2Crack3This4
  • Here’s a website where you can check how easy it is to crack your password with a computer. Click here to check it.

4. Don’t allow users’ registration on your website

If your website is not a social network or a community you should not let anyone register to your site for security reasons. To disable user registration, follow these steps:

  •  Log in to backend.
  •  Click on ‘Users’, then on ‘User Manager’ and find the ‘Options’ tab at the top.
  •  Look for the setting of ‘Allow User Registration’.
  •  Set the section to No.
  •  Click save in the end, for the settings to take effect, you can find the button on the top left corner of the page.

5. Make sure that your Joomla and its extension version is hidden

It is very important to hide your Joomla’s and its extensions’ versions because there are malicious scripts online that target your site according the type of CMS your site is running on. If your version is showing in the HTML code, that’s not good. If hackers know what version you are using, they can easily look up what are the flaws of that version and start an attack on your site.

You can easily check out if your Joomla version is showing in the source code by clicking on ‘View Page Source’ in Firefox or in Chrome. All you have to do is click on the ‘Sources’ tab and then look for ‘Templates’ folder, in it you will have ‘System’ and in hat folder ‘CSS’ in which you will find the file ‘system.css’. If you open it you can check if the Joomla version is showing.

6. Change your admin username

On Joomla’s websites the default username is always admin. Most of the time no one really cares about changing this, which can make it really easy for hackers to crack your site, since they already know half of your details that is needed for a login. All they have to find out from that point, what is your password. By changing your username you are making it harder for hackers to access your site, and this is a very easy thing to do, yet a lot of users do not do anything about it, so we strongly advise you to do so.
   

  • You can easily change your admin username by the following steps:
  • Log in to the Administration area as current Super User
  • Click on the ‘Users’ tab then on ‘User Manager’ and on ‘Add New User’
  • Make the new user a ‘Super User’
  • Log out of the current Super User account and log in to the newly made Super User account
  • Look for the old Super User account and change its name

7. Force Joomla into SSL mode for all logins on your site

By enabling SSL on your site you can protect your Joomla site from exploits that might make affect your users. Note that you can only enable this built-in feature if your website’s domain has a properly configured SSL certificate. If you have the SSL certificate for your site you can enable this feature which will encrypt your user’s names and password before it is sent over to your server. To enable this feature do the following:

  •  Go on the ‘Extensions’ tab, then on ‘Module Manager’
  •  Then on ‘Filter Login Module’
  •  Look up and open the Logins module
  •  When you see the option ‘Encrypt Login Form’ set it on ‘yes’
  •  Save the whole process.

8. Protect your cookies

If a user logs into your website special session cookies are set in the browser that will identify that user later. Every time someone logs onto your page the page will make these cookies so it knows which user and how many of them are viewing the page.
These cookies will remember the users that have logged in and will give them the privilege to use the site even after they have left it. These cookies can be intercepted by a third party, which will give them the same privileges as a member of the site.
You can force the SSL to encrypt these cookies during the entire session while you are on the site as a Super Admin or you can even make registered people’s cookies encrypted too. This way hackers will have no access to your website’s cookies. You can do this by going to the Server options and where it says ‘Force SSL’ select ‘Administrator Only’.

9. Disable FTP Layer

For the most part Joomla’s FTP layer is not required, therefore we recommend you to disable this function by the following steps:

  •  Login into your Joomla backend
  •  Go to ‘System’, then on ‘Global Configuration’ and then on Server
  •  You will see the option ‘FTP Settings’ where you should Select ‘No’ at the ‘Enable FTP’
  •  Save what you have done

10. Use the Two-Factor Authentication

This will give you an additional layer of security to your Joomla website. This system will random generate passwords over a period of time which are unique to your username. If you do not know that secret key you will not be granted entrance to the website. This will keep away key loggers, password crackings and hackings.

11. Always use a professional web hosting provider

The above mentioned 10 tips are crucial when we are talking about Joomla website security and by setting them, you can protect your site better. But it is also vital to choose a professional web hosting provider, where administrators have up to date security and hosting knowledge, and the storage is secured well.

It is recommended to choose a bit more expensive provider, since too cheap companies do not have enough resources (a.k.a. money) to hire professionals, in most cases students or non pro persons manage there the webservers. You should think about what is more expensive to you, to pay few bucks more every month, or hire a backup pro to restore your website in case it disappears because of cheap hosting solutions.
You can find many web hosting review websites on the internet and there are many forums as well, take your time and read few reviews to find the best hosting solution to your website. It is totally worth to do!

Best Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $5/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.

 



Joomla Hosting - ASPHostPortal.com :: Tips to fix access the private site on Joomla

clock November 16, 2016 07:56 by author Armend

This was a pretty interesting issue to find and resolve. It's an database 'error' of sorts that is pretty simple to fix. First of all this is all due to a parent<-child condition that has gone horribly wrong in an update or something else. Most likely you will find this issue in the table "assets". You will need to find your database prefix fist of all, easiest found in the configuration and the option "$dbprefix". I will call it "prefix_" here for ease of typing.

 

So to find if you have this issue you can run the following in an sql manager of your choosing (mysql or phpmyadmin shoulden't make any differents, i did it in the cli mysql)

SELECT id,parent_id,title FROM `prefix_assets` WHERE parent_id=0;

If you find that there are multiple rows then hit the above do the following

UPDATE `prefix_assets` SET parent_id=1 WHERE parent_id=0 AND NOT id=1;

You should also verify that the "Root Asset" has id 1 and parent_id 0

SELECT id,parent_id,title FROM `prefix_assets` WHERE id=0 OR parent_id=0;

this should give the result

id    parent_id    title

 1    0               Root Asset

if not run

UPDATE `prefix_assets` SET parent_id=0 WHERE title="Root Asset";

This should have fixed the issue.

Best Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $5/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.



Joomla Hosting - ASPHostPortal.com :: How to Install Joomla on a Local Server

clock November 9, 2016 07:19 by author Armend

How to Install Joomla on a Local Server

Joomla Content Management System (CMS) is easy to install. No matter what server operating system you’re running, Joomla’s installation process walks you through all the steps.
Before you install Joomla, set up the Joomla environment. The easiest way to do this is with XAMPP.
Once you have XAMPP installed, follow these steps to install Joomla:

 

  • Click the Download button on Joomla’s page.
  • Download the compressed .zip or .tar.gz file, as appropriate for your operating system.
  • Uncompress the Joomla files to the htdocs directory, or create a subdirectory of htdocs and then copy the uncompressed files to that subdirectory.

Your newly installed XAMPP directory contains a subdirectory named htdocs, which is where you put the files you want to access when you navigate to http://localhost in your browser.

  • Open your browser, and navigate to http://localhost or http://localhost/xxxx (where xxxx is the name of the subdirectory you created in Step 3).

The first Joomla installation page appears.

  • Select a language and Click Next.
  • All items in the top pane of Pre-Installation Check page should read Yes.

If you don’t see Yes for any item, contact your ISP’s technical support department).
This page also displays a list of recommended settings. If you’re installing Joomla on an ISP’s server, you don’t have a heck of a lot of choice about these settings, because the ISP’s tech staff determines them. and then Click Next

  • Review the license and click Next to accept the terms.

The Database Configuration page comes up.

  • Here are the settings you have to make in this page, along with brief explanations:
  • Database Type: Choose MySQL.
  • Host Name: Enter localhost.
  • User Name: In this text box, enter the default MySQL username root.
  • Password: Enter the password.
  • Database Name: Enter the name you used when you set up your database.
  • Joomla tests the connection to the database. If everything works properly, it takes you to the FTP Configuration page which you can skip.
  • Click next to skip the FTP configuration.
  • Enter the name of your new Joomla site in the Site Name text box.

This name will appear when you log in as an administrator.

  • Enter an administrator e-mail address in the Your E-Mail text box.

When you log into your new site, you’ll be the super user. The super user has maximum control of the site.
You can create several super users, but you can’t delete a super-user account. However, you can demote the account to a lower site permission level and then delete it.

  • Enter and then confirm the administrator password you want to use.

Joomla gives you the option of installing some sample data to see how the site works, and unless you’re an experienced Joomla user, you should definitely do that.

  • Select the Install Default Sample Data button; then click the Install Sample Data command button.

When you complete this step, the Install Sample Data button changes to the Sample Data Installed Successfully button.

  • Click Next.

Note the message on the right side of the page, which gently reminds you in gigantic red text to remove the installation directory.
Remove the installation directory.

To delete the Joomla installation directory, connect to your site by using your FTP program, and delete the directory there.
Click the Site button to visit your new Joomla site or click the Admin button to go to the administrator control panel.

Best Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offer Joomla hosting starts from $5/month only. We also guarantee 30 days’ money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice



Joomla Hosting - ASPHostPortal.com :: How To Use Microsoft SQL Server with Joomla 3.6.2

clock November 2, 2016 08:23 by author Armend

How To Use Microsoft SQL Server with Joomla 3.6.2

Joomla 3.6.2 has just been released, and it finally supports databases other than MySQL! You can now use Microsoft SQL Server (including the express versions) with Joomla. Many web developers will probably be using MS SQL Server Express for developing sites on their local machine.
The following steps show you how to setup and install Joomla 3.6.2 with MSSQL.

Install the PHP Drivers for SQL Server

The Microsoft Drivers for PHP for SQL Server driver is needed to connect to SQL Server with PHP. These drivers also provide support for PDO. When you run the setup program, a good place to install the DLLs are in the ext folder in the PHP installation (i.e. C:\Program Files\PHP\ext).

Modify php.ini to Use MSSQL

The PHP configuration file needs to be modified to use the new MSSQL DLL. Add the following code at the end of the .ini file:

[PHP_MSSQL]
extension=php_sqlsrv_53_ts_vc9.dll
extension=php_pdo_sqlsrv_53_ts_vc9.dll

The first line is all you need, unless you use PDO which the second line adds support for.

Install Joomla 3.6.2

Copy Joomla to a folder where you web site will host it and setup IIS to point to it. You still need to manually create a database with SQL Server Management Studio.
Once this is done, run the Joomla installation program. Follow the normal installation routine until you reach the Database Configuration page. When you select the Database Type, you will have the option of Sqlsrv for MSSQL on your server, or Sqlazure for SQL Azure for cloud-based Joomla

Best Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offer Joomla hosting starts from $5/month only. We also guarantee 30 days’ money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice



Joomla Hosting - ASPHostPortal.com :: Joomla installation on Plesk server, getting permissions

clock October 26, 2016 08:05 by author Armend

In this post I will explain about joomla installation, Installing Joomla on a Plesk server has it's problems with permissions. I think this gives a nice solution The steps are:

  • Add the ‘apache’ user to the ‘psacln’ group by editing /etc/group

    i.e. psacln:x:_hidden(dont actually change this field!)_:apache

  • Change the current directory permissions with:

    cd /home/httpd/vhosts/[domain.com]
    chown -R [username]:psacln httpdocs
    chmod -R g+w httpdocs

  • Find httpdocs -type d -exec chmod g+s {} \;
  • This set the setuid bit on each of the directories
  • Reload the apache settings with /etc/init.d/httpd reload
  • If you are using proftp to upload files or the new joomla 1.5 ftp layer then change the umask for proftpd by editing ‘/etc/proftpd.conf’ to read Umask 002
  • Otherwise change the umask that php uses. The easiest, but I guess least elegant way is to add the line <?php umask (0002); ?> to the top of the administrator template index.php file. In Joomla 1.5 this is "administrator/templates/khepri/index.php"

Joomla also complains about some PHP settings, sometimes including not being able to write to ‘/var/lib/php/session’. To fix the issues, make some adjustments to the vhost.conf for the domain:

<Directory /home/httpd/vhosts/[domain]/httpdocs>
php_admin_flag magic_quotes_gpc on
php_admin_flag display_errors on
php_admin_value session.save_path /tmp
</Directory>

If the vhost.conf is brand new, then run:

/usr/local/psa/admin/bin/websrvmng -av

Make sure Apache runs with your new configuration:

# httpd -t (check your work)
# /etc/init.d/httpd reload

Best Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offer Joomla hosting starts from $5/month only. We also guarantee 30 days’ money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice



Joomla Hosting - ASPHostPortal.com :: How to Inserting, Updating and Removing data using JDatabase

clock October 5, 2016 20:12 by author Armend

How to Inserting, Updating and Removing data using JDatabase

This tutorial is split into two independent parts:

  • Inserting, updating and removing data from the database.
  • Selecting data from one or more tables and retrieving it in a variety of different forms.

This section of the documentation looks at inserting, updating and removing data from a database table

 

Joomla provides a sophisticated database abstraction layer to simplify the usage for third party developers. New versions of the Joomla Platform API provide additional functionality which extends the database layer further, and includes features such as connectors to a greater variety of database servers and the query chaining to improve readability of connection code and simplify SQL coding.
Joomla can use different kinds of SQL database systems and run in a variety of environments with different table-prefixes. In addition to these functions, the class automatically creates the database connection. Besides instantiating the object you need just two lines of code to get a result from the database in a variety of formats. Using the Joomla database layer ensures a maximum of compatibility and flexibility for your extension.

The Query

Joomla's database querying has changed since the new Joomla Framework was introduced "query chaining" is now the recommended method for building database queries (although string queries are still supported).
Query chaining refers to a method of connecting a number of methods, one after the other, with each method returning an object that can support the next method, improving readability and simplifying code.
To obtain a new instance of the JDatabaseQuery class we use the JDatabaseDriver getQuery method:

$db = JFactory::getDbo();
$query = $db->getQuery(true)
;

The JDatabaseDriver::getQuery takes an optional argument, $new, which can be true or false (the default being false).
To query our data source we can call a number of JDatabaseQuery methods; these methods encapsulate the data source's query language (in most cases SQL), hiding query-specific syntax from the developer and increasing the portability of the developer's source code.
Some of the more frequently used methods include; select, from, join, where and order. There are also methods such as insert, update and delete for modifying records in the data store. By chaining these and other method calls, you can create almost any query against your data store without compromising portability of your code.

Inserting a Record

Using SQL

The JDatabaseQuery class provides a number of methods for building insert queries, the most common being insert, columns and values

// Get a db connection.
$db = JFactory::getDbo();
// Create a new query object.
$query = $db->getQuery(true);
// Insert columns.
$columns = array('user_id', 'profile_key', 'profile_value', 'ordering');
// Insert values.
$values = array(1001, $db->quote('custom.message'), $db->quote('Inserting a record using insert()'), 1);
// Prepare the insert query.
$query
    ->insert($db->quoteName('#__user_profiles'))
    ->columns($db->quoteName($columns))
    ->values(implode(',', $values))
// Set the query using our newly populated query object and execute it.
$db->setQuery($query);
$db->execute();

Using an Object

The JDatabaseDriver class also provides a convenient method for saving an object directly to the database allowing us to add a record to a table without writing a single line of SQL.


// Create and populate an object.
$profile = new stdClass();
$profile->user_id = 1001;
$profile->profile_key='custom.message';
$profile->profile_value='Inserting a record using insertObject()';
$profile->ordering=1;
// Insert the object into the user profile table.
$result = JFactory::getDbo()->insertObject('#__user_profiles', $profile);

Notice here that we do not need to escape the table name; the insertObject method does this for us.
The insertObject method will throw a error if there is a problem inserting the record into the database table.
We need to ensure that the record does not exist before attempting to insert it, so adding some kind of record check before executing the insertObject method would be recommended.

Updating a Record

Using SQL

The JDatabaseQuery class also provides methods for building update queries, in particular update and set. We also reuse another method which we used when creating select statements, the where method.

$db = JFactory::getDbo();
$query = $db->getQuery(true);
// Fields to update.
$fields = array(
    $db->quoteName('profile_value') . ' = ' . $db->quote('Updating custom message for user 1001.'),
    $db->quoteName('ordering') . ' = 2'
);
// Conditions for which records should be updated.
$conditions = array(
    $db->quoteName('user_id') . ' = 42',
    $db->quoteName('profile_key') . ' = ' . $db->quote('custom.message')
);
$query->update($db->quoteName('#__user_profiles'))->set($fields)->where($conditions);
$db->setQuery($query);
$result = $db->execute();

Using an Object

Like insertObject, the JDatabaseDriver class provides a convenience method for updating an object.
Below we will update our custom table with new values using an existing id primary key:

// Create an object for the record we are going to update.
$object = new stdClass();
// Must be a valid primary key value.
$object->id = 1;
$object->title = 'My Custom Record';
$object->description = 'A custom record being updated in the database.';
// Update their details in the users table using id as the primary key.
$result = JFactory::getDbo()->updateObject('#__custom_table', $object,
'id');

Just like insertObject, updateObject takes care of escaping table names for us.
The updateObject method will throw a error if there is a problem updating the record into the database table.
We need to ensure that the record already exists before attempting to update it, so we would probably add some kind of record check before executing the updateObject method.

Deleting a Record

Finally, there is also a delete method to remove records from the database.

$db = JFactory::getDbo();
$query = $db->getQuery(true);
// delete all custom keys for user 1001.
$conditions = array(
    $db->quoteName('user_id') . ' = 1001',
    $db->quoteName('profile_key') . ' = ' . $db->quote('custom.%')
);
$query->delete($db->quoteName('#__user_profiles'));
$query->where($conditions);
$db->setQuery($query);
$result = $db->execute();

Best Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offer Joomla hosting starts from $5/month only. We also guarantee 30 days’ money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.



About ASPHostPortal.com

We’re a company that works differently to most. Value is what we output and help our customers achieve, not how much money we put in the bank. It’s not because we are altruistic. It’s based on an even simpler principle. "Do good things, and good things will come to you".

Success for us is something that is continually experienced, not something that is reached. For us it is all about the experience – more than the journey. Life is a continual experience. We see the Internet as being an incredible amplifier to the experience of life for all of us. It can help humanity come together to explode in knowledge exploration and discussion. It is continual enlightenment of new ideas, experiences, and passions

Corporate Address (Location)

ASPHostPortal
170 W 56th Street, Suite 121
New York, NY 10019
United States

Sign in