Whenever I say to a circle of friends that I am a Joomla! developer, the dreaded question always pops up: “Hey, I've heard that this Joomla! thing is good, can you help me build my own site?”. This usually makes me frown because a. the person who asks is a complete newbie to Joomla! and/or web sites and b. they don't want to hire a web developer – like me, for example – to build their site. If I respond positively to such an inquiry I will end up building a site, explaining step-by-step how I do that, do a lot of training and not get paid for my time (no, buying me a coffee doesn't make up for 80 hours of lost time, sorry). If I respond negatively I am usually accused of elitism, or even confronted with the equally dreaded “Oh, come on, you'll just teach me the basics, I don't want to steal your job”. Awh... What can anyone do in such an awkward situation?

If you have ever been a regular of the Joomla! forums you have most certainly come across some frustrated post of a paniced user whose site has been hacked. The truth is all web applications suffer from the same phenomenon, not because they are insecure by nature, but because most people don't have the slightest clue on what they are supposed to do to protect their site. Security isn't all that hard, but isn't all that straightforward, either. It's a bit like contraception. It's necessary, but no method is bulletproof. As a result, this article is not meant to be a complete guide to Joomla! security, but - very much like the Joomla! Security Checklist - it is just a set of guidelines you can easily follow, for that extra peace of mind.

This article was originally written in December with the intent of being volunteered to the Joomla Community Magazine. Three months down the road and things are still stagnating for JCM, mostly due to the unavailability of volunteers. I decided to post this article on my site for two reasons. First being, it would become irrelevant by the time JCM would finally be online. The second - and most important - being a call for volunteers. Joomla! needs you. Please, give some of your time to be part of this. Thank you!

This is an excerpt of my guest blog entry on osSupportDesk's blog. There's a link to the full article below.Web site backup comes with its own set of limitations and pitfalls. If you trust your web host for backup you might find your expectations fall short. Most hosts take daily backups – if any at all –on a secondary hard disk on the same server or, even worse, on a secondary partition of the same hard disk. If the server goes down due to a hardware fault, so does your backup. A few enlightened hosts also take backups on remote storage, for example NAS arrays. Even they do so on rather sparse intervals, for example twice per week. This means that on a complete catastrophe you will most assuredly lose a fair amount of data.

The solution is simple in concept. Take your own backups and store them on a cloud storage service, like Amazon S3. Taking your own backups means that you get to decide which data and how often has to be backed up, making sure that the crucial, regularly updated information routinely ends up in a backup archive. Using a cloud storage device adds a strong data safety clause to your procedure, while keeping costs low. Cloud storage is designed to be redundant and reliable, boasting a negligible risk of data corruption or data loss. Combined with its incredibly low cost, it is reasonably attractive to businesses of all sizes: from hobbyists and sole proprietorships up to large corporations and government agencies.

Read the full article on osSupportDesk

If you manage an ad-supported site, you are probably aware of the problem I’m going to discuss. Some of your ads are stellar, some others are stubborn underachievers, to the extent you might consider them a waste of screen real estate. The truth about ads is that they are position sensitive. Where you put them determines, for the most part, their success. You can’t avoid all bad positions altogether but you can create new competent positions no-one has ever told you about. Implementing this in Joomla! takes 5 minutes and requires no programming skills!

Read the full article on CMSmoz.com

Joomla! is often paralleled to point-and-click presentation software, such as Impress or PowerPoint, in terms of ease of use. Granted, Joomla! makes it extremely easy to build a site having no knowledge of its internal working, or even what HTML is. However, in order to build a stunning site you need a bit more than that. It’s the tricks in the web builder’s bag which determine his success, both in customer satisfaction and financial terms.

Some of the fundamental techniques for creating compelling sites is your ability to master the use of modules. Often overlooked, modules are the most practical way to integrate diverse content on a single page. Leveraging their use from mere content bearers to integral parts of your content can transform your site from boring to intriguing. The following technique has proved itself again and again in a vast array of site genres. I call it the "Faux module positions" technique.

Read the full article on WebAppers.com

As the maker of JoomlaPack Akeeba Backup – the Open Source utility to backup, restore and migrate your Joomla! site – I often have to face certain challenges. Like when a user told me that as soon as he transferred his site to a different domain, all links in his content would link to the “old” site. Fighting the temptation to dismiss it as a user error, I did some digging around. Throughout this journey I found out some of Joomla!’s link handling deficiencies, their repercussions and coded a workaround.

In this article I am going to talk about how Joomla! handles the link base and canonical URLs, as well as what happens when you migrate your site to a different domain, subdomain or even a subdirectory.

We live in a potentially hostile world. Spammers, scammers, hackers and - alas! - script kiddies are after our site, for all we know. It's bad if - like most people - your site is your personal page. It's humiliating if - like many - it's the internet presence of your company. It's devastating if you are one of those people whose site is their business. Having regular, automated full site backups is a good first step, but they're only good at fixing a disaster after it has happened. Putting restrictions and controls (such as firewalls and tough passwords) is essential, but only if they don't fail. As Einstein bluntly put it "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former". An ingenius hacker, or a stupid script kiddie, might stumble upon a way to bypass your security controls and gain unauthorized access to your site. They can even hack you yesterday and eploit their back door today.

So, what can we do? Sit around, act casual until disaster strikes? No, not at all. What we need is a proactive check of our site files. If anything unusual is added, removed or modified the equivalent of a red alert should go off in our head and force us to take measures to contain and fix the problem before it's too late. It all boils down to an easy way to get a difference between the current state of our site and the last (and also known good) state of our site. This is the question I tried to answer with JoomlaPack SiteDiff.

Today I was reading Brian Teeman's blog post "Help my Joomla web site has been hacked!!". It outlines a pretty much scary story of site hacking. As we all know, security is a speed race. We have to upgrade our site software before a potential hacker gets wind of our outdated scripts, otherwise we run the risk of having our site compromised before we can react. What's more, the compromise might be exploited to the attacker's benefit long after we have upgraded the vulnerable site software, adding to our confusion. Quite a nightmare. But the hidden gem of this story, is a link back to Brian's "Are you a Dork?" post. He implies that attackers can easily guess the version of our site's extension, before breaking in our site. How can they? And what can we do to stop them? Read on for the full disclosure.

Sometimes there is a need to hide Joomla! modules from registered (non-guest) users. For example, we may have a "please register" banner rendered by a module, which makes it rather pointless to be shown to registered users. Unfortunately, there is no such functionality in Joomla! 1.5.x. Instead of groing old waiting for Joomla! 1.6 to arrive, you can use a viable workaround.