As you all know, every new Joomla! installation comes with a Super Administrator account with a well-known user ID: 62. Nobody really knows for sure why 62 was chosen, but this can lead to your site's security being compromised. Why? It is a very well known value and potential hackers can take advantage of it in conjunction with another vulnerability to take control of your site. Known constants are a security nightmare as made clear in the case of the attack against Joomla! 1.5.5 which caused a lot of sites to be compromised as the researcher who found the vulnerability released it to the general public before the Joomla! team had a chance to fix it.

One easy workaround is to demote this well-known user account down to the Registered level and block it, hanging potential hackers to dry. However, in order to complete our security modification we do need another Super Administrator. The problem is that if you just create a new user his ID will be 63, which is not secure at all; it's a hacker's next best bet. So, we need a way to create a Super Administrator with a random ID, preferably in the 1-61 range which is otherwise unused in Joomla!. This is what we are going to do, folks, without even using phpMyAdmin for the task.

Note: You will be modifying your site's database. Even though the following procedure is well-tested, it's best to practice it on a local testing server first.

Whenever I say to a circle of friends that I am a Joomla! developer, the dreaded question always pops up: “Hey, I've heard that this Joomla! thing is good, can you help me build my own site?”. This usually makes me frown because a. the person who asks is a complete newbie to Joomla! and/or web sites and b. they don't want to hire a web developer – like me, for example – to build their site. If I respond positively to such an inquiry I will end up building a site, explaining step-by-step how I do that, do a lot of training and not get paid for my time (no, buying me a coffee doesn't make up for 80 hours of lost time, sorry). If I respond negatively I am usually accused of elitism, or even confronted with the equally dreaded “Oh, come on, you'll just teach me the basics, I don't want to steal your job”. Awh... What can anyone do in such an awkward situation?

If you have ever been a regular of the Joomla! forums you have most certainly come across some frustrated post of a paniced user whose site has been hacked. The truth is all web applications suffer from the same phenomenon, not because they are insecure by nature, but because most people don't have the slightest clue on what they are supposed to do to protect their site. Security isn't all that hard, but isn't all that straightforward, either. It's a bit like contraception. It's necessary, but no method is bulletproof. As a result, this article is not meant to be a complete guide to Joomla! security, but - very much like the Joomla! Security Checklist - it is just a set of guidelines you can easily follow, for that extra peace of mind.

[span class=notice]This article was originally written in December with the intent of being volunteered to the Joomla Community Magazine. Three months down the road and things are still stagnating for JCM, mostly due to the unavailability of volunteers. I decided to post this article on my site for two reasons. First being, it would become irrelevant by the time JCM would finally be online. The second - and most important - being a call for volunteers. Joomla! needs you. Please, give some of your time to be part of this. Thank you![/span]

This is an excerpt of my guest blog entry on osSupportDesk's blog. There's a link to the full article below.

A few months ago I had presented one way of automatically assigning subdomains on a local testing web server, without having to edit your httpf.conf file all the time. For those who hadn't been following this blog, I'm talking about my “Holy Grail of local web development servers” article, achieving subdomain names in the format myapp.local.web by simply creating the folder myapp on your local web server's root. Even though the solution presented last time was elegant, it lacked that supernatural touch of a really great solution. I could never quite stomach those ugly URL rewriting rules. So, here it is: we revisit this issue and improve the solution!

Whenever someone decides to launch a website, or hired to do so for a client, he’s given three broad choices which will define how they’ll proceed: static HTML, a CMS or Flash. The former being practically dead due to inflexibility and the latter being not only inflexible, but extremely costly to produce, the CMS route seems a dead end; more specifically, the Open Source CMS route.

Dead end it is. Try raising the simple, innocuous question “Which CMS should I chose for my site?” on any public forum and a war seems to spring right out of nowhere. The fighting fractions are what I usually call The Big Three: Drupal, Joomla! and WordPress fans. But is this all there is to it? Does the Open Source CMS universe revolve around only three players? Given the Open Source spirit of Freedom of choice, one would hardly expect this to be the case. In fact, it isn’t. There is more to Open Source CMS than meets the eye.

Read my guest post on the SpeckyBoy.com design magazine

Joomla! is often paralleled to point-and-click presentation software, such as Impress or PowerPoint, in terms of ease of use. Granted, Joomla! makes it extremely easy to build a site having no knowledge of its internal working, or even what HTML is. However, in order to build a stunning site you need a bit more than that. It’s the tricks in the web builder’s bag which determine his success, both in customer satisfaction and financial terms.

Some of the fundamental techniques for creating compelling sites is your ability to master the use of modules. Often overlooked, modules are the most practical way to integrate diverse content on a single page. Leveraging their use from mere content bearers to integral parts of your content can transform your site from boring to intriguing. The following technique has proved itself again and again in a vast array of site genres. I call it the "Faux module positions" technique.

Read the full article on WebAppers.com

If you manage an ad-supported site, you are probably aware of the problem I’m going to discuss. Some of your ads are stellar, some others are stubborn underachievers, to the extent you might consider them a waste of screen real estate. The truth about ads is that they are position sensitive. Where you put them determines, for the most part, their success. You can’t avoid all bad positions altogether but you can create new competent positions no-one has ever told you about. Implementing this in Joomla! takes 5 minutes and requires no programming skills!

[readon url="http://www.cmsmoz.com/improve-adsense-results-with-on-the-fold-ads"]Read the full article on CMSmoz.com[/readon]

If you are a serious web developer, you might have already figured out that performing experiments and untested upgrades on production servers is a disaster waiting to happen, bringing down the live site with them. Staging live servers (in the form of dev.example.com) usually don't cut it either, especially if you have a lot of file transferring or editing to do. However, local development is still a kludge, as you have to develop in a sub-directory, something like http://localhost/mysite. This has all sorts of implications, the most evident of which being that it breaks cross-content links if you try to pack it and deploy it back to the live site.

Ideally, you would need to develop in subdomains, something like http://mysite.localhost, which would mean that you have the flexibility of local development with the peace of mind of not having to develop in a sub-directory. But, face it. Setting up subdomains is an involving process, requiring hacking around your Apache configuration files. This is suboptimal if you want to do it regularly. Unless you come up with a way to turn http://mysite.localhost to automatically understand where it should find its files.

This article will explain you how to combine WampServer and BIND to create this kind of Holy Grail local web development server on Windows. You will configure a single DNS entry and a single virtual host in order to create a server which can handle infinite subdomains! The only pre-requisite is having a fixed IP address for your server. Well, even 127.0.0.1 will do if you can't do anything better than that!

 

As the maker of JoomlaPack Akeeba Backup – the Open Source utility to backup, restore and migrate your Joomla! site – I often have to face certain challenges. Like when a user told me that as soon as he transferred his site to a different domain, all links in his content would link to the “old” site. Fighting the temptation to dismiss it as a user error, I did some digging around. Throughout this journey I found out some of Joomla!’s link handling deficiencies, their repercussions and coded a workaround.

In this article I am going to talk about how Joomla! handles the link base and canonical URLs, as well as what happens when you migrate your site to a different domain, subdomain or even a subdirectory.