Joomla! 4 introduces a plethora of new and exciting features. While most of them are very visible, giving you new ways to build and use your sites more easily, there's an abundance of features designed to enhance the security of your site. Today we'll be talking about WebAuthn, a feature that has the unique distinction of belonging in both categories: it makes your site login more secure and easier at the same time.
On the weekend of July 26th and 27th nine developers from around the world gathered in Manchester, UK to clean up Joomla's bug tracker. The project's bug tracker had grown unkempt, with hundreds of issues that were stagnant for a long time. Some issues were there for over a year. Moreover, the JoomlaCode issue tracker wasn’t really fit for the amount of growth Joomla had experienced since 2005. It was necessary to put the number of issues under control and move to an improved bug tracker and that was the goal of the Joomla! Bug Sprint.
Joomla!’s temporary off-line mode is a very handy option to temporarily take your site down while performing maintenance —e.g. updating the Joomla! core or an extension— and is even suggested by the official documentation for the unfortunate time that your site has been compromised. However, is this really off-line, or are there any pitfalls you should be aware of?
With the abundance of e-commerce solutions for Joomla! it is very easy building a great looking on-line store, showcasing your products and effectively convincing your potential customers to add them to the cart. Beautiful images, obvious calls for action, unique selling points and a smooth online shopping experience are easy to setup and help you “seal the deal” with the customer. However, this is only half the story. One of the most overlooked business decisions when building any kind of e-commerce site is the payment method. It’s what affects the very last step of the online shopping experience and the single most frequent reason to lose a sale.
If you were to provide a short list of the threats against your site, which one would be the number one threat? For me, it's script kiddies. Those pesky individuals who don't have a programming bone inside them, but still can cause a great deal of harm to our sites by using pre-packaged attacks against them. Their success rate is amazingly high, mostly due to our fault. The purpose of this article is to demonstrate some trivial techniques to add a degree of stealth on your site so that script kiddies can't launch their attacks and even if they do, they will most likely be fended off successfully. Just like a ninja, you'll learn how to have your site lurk in plain sight without being spotted by those pesky attackers.
On quite a few occasions fellow developers ask me which is the best way to get started with Joomla! Development. Among other things, I always propose that they should have a complete reference of the Joomla! Framework API. The only book which was up to this task was "Mastering Joomla! 1.5 Extension and Framework Development", albeit a bit outdated since it was written when Joomla!1.5 was still in beta, some two and a half years ago. When Packt Publishing announced that they'd release the updated "Mastering Joomla! 1.5 Extension and Framework Development (Update)" I was ecstatic! So, here you go, I reviewed the new edition of the book and I'm willing to share my experience with you.
In our last issue we were discussing about how any Joomla! site belongs to a homogeneous population, why this is bad from a security perspective, and how to avoid that by changing your database table prefix. In this issue, we are going to expand a bit more, by making sure that another set of common characteristics – the Super Administrator user name and ID – are different than those a potential hacker would expect.
When dealing with website security, most web masters think only about fending off potential attacks. However, we are all human. No matter how hard we try, some of the attacks will make it through, and hit our site. Our concern should be making sure that these attacks never cause any real harm to our site. We'll start covering our bases from... the database! In this issue we'll see some working, real-world examples of security measures based on that concept, which take a minimal amount of time and skills to apply to your own site. But, first, what has the database to do with security and your site surviving hacking attempts anyway?
Joomla! is often bashed by unknowledgeable people as insecure. How little they know! The fact is that no system is airtight, unless you do your part to secure it. Most people coward away hearing as much as the word “security” itself. You don’t have to! Securing your site is rather easy, if you know what, where, and how it needs to be completed. This article may only scratch the surface, but will provide you with enough advice to perform a major upgrade in your site’s security in a few, easy steps.