This error comes back time-to-time, especially after a Joomla site is moved from one server to another. The symptoms are simple - but frightening. You try to login to the administrator interface as usual, with your well known credentials, and the login box is reloading whitouth any kind of error message and withouth letting you in. No errors in browser console, no error in the logs, and no errors even if you turn the error reporting to maximum or the Joomla debug on. You can try even the tricks described elsewhere in this site to change your admin password - that won't help.
Why? Because the cause(s) - yeah, there can be multiple causes - are different from having bad credentials! Let's see what you can do about!
ATTENTION: these tricks are qualified as core hacks, so be careful: backup, wear your lucky hat, keep your finger crossed - and take any other security measures before you proceed - you can ruin your site easily with a wrong move.
What if you need to load a module inside a Joomla component?
Simple, not? Theory says, that you need to add this code to the template override of desired output, and you're done!
<jdoc:include type="module" name="mymoduleposition" />
Well, not allways..
Today I have faced a strange, never seen before error. I have worked on recovering a server with couple of old Joomla sites after a major crash, when one of sites ceased to "fly" again, and showed up nothing else but a white screen with this text:
Infinite loop detected in JError
If you purchased a commercial Joomla template it is very likely that in the package you got you have a special installation package, called Quickstart which let you have the carbon copy of the template demo site in just couple of clicks. It is a gread bonus, helpful especially for beginners. but once in a while you might have problems by installing this package, especially if you try to install it on your local machine.
After year of using myself the tip You Do Not Have Access to the Administrator Section of This Site successfully today I hit the wall.
I did one more stunt as the ones described above - but didn't helped.
But let's see first the failed hack - because that\s interesting too:
I was sure that ths is an error wich newer come back to me - was a relatively common one in early 2010-s, since dissappeared from my radar. Today one of my former students approached me with his problem. He took over a site running the latest Joomla, and when tried to change the blog list views to category blog views, as the siteowner requested, the respective pages ended up with a white PHP fatal error death screen.
Baba Yaga is an entity that haunts the dreams of children and a common threat that parents use when their children misbehave in Slavic countries across Eastern Europe.
But in the world of malware, BabaYaga is a form of malware that can update itself, use antivirus functionality and more. Much like the mythical creature, BabaYaga malware has the potential to haunt Joomla/WordPress or, in fact any PHP site administrators and IT support staff.
Sometimes you need to find out the exact Joomla version for a website you don't own for a decent reason - like you are a freelancer and need to provide an estimation for a job on the respective site.
Sure, you can ask the owner ;) but that's the easy scenario.
Fortunately there are relatively easy - and legitimate - ways to find it out, unless the owner of the site hasn't blocked the access to this information. In my personal experience (believe me, I have some) this is rarely happening.
A client called me one of these days with this request. He told me, that what was once a simple one click action to print, email or edit an article in frontend in Joomla 1.5 has became an uncomfortable, two click process, which in some devices proved to be increasingly difficult. After a bit of digging around I found for him an easy to implement template override which make him happy.
Recently in more (usually cheap) hosts more of my clients reported a strange error, wich showed up recently, withouth notice.
The error message is like this:
1104 The SELECT would examine more than MAX_JOIN_SIZE rows; check your WHERE and use SET SQL_BIG_SELECTS=1 or SET SQL_MAX_JOIN_SIZE=# if the SELECT is okay
followed by the failing query.
Joomla Privacy tools suite is a welcome addition for all Joomla webmasters- especially for those in EU. GDPR regulations make this not only a desirable asset, but a must have item.
But what about multilingual sites? Looking to the configuration settings it is not obvius at all how you can use in your multilingual site properly.
Life is full of surprises. One of these days I got a job offering with a consistent budget, one of my former clients approached me to "make his site secure". I said yes, but when turned out what he wanted in fact i had a surprise: he wanted nothing else, just to make the browser warning about "unsecure site" go away. He actually purchased a security certificate and hired someone to install it onto his server - with no success.
A client of mine asked this question: "How can I allow registered users to log in and see the site even in offline mode, without giving them Super user privileges?"
Today I had to upgrade an old, Joomla 2.5.7 site to latest Joomla, everything went out fine until I had to do the first critical step - the upgrade from Joomla 2.5.28 to Joomla 3.51. Did I mentioned that server has PHP 5.6.25 withouth possibility to upgrade - at least not on short term?
OK, so, wasn't the best setup condition available, but usually this is not a dealbreaker.
And BUMM, I have seen an old "friend", a popup saying:
ERROR: Invalid login
When other people link to your images directly this can put an unwanted, additional strain on your servers - it is not just an annoying, unfair practice to use your intellectual property.
That practice is called image hotlinking and you can disable it by adding some code to your .htaccess file.
... and does this randomly, both in frontend and backend, sometimes showing the correct pages, and rarely an error message saying, that "table '#__session' is marked as crashed and last (automatic?) repair failed".
Joomla, as most CMS's excells by making it easy to manage a website page. Offers a pretty easy way to manage Web-based publishing, format management, history editing and version control, indexing, search, and retrieval. Joomla has an impressive suite of features, but these features require some special considerations.
Sometimes you need to allow a user to access and manage only one (or a few) Joomla! component in the backend. This is quite easy to set up, you need to use cleverly the ACL sytem Joomla has allready in.
You have done a great job by cleaning your recently hacked file? Excellent, but you not finished yet!
If you were blacklisted by Google, McAfee, Yandex (or any other web spam authorities), your site is showing various malware warnings to your visitors, wich can be a big turn down factor. Luckily you can request a review after the hack has been fixed.
Be sure your site is clean before requesting a review!
By comparing infected files with known good files (from official sources or reliably clean backups) you can identify and remove malicious changes.
To manually remove a malware infection from your Joomla! files:
Log into your server via SFTP or SSH.
Create a backup of the site files before making changes.
Search your files for reference to malicious domains or payloads you noted.
Identify recently changed files and confirm whether they are legitimate.
Review files flagged by the diff command during the core file integrity check.
Restore or compare suspicious files with clean backups or official sources.
Remove any suspicious or unfamiliar code from your custom files.
Test to verify the site is still operational after changes.
If you can't find the malicious content, try searching the web for malicious content, payloads, and domain names that you found in the first step. Chances are that someone else has already figured out how those domain names are involved in the hack you are attempting to clean.
Diff tools to compare suspicious files with known-good copies:
After upgrading to Joomla 3.6 I had a nasty surprise - in the Joomla Installer the tabs - Install from file, Install from folder etc.., all but the Install from Web - where all gone. Of course, nothing found on the web: this happens when you are an early adopter. But I discovered the "fix" accidentally, on my own.
the competition for SERP's (Search Engine Ranking Positions) is fierce. The slightest advantage you can gain can make the difference. Good navigation is key here - and part of this is to give some extra info to your visitors of what they will see if they clicking on a given link. Adding the article title to your Read More links is a way to make this happen.
As I write this, both Joomla 1.5 and 2.5 have reached their EOL (End Of Life) for long time, and are not developed or supported anymore. This is a huge security risk, so the best advice here is to upgrade your Joomla site to the latest version. But what if you don't have the time/funds to do it right now?
If you search on Google for the term "joomla can't login after moving to new server" - or something similar, you will get more, than 1 million hits for most of the combinations.
So, you aren't alone. And there are plenty of suggestions, on what might gone wrong and how you might find that, and there are verious fixes. But what if you moved the site to another domain? From development server to it's final place? This is a subject wich is rarely touched by those advices.
Having correctly implemented spatial navigation in your custom forms is more important, than ever these days. Unfortunately Joomla's core JForm does not support adding the required info easily (for example by creating an XML file which will output the correct code.
You just upgraded your Joomla site to latest Joomla 2.5 or 3.* and your regular, registered users cannot login to the frontend, seeing this error:
"You cannot access the private section of this site"
How to build a smart Contact Us module?
Smart in what way, you can ask... Simple: to let you know, in which page of the site the user filled it and send it to you! Why? you never get a criptyc message from your clients you wasn't able to find out what they are referring to?
If you use the core login module, redirecting the user to a given page (more precisely, to a menu item) is a breeze. But what if you want to do a trickier thing? For example what if you have a custom component/plugin which has a view with restricted parts, available only for logged in users, and you want the user to remain on the same page after the login (for example from a login box shown in a modal box)?
Tricky, eh? Took me some hours of trial and error, digging around forums and such, but here is the Joomla coding trick which will offer you a simple solution:
It's one of besk keept "secrets" of Joomla 2.5+ - there is a built in password strenght meter, ready to be used. And some are selling for good money - and others offering free plugins - to let you unleash the hidden power.
But if you aren't afraid to make your hands dirty with some PHP code, here is how you can do this:
Did you ever get this annoying error?
Save failed with the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL=INSERT INTO ***_contentitem_tag_map
"I also cannot save the articles and here is the error I got 500 - An error has occurred!"
Easy cake - I was thinking, but after checking his account, discovered, that all settings described on that article (namely the collation settings in database) where correct.
I had been driven crazy recently by couple of my sites suddenly beginning to exhibit a very annoying behavior. Sites, which worked flawlessly over past months/years began to die when I tried to save something, from new or edited articles, modules, menu items, contacts.
Of course the first thing I done was to look to the error logs, then to enable debug and set the error reporting level to maximum. Nothing helpful.
Time-to-time I am hitting the wall with this, even with 100+ VM sites in my portfolio, and parts of VM core having my signature. Here are few tricks wich usually solves the problem.
It's annoying... your own Joomla site don't let you log in in the backend, and you see the above error message... What's happened?
Humm, there are couple of things you can do. Contrary of the lots of "smart" blog entries on the subject out there (last search revealed about 2 million hits) in most of the cases, regardless to Joomla version the cause is simple:
Recently one of my clients needed an interesting feature: to have different, un-related prices for the products in his shop for each "currencies" he wanted to use. The quote signs aren't by mistake there, one of his "currencies" was for example Payments in USD from China... Interesting currency, what you think?
At the first the problem seemed to be simple: since the existing VM framework let you define any kind of extra currencies, and also let you enter prices for products in all of your currencies, the logical step was to simply switch off the currency converter plugin, as was possible in VirtueMart 1.1.9 and earlier versions.
But there is the first catch - this is no more possible.
Suddenly you get the JLIB_APPLICATION_ERROR_COMPONENT_NOT_LOADING all over the place - frontend and backend alike? And you searched the web and get all sorts of confusing tips?
Look no further - at least until you did not tried this simple trick! (Especially if you just relocated your site recently - or your hosting company did it for you). If you have plenty of space, check the following tip too.
After upgrade to Joomla 3.2 from previous Joomla 3.* versions you might see the above error message in the backend, or, worse, you simply don't receive any e-mail notifications you usually do. And the site worked just fine before the upgrade!!
If you have registration enabled, or you use the site to interact with your visitors/customers the side effects can be really damaging - nobody gets any mails - and you evend don't see any notice about, until you began to dig for the causes, and, for example, try to send a message for yourself from backend. This potentially can roun your online business or community. Apparently everything is OK, all settings are correct, but the mails are simply not sent.
What's the cause and, more important, how you can fix it?
You might experienced this, the links in the Alphabar are sometimes misbehaving, the module assignments in the resulted pages are gone off, if you have some fancy module to menu associations set in your SoBiPro powered site. Obviously, this is an ItemID handling problem, and, unfortunately can be fixed only with a core hack.
While working on a new site I discovered, that reCaptcha - which used to be a rock solid part of the CMS since Joomla 1.7 - stopped working. Spent couple of hours googling around and checking and double-checking settings, just to discover, that Google, in his infinite wisdom, has changed things again without notice. The problem affects all Joomla versions from 1.7.1 to 3.2.0.
You might think, that this is an easy job, you just set up sh404SEF, and you're done! Maybe... but sometimes this might be really wrong. Especially if you have a multilingual site, and a properly built Joomla 1.7+ template.
Recently - once again - I faced a very annoying problem: after migrating a Joomla site from Joomla 1.5 to Joomla 1.7 - and later to Joomla 2.5 - time-to-time the menu ordering switched back to the essentially wrong ordering resulted from migration process. First time I thought I am doing something wrong, and when my client cried about, I reordered a menu again and again. I have to fight with this problem too many times until I found the source of error and an easy fix.
Today I had a big surprise, several of my sites went out of business with the "Error: 500 - String could not be parsed as XML" message. I checked everything, and found no clues what can be happened. the sites weren't hacked, files or database has no signs to being tampered width or being damaged.
And usual bug-hunting tactics as unpublishing modules for example revealed also nothing.
Sometimes the Joomla site owners get a bit paranoic after a time, due to lot of hype about site security. Basically is nothing wrong with, a good site security is based on keeping your accounts secure. But what about when you are hired to do something in a Joomla site and you got ALL access (including FTP and database access) but you discover, that the Joomla account you received is only an Administrator. You can do a lot as an Administrator - but often not enough! Don't tell me, that this never happened to you - unless you are a Joomla rookie. What you can do?
Sometimes the simplest problems are giving you headaches... here is one of them. One of my clients recently requested to build a mobile-aware (responsive) site with phone numbers callable with one click from mobile devices.
After fooling around a while with testing all sorts of complicated solutions, I found it to be a very easy homerun, in fact:
Clickjacking is a browser security issue and is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. The hacker installs an invisible layer over the existing site, hijacking the user's clicks. The suspicious-less user will perform this way actions they never intended to, from apparently inoffensive ones, as following someone on Twitter, to really nasty things, like password, credit card information theft, and anything else you might (not want to) do on a webpage.
Is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. On a clickjacked page, the attackers load another page over it in a transparent layer, in most cases using HTML FRAME based techniques. The users think that they are clicking the buttons they are actually seeing, while they are in fact performing actions on the hidden page. This way the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page.
A brute force attack is just a trial and error process, that runs repeatedly to obtain the correct username and password information. An automated software is being used in this process which does not decrypt the information but just continue trying with set of words and letters.. Millions of IP’s and huge number of computers are involved in this process to check different username and password combinations and avoid triggering multiple attempt limits.
The Paharma Hack (or Blackhat SEO Spam Hack) is a very elaborated hack wich is often unobserved for the regular visitors - and website owners - because does an ingenious trick: present a different version of your site for the searchengine bots. The site, for a long period of time looks and behaves normally for the regular visitors. This attack is very interesting because it is not visible to the normal user and the spam (generally about Viagra, Nexium, Cialis, etc) only shows up if the user agent is from Google’s crawler (googlebot). Also, the infection is a bit tricky to remove and if not done properly will keep reappearing. It's one of nastiest hacks you might have. We recommend hiring a specialist to remove it, because generally the infection reappears in no time after the site is "cleaned".
SEO is good. SEO is great. Making search-engine spiders visiting your site is even better! Or not??? Recently one of my client has complained, that he was almost banned from one host, because the search-engine bots where "hammering" - read overloading - the server. Ouch...
The term botnet refers to a group of computers (sometimes called zombies) that have been infected with malware to perform tasks for whomever distributed said threat. This individual, or organization, controls the botnet by sending instructions to the zombies from one or more Command & Control (C&C) servers. This is one of most used techniques to carry out brute force attacks against servers - or group of servers.
Did you already seen that since the advent of Joomla 1.6 the blog view has been changed? Let me refresh your memory! In Joomla 1.0 and 1.5 the Leading Articles - the articles on the top of Blog view - where shown on full by default, and for the rest of articles only the Article Intro part was shown. With Joomla 1.6 this has been changed, for all articles in a Blog view is shown only the introtext. You didn't even noticed that, right? Me either, until one of my clients has specifically requested the feature.
SoBi Pro is great... but misses some basic features, as adding a prefix to a field (might be as simple as willing to add the "dollar" signe as prefix, and not as suffix), and the templating is powerful - but criptyc even for an average Joomla developer. Recently I had to build a site wich had a special need - to display the last 4 digits of a person's Social Security Number, in the format ***-***-1234.
Recently I had to build a kind of people directory (ouch, this was too "politically correct" - in fact a backlist of bad customers for a group of antrepreneurs) and the obvious choice was using of SoBi Pro. But the project has couple of special challenges, and I needed to develop couple of tricks to match my client's needs.
After struggling for years to set up menu items shown only for guest visitors in various Joomla/Mambo versions prior Joomla 1.7, was a real relief to have an easy and foolproof way to do it. No hacks needed, no scripts to add, no configuration trickery... you simply selected from the Access Level dialog the Guest access group for anything qualifying for this settings (modules for example, but not only..) and you where set! And if you upgraded your site from Joomla 1.7 to Joomla 2.5 the feature where still there. Recently I had a big surprise, I needed the feature in a brand new Joomla 2.5 site... and don't found it!!
When a registered user adds a new entry in your SobiPro powered business directory in your Joomla site you might want to add a link pointing back to his Community Builder profile. Sounds simple... but the powerful templating system of SobiPro might be cryptic even for advanced users. And you might not have a membership in SobiPro club - BTW, worth every penny!
Here is one way you can do this!
Choose your extensions wisely - one basic rule when you develop a Joomla site. And same applies to you, weekend webmasters! Your site is a sitting duck, waiting for hackers (especially script kiddies. Well, easy to say it, but what can be seen as "wise" choice here?
What? Is not that simple as place a <href="index.php">Home</a> and you're done?
Yes and no... The Joomla routing engine is smart enough, to redirect all such above links to the default menu item in most cases. But using the core multi-language engine in Joomla 1.7+ has created a little-bit different situation. Let me explain!
Have you been driven crazy by the junk code added to your articles when you, your mate, or your clients are added page content to a Joomla site by copy&pasting from Word? I'm sure the answer is YES. The huge amount of junk you can add this way to your page not only slows down considerably the site, but also can potentially destroy your design. Anyway, you can kiss goodbye the clean, uniform look you (may) wished for your page when started to build it.
In the race to the top of Search Engine result pages - ultimately higher SERP (Search Engine Ranking Points) the site speed is an important factor. There are lots of tricks to increase a Joomla site's speed, here is one wich does not need additional code to be installed and executed, but yet is powerful an let you fine-tune your site's performance.
Did you added something to a perfectly working Joomla site, and you suddenly have a blank age instead your site? Chances are that you hit the memory limit allowed to you on your server. Memory limits help to keep scripts from running out of control or using up all of your free memory. This value is generally carefully set by your host's SYSADMIN to let the hosted sites to run smoothly without bottlenecking each other by overusing this precious system resource.
If you think, that is enough to build a nice site with a great content to have lots of visitors flowing to your site you're wrong. There are millions of webmasters trying to do the same. And Google and other search engines simply can't find, index and sort all of these sites, and show them to your potential visitors. So you need to do a little more to help these search engines - and to help yourself!
Lately many of Joomla 1.5 site owners have been experiencing weird Java script errors when tried to use their site with FireFox browser. Receiving lots of request almost simultaneously the first reaction was that some software update caused the problem.
The sh404SEF component is a terrific tool for creating and maintaining SEF URL's for your Joomla site - and to make it more Google - and user - friendly, with one condition: to have a SEF plugin for your components already delivered to you with the sh404SEF or to find one ready-made on the web.
Luckily most of popular components are already covered by the component itself, or there are geeks on the net (like me) publishing the needed add-ons. One of notable exceptions is the popular form component, Chronoforms.
One of my clients, who have serious Joomla background complained recently, that on his brand new Joomla site when he clicked on one of menu items his browser raised the well known "Bad Certificate" error. The site obviously worked well, but for some reason the link to that inner page was created using the https:// prefix.
Obviously, he had no valid security certificate in place - as many sides does not have these days, but the menu entry being an inner, Joomla generated link he (and myself, for some... 5 minutes approx) was dazzled, what might happened?
The Page Class Suffix is a parameter in Joomla! content Menu Items. It is set in the Menu Item: [Edit] screen under the "Parameters (Advanced)" section. This will cause Joomla! to either add a new CSS class or modify the existing CSS class for elements in this specific Menu Item layout.
Now you have one more extra reason to use Google's very useful Webmaster Tools. Recently Google added to his arsenal of Joomla related enhancements a useful one: In the Google Webmaster Tools you will see a warning with useful details on what to do each time yor Joomla site gets outdated!
Joomla supports out of the box the UTF-8 character encoding, so someone building a multilingual website should not have any problems using UTF-8 character encoding in his site. Right?
Yes and no, the CORE Joomla is problem free as I write this, but some non-core add-ons, templates - and yes, your own, home-cooked code can produce garbled output. Let's see why, and how we can fix it!
Even if hosting Joomla on GoDaddy can be challenging, and anybody ever built a site on their servers will tell you to turn to some better Joomla host, many people still choose them because of the excellent price/offering ratio. Here are a few tips that will help you get Joomla running on GoDaddy with minimum fuss.
I was totally forgot about this problem - until this morning, when I found in my mailbox a request to save someone's old Joomla 1.0 based site from disaster. I was thinking, that until now all servers where upgraded to PHP 5.3 and all Joomla 1.0 sites upgraded - or at least patched to work with the new PHP.
In a previous article about useful PHP code snippets to conditionally add things to your template I allready listed couple of tricks, let's add a couple more to them!
Using Dublin Core Metadata for Search Engine Optimization is a practice often overlooked by Joomla (and non-Joomla) webmasters and self-proclaimed SEO gurus alike. Bad enough, because embedding Dublin Core metadata elements in your web pages provides a standards-based approach to search engine optimization that boosts your SEO score and complements your HTML meta-data.
Websites take maintenance, and making a habit of performing a little spring cleaning each year can keep a business website running smoothly. The tips below does not apply for Joomla sites alone, any site can benefit from most of these tricks and tips.
Over the years spent in web page building and maintaining (since 1995, when published my very first webpage on a self-hosted SCO Linux box) a lot of information has been collected, settled down and at the end the best and most important tricks helping to make a website became fast and stable in the same time where surfaced. Despite the fact, that I wrote about this subject several times, it's a subject wich never looses his actuality.
I'm a multilanguage guy, you might allready know that Living in a multilang environment, I use on daily basis at least 3 languages, and I have contributed to internationalization of many open source (and not only) software packages - so naturally I am in the multilanguage site development from the start.
YOnce the basic setup is done, yo need to tweak your Joomla installation to behave as you need. you will need individual configuration settings for your website elements (components, plugins, modules, content pages, templates): in the Joomla lingo we call them options. These options are applied to the whole website, for users, categories, modules, components. Since Joomla 1.6 this has became standard: you will always find an icon named Options in the backend pages, which are providing you the interface to set your preferences for the given component.
For example in the Joomla 1.6+ in the template manager you have in the Options a way to switch on or off the support for the well known trick to append "?tp=1", which reveals you the available module positions for your templates.
Now you can block attempts to visualize by others these module positions by visiting the address:
BTW: The "tp" stands for template position and the trick is one of core Joomla tricks.
To find your way around the website, you will need navigation with corresponding links. In Joomla! we call this a menu. You may create as many menus as desired and nest them into as many different ways as you wish. Each menu is a module which can be positioned on a provided area in the template.
Important note: Joomla! is a genuinely menu driven system, the most important behaviors: as what module when to be shown, what template to be used on a certain page, etc all can be controlled using by associating behaviors to menu items. So, plan carefully your menu - it is the core of your site's end user experience!
If files have been modified on your server, or files have been uploaded for instance, you can check the timestamps on those files to find out when the attacker was on your site. This is typical in the case of sites being defaced or malicious code being injected somewhere. Most of the time, the attacker will have gained access to your site shortly before modifying or uploading files to it.
A Cross Site Request Forgery (CSRF) attack relies on the trust a website has for a user to execute unauthorized requests and or transactions. For example, say a user is logged into their Joomla! websites' administrator interface in one tab and is browsing a compromised site in another tab.
Changing your database password is something you rarely need, but then you need it immediately, and with the lowest possible downtime. Why you should do that, in first time? Hm, there are many reasons/situations when you should consider changing your database access data ASAP:
- You just got hacked
- You have decided to end the business with your current developer, and you aren't sure that he's a trustable person
- You have a good habit of changing all your passwords regularly
There are endless possibilities to made tricks with your template using a little bit of PHP code. Let me show you another one!
It's a know fact between VirtueMart insiders, that you can use Joomla plugins in the product descriptions. For that you need to enable this by clicking a checkbox in VirtueMart's main configuration (VirtueMart Admin > Configuration > Global tab > Enable content mambots/plugins in descriptions? checkbox.)
But what if you want to use plugins elsewhere, in other spots of the VirtueMart pages? For example in some other spot of the product details page - let's say to insert an availability calendar module under the main product image?
Right, you can do it with a little code hack! Let's make our hands dirty with some PHP then!
Today one of my clients asked me to find out why he is running out of available disk space, despite the fact that has an average Joomla 1.5 site with nothing extraordinary installed, and a generous 2 Gigs server space. In couple of minutes I found the first clue, the /components/libraries/cmslib/cache/ directory has a whopping 700 Megs plus worth of content consisting by outdated cache files. From there finding the culprit was easy - it's the Jom Comment component which is filling up the server space with unneeded cache files. The fix was promised sometime back in 2009, but seemingly was never implemented - at least not in the Joomla 1.5 versions.
What you can do?
In another article I've praised the Smart Search core extension and recommended you to use it. But there is a problem with this extension - you need to re-index your site after you add new things manually to get the most out of it. Although the Smart Search index is automatically kept up-to-date whenever content items are amended, there are some circumstances where you need to re-run the indexer. You can do this manually using the Index toolbar button in the Manage Indexed Content screen. Or there is another way to do it?
Pissed off, eh? Me too! After you put together your site (small or big, hobbyist site or a large corporate one) and installed all the security gizmos available out there you began to receive all kind of alerts about hacking attempts. This is the good scenario - succesful hacking attempts usually aren't reported: you experience the sometimes devastating effects by visiting the site.
Anyway, you probably get frustrated over time, and you definitively will try to do something above just stopping these attacks.
One of the problems many users are facing when start they Joomla based site is, that the user information Joomla collects during registration is scarce - username and password often is not quite enough for their purposes. And the first reaction usually is to install a community solution, like Community Builder, JoomSocial or other, fancy user management tool - a sledgehammer to crack a nut.
In a previous tip I enumerated couple of methods on how you can make visible the template positions in Joomla 1.7+.
But there seems to be at least two different problems for some users.
Since the release of Joomla 2.5 there has been a particularly annoying “duplicate template” bug that becomes clearly evident when you install or update a template. This has caused a great deal of confusion and consternation among Joomla users, but nobody offered an easy to use fix until recently. As anyone else in this business I hit the wall with this bug, until I found a cure for it on RocketTheme's blog.
By default, in the VirtueMart 1.1.* Store Information settings you can add only one e-mail address in Contact Information box. All important mails - as new order notifications, for example, will be sent there. What if - for various reasons - you need to add more, than one e-mail address?
I am angry on Easter bunny. Really... He delivered to me a nasty surprise: lots of my customers complained during/after Easter weekend, that their shops, sometimes the Easter's week began to malfunction: the users using PayPal as payment gateway aren't charged correctly. After studying the problem, I found, that is happening on shops running versions of VirtueMart 1.1.3 to 1.1.9, charging shipping to customers and using the old PayPal API to communicate with the gateway. More precisely, the sipping net amount was not transferred, the shipping tax was sent correctly.
Then, by searching for "virtuemart shipping not transferred to paypal" I discovered, that I am not alone: there where some 54k+ search results returned!
If you use Joom!Fish to create a multi-language Joomla site and use sh404SEF to manage your SEF URL's you might have seen this problem:
When you are in one non-default language and click on the Home menu item (the default menu item, which should lead you to the default site page on that language) you are arriving on the default home page - in the default language, and not the default page in your active language!
In various blog posts, security bulletins, etc. you can read, that you need get rid of the default "admin" user with Super Administrator privileges (and with the default UserID of 62 or 42 - depending on Joomla version) to prebent hackers using the well known username and user ID to start dictionary attacks or carry out successful SQL injection attacks against your site, but how? If you go to Joomla user manager, and want to simply delete it, you can't. More, you can't even disable it! WTF...
Hey, it's not that complicated!
Let me show you how can you do it in a simple - and fool-proof way!
What? A shopping cart with users which can't actually shop?
Weird or not, that was a recent request from one of my customers. He wanted to have a quick way to prevent some of his users from putting products in cart, but leave all other site functionality intact.
By default Joomla 2.5 does not add the robots meta tag in the header and you have no handy tool by default to do it in one place, unless you don't use some add-on which let you do this easily.
But what if you prefer to do it yourself, bare-handed, without seeing even some code? You might be surprised, but in fact in Joomla 2.5 it's very easy to set up meta tag robots for your home page and content articles.
With recent upgrade of a great number of servers to PHP 5.3.8 may clients reported that their site began to show error messages like
Yup, this might be an interesting feature, but how easy or hard is to implement?
Changes to Google’s algorithm have the ability to make or break businesses. Google is sending out the signal that you should worry less about the current SEO trends, and more about producing great content, and that they’re “leveling the playing field” for sites that don’t pay as much attention to SEO. Obviously great content is a positive, but at the same time, Google is showing us each month all of the changes it is making, and all the while, providing tips about how to do certain SEO things better.
This warning message is produced by PHP if a program attempts to send an additional HTTP header after the separator (and hence all the headers) has already been sent. In the HTTP protocol a server response consists of a group of headers followed by a body, separated by a single blank line (i.e. a line containing only a carriage-return).
This attack consists of changing resource identifiers used by an application in order to perform a malicious task. When an application permits a user input to define a resource, like a file name or port number, this data can be manipulated to execute or access different resources.
Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection ) query to view the page source, require the attacker to have the full path to the file they wish to view. Then the attacker can use this info to perform other type of attacks based on the obtained information.
Generally, backup is something you need to breathe, not just use, if you are in this business. It's the number one security tool. Having a fresh and usable backup can be a life saver in a number of situations, not only when your site is hacked, but on a great number of other situation, beginning from human error (accidentally deleted key parts of site - or just forgot to pay your hosting bill) to situations out of your control, as a hardware/software failure. And is essential to have an easy to use tool to move your site around - from local development environment to live hosting, or from one server to another. Enter Akeeba Backup (former Joomla Pack), a must have tool for any Joomla webmaster.
File and folder permissions are a key part of your Joomla site's security. It's highly recommended that you have set them properly. They should never be 777, but ideal is 644 for files and 755 folders.
A while ago I wrote a tip about problems geting SEF URL's work on 1&1-s servers. Back then I didn't realized, that the problem is the same - or at least fairly similar - on GoDaddy's servers too. Not everywhere, I have a site running on GoDaddy with sh404SEF without any need of tweaking the .htaccess file, but recently I had issues with another site.
So, the trick above solves the problem, but what is the cause?
In several previous tips(like Turn caching on!, Caching reloaded, Give a boost to your Joomla site and couple of others) I urged you to turn caching on wherever is appropriate. Recently one of my readers had criticized me, because he tried to follow the tip, but on several modules he used simply he didn't found the option to turn cache on (or off) in module settings.
Indeed, this might be a problem, since some modules does not have this option! this little detail don't need to stop you to do so!
Websites can include a small image called a Favicon that appears in your web browser generally on the left of URL field and also in the bookmarks to help visually identify a site. Many are saying that is among the few real good things coming from Redmond, since the Favicon was introduced with IE3, and initially supported only by Microsoft's browsers. But now the support for Favicons became widespread and is one of differentiating factors of a website, essential part of the general look/corporate identity.
These days is not enough to test your brand new site on couple of screen resolution/operating system/browser combinations, you need to test your new sites on a large number of mobile devices, covering a wide variety of operating systems, screen sizes and resolutions, from the iPhone 320×480 to the Nook Color 600×1024. To make the matter worse, these devices can be held vertically or horizontally. What you can do?
The Apple iPad is the buzzword of the day, and probably will stay on the top of many people's wishlist on the top - or near to the top. The iPhone's big brother arrived in early 2010, and Apple has sold a huge number of devices already. The iPad is a success, and as a mobile device for consuming information it's really great.
So how does this relate to your reality as a Joomla developer? In short: You need to make sure that your Joomla website works on the iPad. And not just that it works. It should be a delight surfing your website on the iPad. On a previous tip I touched already the subject, here are more tips on how you can build an iPad-friendly Joomla site.
One of frustrating questions for novice Joomlers is the question: What is the difference between a Joomla Component, a Module and a Plugin? This issue can seem rather confusing, but it is really worth understanding this, because this is a key issue in understanding, how Joomla works, and each of them have their specific role and way to set up and operate.
VirtueMart is great when you want to set up a store which works with multiple currencies. You can set up your own prices for each currencies in your shop, or you can use one of available currency converters. The core functionality supports the use of European Central Bank's live currency rates, but there are plugins supporting other rates too.
But you can run into trouble where you'd expect to not have any surprises: on PayPal checkout page.
This seems to be an ever returning question in Joomla world, you might already read the first part of the sequel: How to reuse Joomla 1.0 templates?. So, let's go one step further, and let's see how we can easily reuse those nice Joomla 1.5 templates in the post-Joomla 1.7 world (more specifically under Joomla 2.5). Don't expect a fully covering guide on how to convert Joomla 1.5 template to Joomla 2.5 template, but instead a detailed description on what I usually do - less theory, more practical knowledge.
Why you should do that? Humm, there are arguments why yo should get rid off or keep it, but it's a matter of personal choice, mainly. The methods to removing the meta name generator tag for Joomla varies between versions. I discussed couple of ways to do it in an earlier tip. Here is a new one, working in Joomla 2.5!
Sometimes you are looking hard elsewhere to find an useful, much needed extensions, just to find out, that the tool is already in your toolbox. This is the case with the modal script shipped with Joomla, which is a great tool (even with the known limitations) to add a basic lightbox function to your site without needing anything else, but a few lines of code.
Here are few examples of what you can do with!
Vandals often use hacking techniques to deface a website or destroy data and files, but there are also those who just want to steal resources (make use of other peoples' servers without their knowledge or permission) or to cover their tracks by stealthily making use of hardware owned by legitimate businesses to carry out processing for illegal operations or to relay spam and viruses to others.
One popular and potentially devastating method of attack against Joomla powered sites is SQL injection. Any web application that makes use of a database usually communicates with the database for necessary functions using a special language known as 'Structured Query Language', or SQL. Joomla, by the way, uses an open source implementation of this language, MySQL.
Sometimes you need to block a certain IP address, a group of addresses or certain hosts from accessing your Joomla website. Reasons may include:
- It's a hacking attempt coming from that IP
- Someone is scraping content from your website
- A brute-force attack (in most cases a DoS - Denial of Service - attack is originated from that IP (there are too many requests coming from a particular IP
- Someone continuously spamming your website
- Some content from your site (images, media files) are hotlinked from your website.
The solution is simple, but is advised to apply first other tools to stop these bad guys - overuse of this tip can slow down your site considerably, use it ony if you don't have anything else - or you are in hurry to stop an ongoing attack.
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. His pair, Local File Inclusion or LFI is basically the same technique, used on sites which have been successfully penetrated, and the hacker "planted" his files already on the server.
A website is stored within a file system on a server. Some of the server's file system is therefore exposed to the outside world and can be accessed by an end-user's web browser. The part of the file system (or directory structure) that is visible to the outside world is limited to a specific root folder and its contents.
You knows the basics, right? Great content and a good number of incoming links are necessary for gaining the top SERP (Search Engine Ranking Points) for a particular keyword phrase. The good old way to reach this goal was to build an attractive landing page and add to it as many links as possible.
HTTP stands for 'HyperText Transfer Protocol', and it is the mechanism used to transfer data from one computer to another across the Internet. You can use HTTP to request information from a server, or to send information to a client by wrapping the request or data in a 'packet'.
There are numerous other tactics that can be used to break into a computer system, and these usually involve discovering weaknesses or loopholes in the server software's defenses. When a programmer writes software that runs on a web server, he tries to make sure that the software cannot be abused - but it can be very difficult to foresee every eventuality; vandals and hackers are always pushing software to the limit and trying out operations which the software was not designed to handle, in an attempt to discover a way in.
In an earlier tip (Help! My editor background is colored!) showed the most foolproof way to fix the common problem, when the template CSS settings are causing the WYSIWYG editors to have colored background, making edits hard to perform. Apparently there are couple of situations when the tip does not help - and there are many of you using still the default TinyMCE editor (and not switched already to the best Joomla content editor - JCE).
What you must be aware of, when designing a Joomla page that should work on iPad and iPhone too? It is enough to have a proper template and the proper tools to display the respective versions when your Joomla site is displayed on these devices?
There are lots of ways to make your page unique in Joomla, and there are interesting ideas on how to make your template even more powerful.
One of tricks not very often used and widespread is relying in one of the tricks I published regarding to available PHP tricks you can use to enhance your template.
The Joomla ItemID-related management of modules is a powerful tool, but sometimes you need to show/hide parts of your site on two special cases not covered by this tool: when you need to show/hide things regardless of the active ItemID - for example on all detail listings page of a given component, or when you need to deal with a component which have poor support of ItemIDs - as VirtueMart, which is notoriously misbehaving in this regard.
You might need to use a plugin's output in a component, or to insert a module in a page outputted by an arbitrary component. I mean ANY plugin which has it's own output in ANY Joomla component you like.
I know, there are couple of ready-made solutions, but all of these are specific to a given component(s) and some components have their own plugins to do that.
One of often overlooked security (and not only) resource for any Joomla site is under your fingertips! With each Joomla install (even from the old Mambo days) you have a file named htaccess.txt in your site's root directory. In most cases is never touched, and left as is - most weekend webmasters don't even know what is for. A few are using it to help Joomla or the specialized SEF URL builders to make those pretty SEF URL's for their site. And that's pretty easy - in most cases it's enough to rename it to .htaccess, and you are set. But there is much more power hidden there...
In another post about Function eregi() deprecated I provided some readily fixed Joomla 1.0 files to overcome issues related with upgrading to PHP 5.3 for Joomla 1.0 sites. But since a Joomla site is not built only from the core code, but there are other third party add-ons too, not only these older Joomla sites can be plagued by bad coding practices. The most problematic issues are related with templates. Most of the addons are fixed already, but you might have templates with unsupported functions. Here are couple of tricks wich might help you fix them!
Anyone who maintained/developed something with or for Joomla, or needed to troubleshoot something on a misbehaving Joomla site knows the feeling: something does not working, and the available error messages aren't showing enough information to help you track down the root of the issue.
Any extra bit of info can help, so here is a tip for Joomla 1.7 which might help you got that.
When I have seen first time this error on Joomla 1.6 while tried to save a new article in Article Manager I was lost:
Sometimes, if more people work on the site, you can get locked out of a certain module or article because the site thinks someone else is still editing that item. When opened, each Joomla item is checked out, this way Joomla protects each editable item from being edited by two separate users at the same itme, and this way avoiding potential confusion and other obvious problems.
The full error looks like this:
You might see this nagging error every once you install something to your Joomla site. Apparently everything working, but - as any errors you see - should alert you: something isn't right with your site, and even if apparently everything works, you might have unexpected problems later!
You may think that updating your Joomla site to the latest version is not something worth doing every time a new version is released. The site works just fine, and you are not interested in the eventual new additions. You're wrong! There's always a major reason for update to the latest version of Joomla: Security!
In a previous tip where I described how you can made a Joomla site more secure by relocating the admin login page I presumed that anyone reading it is a code guru. But what if not? More and more webmasters today are casual Joomla users - and they deserve attention too!
Most of attacks on the web - and Joomla sites aren't an exception - are made fully or in first phase at least by automated robots. These are using known entrance points as administrator logins to most used software solutions to try they chances to break in. So it's a wise move to change these well known locations. But wait! The need to upgrade compatibility may made this difficult, so, how we can do this without changing a line in Joomla code?
Every hacker in this world knows, that by default all Joomla database tables have the "jos_" prefix. Is that well known, than even automated defacing scripts are using this, and there are a lot of "tools" which are capable to automatically probing your site having this presumption built into them.
ACL stands for access control levels. It refers to who has permission to do what on the website, including read, create, edit, delete, or log in, among other permissions.
Many think of ACL as relating to the front end of a website only. For example, when I log into the website, what articles do I have available to me? And if someone else logs into the site, do they see the same articles, or do they see different ones?
Beginning with Joomla 1.6 it's possible to lock anyone out of the back end of the website — including Super Users with Admin permissions — by setting the Site Admin permission to Deny. And this is something you can do accidentally against yourself by playing with the permissions without knowing how exactly these settings are working. That can have unpleasant side effects especially at the Super User group or at the Manager or Administrator group level. If Manager or Administrator is set to Deny, the Super User would inherit Deny from these groups, even if the Super User group is set to Allow.
In the Joomla 1.5 world things where relatively simple: you just added "&tp=1" to the live site homepage's URL, and the available module positions where shown, with a red border and the module position's name in the top left - unless the template's author didn't applied some tricks from preventing you doing that. But what about Joomla 1.7? Anyone tried to do the trick even on a default install can see, that the trick apparently does not works here. Why?
Did you had this experience? Couple of days ago I just turned on SEF and the inner pages began to act weird - images disappeared, modules misbehaved, scripts weren't loaded...
My first reaction was that I have set something wrong... or the SEF component I used have a flaw. After few days of digging I found that the issue has a much simpler cause.
When one needs something, usually want it fast' and with large, complex Joomla sites that may be a problem. Sometimes the search takes... okay, not forever, but long enough to think about how you can give it some extra speed. Here are some tips and tricks to accelerate Joomla search speed:
Yes, things like media files - or your software. No, I don't sell software - I give it away for free, for example here. Bu I build sites with selling capabilities. My favorite solution for it is VirtueMart, THE shop to be used with Joomla.
Is powerful - but is not for beginners, you can easily lost here without proper guidance.
The Frontend is a collective term to name the areas of the website as visitors or registered users see it. A registered user normally works only in the frontend. It is like in a store, where the goods are displayed in shop windows and on shelves. Here you can have a look around.
So, in nutshell: it's everything an unregistered user (Guest) and all other registered users, withouth administrative user rights (the members of main Registered group and it's subgroups) can see.
Joomla has everything you may need. Right? If you take a look to the Joomla Extensions site, you may agree with this. But, as always, there may be cases, when the above statement is wrong. For specific need he simplest approach may be to use for specific purposes a standalone script. You can solve the problem - apparently - by using Joomla's wrapper feature, and use your scripts as they where part of your Joomla site. Almost perfect solution you may think... but your scripts are directly accessible by their physical URL, not only through the Joomla interface. What you can do about?
A lot. And surprisingly easily.
Everybody tells you to do this and do that for SEO, and SEO companies can be very aggressive on their offerings - and misleading on free advices... But nobody really telling you what you should avoid when you want to increase your site's chances to be rank high on major search engines. And more important, nobody is telling you, that search-engine robots are getting smarter with every new release, they are harder to be fooled, and better mimicking/anticipating the real Internet user's behaviors/preferences. Having these in mind, let's enumerate a few bad ideas, known traps weekend webmasters often falling into:
Do you have some old Joomla site (pre Joomla 1.5.6)? then is very likely you will got - or already have - a site running only halfway, full of errors saying
Yeah, you might allready guessed it, the PHP 4.* end of life-cycle is wreaking havoc in Joomla 1.0 sites and some early Joomla 1.5 implementations - or even newer sites, having badly coded third party extensions installed.
After I upgraded this site to Joomla 1.7 I wondering, how I can create a RSS feed with all entries to re-create the original functionality we had in the initial site. The problem is that Joomla 1.7 use for this purpose the "Syndication Feeds" module, which picks up the Featured Articles menu item (if any) to create a RSS feed from the currently displayed page.... This works fine - relatively - if you use the default Joomla setup, the Featured Articles menu item being your default homepage. But this isn't my case - and this isn't anymore the case of most of the sites... so I needed to find out something else.
The most likely complaint you can get after launching a Joomla site is, that the owner calls you or mails you, saying, that the page is looking weird after he added his first content item. Blindly you can bet, that he (sometimes despite your warnings) just copy/pasted that content from a Word document, another web-page or some other word processor. The order above isn't an arbitrary one, BTW! What you can do? Humm, you can clean his content item, but you must make them understand, why isn't a good idea to do this, and you must provide them with an alternative: an easy way to paste from Word without damaging (badly) the site.
A seemingly simple question caused serious headaches in past weeks. One of my clients who has an already seriously cross-hacked VirtueMart shop (SkinRich) asked me to make it possible, that a specific shopper group she had, the Distributors, namely, to be able to order products only in six-packs, making warehouse people's life much easier, and costs lower. The other users should have the default quantity options.
After thinking a lot about how to solve the problem, I came out with a 4 line simple hack, which works perfectly for me.
Did you ever needed to show a content of a PDF file in your Joomla page? No, I don't mean link it to be downloadable, but actually show it!
Until recently the only way to do it was DocMan, with a specialized plugin capable to show preview of the PDF files available for download. Was a solution... but to show one or two files was an overkill. Recently I had this problem again, and invested a serious amount of time to find this marvel:
When doing Search Engine Optimization tests you discover that your web pages are duplicated in the Google index. One record is correct and the other includes '?tmpl=component&type=raw' in the url. Usually panik strikes instantly... since the hype about Google's "duplicated content penalty" is still high, giving more, than 1,2 million hits, despite the fact that Google officially denied the existence of a dumb penalty for such a "duplicates", claiming that they are penalizing only copycat pages. so, it's mainly a false alarm... but since all SEO workers are living (and dying) form the confidence - or lack of confidence - of their clients, it's a problem, wich should be solved.
But let's see first, where these links are coming from, then we will find an easy cure for the problem itself.
The VirtueMart forums are full of complaints like:
So, here's the much awaited fix!
Yep, that's something you can experience with any of your new templates, especially the ones with colored/dark background. Why this happening? And more important, how you can fix it?
The answer to the first question is simple: the 'WYSIWYG' editors used in Joomla are just doing what the name implies: are taking the template's CSS file and rendering the newly entered content to be as close to what will be shown on the site as possible. And if your template's background is colored or an image file is used to fill your background, then that will be used there too. The fix is relatively easy in the case of most current editors. Almost all of them have the possibility to use a special CSS file in the editing pages. Here we will show you the recipe that works for the family of editors based on TinyMCE editor, delivered by default with Joomla (as JCE), but the solution is similar or can be easily adapted for all such advanced editors.
One of most annoying limitation SEO wise in the Joomla versions prior to Joomla 1.6 was the inability to set directly (without use of some SEO component or a core hack) meta data information for categories. This was important especially on category blog or category list type of pages, where you have left without proper way to control the meta data added to these pages.
A tooltips is a piece of text that pops up when you hover the mouse over a region on a website. If you use the Joomla! back end, for example, tooltips are used to help explain the action of different parameters. The tooltips can add functionality and fun to your site, but just inserting them without styling them accordingly can have an unusable or "just" boring result. And you want to avoid both, I guess...
Recently one of my clients - who are still believing in "Page Rank Sculpting" whatever this may mean - asked me to stop Google from indexing some of links Joomla generates. Most of them are easy to "patch", using various tools (sh404SEF, Marco's nofollow plugin), the most problematic one (for me, of course) was the E-mail this button on the top of the article.
One of the problems any webmaster is facing that the site may be not fast enough to meet his expectations. How you can squeeze up that last drop of extra speed from your site? We published lots of tips on this theme, but let's reorganize and update them with possibilities of the latest Joomla implementation (1.5.10 as the original article was written, 1.7.3 on last update I wrote this). I try to present them in decreasing order of importance/effectiveness, but the actual order reflects mostly my personal experience - which may be different from yours - and not some rigorously measured facts. But, believe me, I have a good nose for this. Some of the tips are easy to implement - and some may need advanced knowledge. But I mixed them up there to let you know what you may need to check - or what you may need ask from your programmer/web developer.
More and more users are switching to Google Mail, Hotmail and other free mail services these days. It's a great move... unless you have VirtueMart and your Joomla is set to send your mails through SMTP. You may easily end seeing something like:
The mails from other Joomla apps are sent, just the VirtueMart is behaving badly. Weird thing is, that you can see in the main Joomla config the mailer set up properly, and the port to be used is 465, as required for Google Mail, but as you can see the error message indicates that VirtueMart tries to use port 25! The problem is that VirtueMart has a code flaw, when sending mails through SMTP the port 25 is hardcoded, and isn't inherited from main Joomla configuration file.
The fix is relatively easy, but you must get your hands dirty with some PHP code.
This is a two step process, and here I'm assuming that you are clever enough and you are hosting with a company that offers cPanel . On other hosting environments the process might be slightly different, but the basics are the same.
It's always a wise move to move your sensitive files outside of the so called WEBROOT, the directory which is used by Apache to show your website. This way you can be sure, that nobody else, but your Joomla core code can use these files.
Joomla is a truly international application and supports the translation of all strings contained within it. Templates are no exception on this. They are a bit neglected, but a little extra time spent here will ensure that the strings used in your templates are translatable will pay back - and will give you an edge over your competitors.
There may be occasions where you would like to change the way a Joomla! Extension (such as a Component or Module, whether from the Joomla! core or produced by a third party) is displayed on your site. Of course, you could recode the Extension from scratch, but that may be a bit ambitious for you! Thankfully, there is another way.
By default, across all Joomla versions from Joomla 1.0, through Joomla 1.5, Joomla 1.6 to the Joomla 1.7 the basic structure of default user groups is unchanged. The users are generally sorted in 3 main categories, the unregistered/not logged in users, the registered users with frontend only access and the backend users. The exact naming of these main groups are varying across the different Joomla versions, but the default end level groups are the same. The groups and their core permissions are as follows:
The Joomla has a nifty, often used feature, along other information can show the content item's/articles author name just below the title. It's useful especially when the site is maintained by a number of editors and/or contributors. But sometimes - especially when the site is just launched - all authors are the same.