Archive / Blog

RSS feed for this section

Ready for the Enterprise?

A quick look at 10 Open Source Content Management Systems which are beginning to find their way inside Enterprise IT Departments.

1. Alfresco

Alfresco is the new kid on the block. (The first public release just hit the streets in October ’05.) The system positions itself as an open source alternative to Windows SharePoint Portal Server. It features a number of desirable document management features including workflow management and audit capabilities. The system is OS independent and can operate on a variety of databases, including MySQL, PostgreSQL, Oracle and SQL Server. Underneath it all lies a heart of Java.

Alfresco offers a dual licensing model, with a free Open Source version of the system and several commercial versions. The Open Source version has more limited user management, but is otherwise largely comparable with the commercial versions of the program.

License: Mozilla Public License (MPL)
Websitewww.alfresco.org

2. Bricolage

Bricolage is an interesting system and atypical in a number of ways. The system uses one of the more unusual configurations in this list, employing Perl as the primary scripting language and running off the PostgreSQL RDBMS. It is powerful and highly configurable, but some users may find it to be less friendly to administer than other systems on this list. It’s powerful, but the power comes at the cost of some usability. The newest version (1.9.1) addresses one of the important shortcomings (the ability to edit an entire story in one textbox), but basic users will not doubt find the administration interface a bit daunting.

Bricolage allows for configurable workflow, complex user hierarchies, multiple output channels, and even supports rollback – a rare feature in Open Source systems. The multi-site management features are particularly impressive. On the downside, Bricolage is relatively boutique and does not have a wide variety of third party created extensions available. Limited commercial support is available.

License: BSD
Websitewww.bricolage.cc

3. DotNetNuke

DotNetNuke is a bit of an anomaly: an Open Source CMS built on Microsoft’s .NET platform (it employs ASP.NET and VB.NET). The system is supported by a significant community and as a result has available a number of modules which can extend the functionality of the core. DotNetNuke’s strengths lie in the power of the system and the ability to create good looking websites with flexible templating. The downsides most commonly cited are the necessity possessing the .NET skillset (to modify the system) and the existence of only a few third party firms offering professional support.

Despite the name, DotNetNuke is not part of the phpNuke, PostNuke family. The system actually began as a free demo application released by Microsoft as part of their efforts to promote the .NET platform.

License: BSD variant
Websitewww.dotnetnuke.com

4. Drupal

The Drupal system has quickly won a devoted following. The popularity stems from a variety of factors: the easy to use and widely available LAMP platform, the PHP-based code, the ability to run either MySQL or PostgreSQL, and the easy to use admin system. The community surrounding the Drupal project is large and has developed a wide assortment of modules for the platform. This system has been translated into a number of languages. Templating with the system is not necessarily the easiest, but should present no problems to anyone with PHP skills.

Drupal’s forte is community-oriented content and the site works very well at that level. The system has been the target of some criticism relating to security, but the vulnerabilities are frankly no worse than anyone else’s. Only limited commercial support is available through third parties.

License: GPL
Websitedrupal.org

5. EzPublish

Though not as widely known as some of the other systems on this list, ezPublish enjoys a good reputation and claims to have more than 1,000,000 downloads to date. The system is backed by a corporate partner, ezSystems, who bases their business model on a dual licensing scheme that allows them to sell a professional version of the product, along with add-ons and support. Without a large developer community to support it, eZPublish lacks the wide choices of add-ons you find with some of the other systems on this list, but you can find the most common items, including a large number of translations and solid commerce options.

While it is powerful, the system does receive some criticism for being less than user-friendly and a bit bulky. Still, that said, if you are looking for a hardy application with commercial support and backing, it is definitely worth looking at.

License: multiple licenses
Websiteez.no

6. Magnolia

Magnolia was launched just over 2 years ago and in that time has gone through some serious improvement and evolved into a powerful system. More framework than CMS, the current version is based on the Java Content Repository Standard JSR-170. The Magnolia Server (or Framework) includes options for content management, document management, and business process navigation (BPN). Backed by the firm obinary, Magnolia presents a rather complicated dual licensing model. The CMS component and Magnolia Server can be used free of charge, but document management and the BPN module are fee-based.

Magnolia is built around J2EE and while it can be run on all common operating systems, the JDK requirement will be a show stopper for some. As the system lacks a large developer community, extension modules are few and far between. Professional support, however, is available from obinary.

License: dual licenses
Websitewww.magnolia.info

7. Mambo

Mambo is built on the LAMP platform and employs PHP as the scripting language. It is one of the most popular Open Source CMSes, largely due to the ease of installation, the ease of use, and the wealth of options for extending the core. The downsides from an enterprise perspective, however, are significant, as Mambo lacks the ability to handle complex workflow, highly granular user management, rollback or multiple site administration.

The system makes up for many of the drawbacks with its flexibility and the ease with which the code can be modified to suit the users’ needs. Mambo is highly configurable and the PHP code base is very tolerant of modification. The templating is simple and effective, allowing for extensive control of a site’s look and feel. The system is backed by a nonprofit Foundation and commercial support is available from third party vendors.

License: GPL
Websitesource.mambo-foundation.org

8. Midgard

Midgard provides a CMS framework which runs atop the LAMP stack, utilizing PHP as the scripting language. The system also provides integration interfaces with Java and C, giving it more flexibility than many of the systems on this list. That said, it is the sort of system programmers will love, but users may find less enticing – even installation can be a bit of challenge for basic users. There is a limited number of extensions available for this system.

Midgard is an ad hoc community-driven project. Some commercial support is available through third party vendors.

License: GPL
Websitewww.midgard-project.org

9. OpenCMS

OpenCMS is based on Java and XML and has the flexibility to run on just about any platform. The system includes good user management, the ability to run multiple sites from one installation, and support for multiple languages. Commercial support is available from the parent company, Alkacon, and a number of other vendors.

On the downside, OpenCMS lacks a certain amount of flexibility. Templating and modifying the codeset can be a bit of a challenge given the site’s use of JSP. Moreover, the admin system, while relatively easy to use, lacks some of the advanced features available in other systems on this list. As a result of these limitations, OpenCMS sites often struggle to achieve a distinctive look and feel, tending rather toward a more uniform “portal” look.

License: LGPL
Websitewww.opencms.org

10. Plone

The Plone system has built a diehard cadre of devotees. The system is the most “exotic” on this list, being built primarily in Python and running off the Zope framework. If you’ve the stomach for Python and Zope, you should look at Plone. It is powerful, flexible and loaded with potential. The developer community which has quickly grown around this program is dedicated, verging on fanatical. They have created a number of innovative and desirable extensions for the Plone core (largely courtesy of the power of Zope). The admin interface is friendly and easy to use. Plone’s client list is quite impressive, including eBay, Lufthansa, NASA/JPL, and a number of other firms who clearly have some serious technology credentials.

If Plone can be said to be lacking in any particular area, it is in the document management feature set, which is likely to be disappointing to the enterprise webmaster.

License: GPL
Websiteplone.org

Measuring Site Performance (Part 3)

Popularity metrics are a set of yardsticks by which you can judge the relative popularity of your site over time. The primary metrics are:

  • Unique Visitors
  • Visits
  • Page Views (Impressions)
  • Average Visit Length

Your web server archives the information needed to generate these numbers and many others. The raw data is stored on the server in what is known as a log file. The statistics referenced above are best accumulated through the use of a log analysis program to convert your hard-to-read server log files into an understandable format. The most popular of these programs is WebTrends (www.webtrends.com).

Let’s take a quick look at each of these popularity metrics. The number of Unique Visitors is perhaps the most vital statistic as it counts the visitors to your site and then factors out double counting. (Note that this statistic is far more meaningful to you than the oft-referred to Hits statistic.  Hits simply tells you the number of files transferred from the server to the visitors’ computers. While this initially sounds good, it falls apart when you learn that a single web page can contain a large number of individual files, each of which is counted and contributes to the total Hits count. Hence the Hits number can be easily manipulated by site owners by varying the number of individual files on any page.)

Be aware that there are limiting factors in the counting. The primary impact comes from what are known as Masked IP Addresses, that is, networks that automatically give all their users the same IP Address.

An IP Address is an identifying number given to each computer connecting over the Internet. Servers use IP addresses as a convenient way to track visitors. This brings us to an important point: Unique Visitors does not count people, it counts computers, and that is the root of the problem.

The biggest Masked IP Address villain is AOL. All AOL users share the same IP address,  so when 35 people from AOL visit your site in a week, your number of Unique Visitors stat will count only 1 visitor.

Another limiting factor is multiple users on one computer. If all four members of my family visit your site one week, you only see one visitor in the number of Unique Visitors stat.

The Visits statistics gives the total number of visits to your website during the reporting period. It is a useful metric when used to temper the Unique Visitors stat for purposes of arriving at an accurate picture of the trend of activity on your site. Remember of course to factor out double counting as one person visiting the site 25 times in a week will show 25 visits. In other words, remember this is Total Visits, not Total Visitors.

Page Views (also called “Impressions”) tells you the total number of pages viewed by site visitors during the reporting period. So, if Visitor A looks at just the Home Page, but Visitor B explores the site, visiting 9 pages before leaving, Visitors A & B would be collectively responsible for 10 Page Views (1 + 9).

The Page Views number is also susceptible to a degree of miscounting, as cache files cause undercounting and search engine robots can cause over counting.  The cache files problem is very hard to detect and according to some sources causes up to 30% undercounting. The severity of the problem depends largely on both the way your site is built and how your server is configured. This is a complex problem to solve and if it is key to your efforts it should be discussed with your IT team or vendor prior to construction of the site.

Search engine robots (or “spiders”) can be easily factored out if you use a program such as WebTrends. WebTrends maintains a separate count of visits by robots, allowing you to adjust for them with an acceptable degree of accuracy.

The final primary popularity metric is Average Visit Length. Ever wondered if your site is sticky? This is the key indicator. This should be tracked across time for a trend. Content-heavy sites, subscription sites and sites relying on ad revenues obsess on this number as it indicates pretty clearly the success of their efforts to draw and hold an audience to their site.

The numbers above are primary metrics — key indicators. You can easily go beyond these numbers for more information, but the numbers above should the first stop for inquiries relating to how the traffic on your site is moving across time. Next column, we’ll look at a variety of eBusiness metrics.

Measuring Site Performance (Part 2)

In this column we will continue with our examination of website metrics. Last column introduced the idea of performance metrics and the basics of what to measure. In this column I would like to go a little further into discussing the implications of those metrics.

From a business perspective, performance metrics are not an exercise in technical esoterics, but rather an attempt to gauge your site’s performance as it affects users of your website. For some firms, performance is mission critical. If, for example, your site includes ecommerce functionality, it is necessary to maintain an always up, always accessible website. A slow site or downtime translates into lost sales. Similarly, though of perhaps a less critical nature, if your site offers online customer service the performance of those customer facing systems is critical to maintaining customer satisfaction. But the list of those affected by poor site performance doesn’t stop there; poor performance will have a negative effect on any website. Web users tend to be impatient, and as the cliché goes, your competition is only a click away.

I am sometimes amazed by companies who tolerate under-performing web properties. Would you mail to your customers a brochure that they cannot read? Would you air a television commercial that contains only half a picture and garbled sound? Obviously not, but companies still produce similarly flawed websites — and then discuss cynically how the Web doesn’t deliver on its promises.

The web is not the problem, the sites are. While we here in Thailand must suffer on in a bandwidth desert, it doesn’t mean that Internet connections as a whole are problematic. Moreover, while we cannot do anything about our bandwidth situation, we can make sure that the sites we produce perform well, regardless of the users’ environmental constraints. We must strive for world class standards and to the extent possible offset the peculiarities of the local market with smart design.

Last week we talked about key indicators that would allow you to assess your site’s performance. I mentioned:

* system uptime
* server response times
* page download speeds
* server errors
* failed hits
* form failures
* effective bandwidth per user

What do those numbers tell you?

System Uptime tells you the percentage of time the server was available and delivering web pages to site visitors.  Down time is what we want to avoid.  Down time is an inescapable reality as servers require re-starts and re-boots due to a variety of factors, including perfectly normal operations like software upgrades. What we need to avoid is excessive frequency and long duration of any one event. This data is generally supplied to you as part of your hosting support package. To improve service in this area, look for a web host partner who gives you an uptime guarantee.  If this is mission critical to your firm, build redundancy in drives (e.g., RAID 5), in processors (multi-processor machines), and in machines (clustering).

Server Response Times tell you how quickly the server responded to a request from a site visitor. Every time a site visitor clicks on a link a request is made to the server. We want the server to respond quickly, regardless of load.  This statistic is commonly mined from stress tests in order to determine how response time varies under load. To improve this metric you must look a variety of items, including whether your code set is optimized to deliver the fewest requests possible and to retrieve the data quickly (the latter is often a database optimization issue). Another key factor is the hardware itself — is it up to the job?

Page Download Speeds will tell you, on average, how long it takes for a page to load completely. This is a metric you can benchmark yourself (click and count!) but remember that your analysis will be skewed by your local Internet connection and the browser you use. To get accurate metrics, sample from a variety of locations. The key factors here are the size of the page and the performance of dynamic content (database-driven content) on the page, if any.

Server Errors, Failed Hits and Form Errors are your key error indicators. This data can be found in your log files (or your WebTrends report, as discussed previously). Note that all errors are not created equal and that means you need to look at more than a raw count; you need also to look at the type of error generated. The type of error will help you identify server performance problems.

Form Errors data is critical as this indicates how the forms on your site are performing.  A form that fails a disproportionate percentage of the time can indicate problems with either your code on the form or with some problem in your system architecture.

The last factor mentioned, Effective Bandwidth Per User, tells you how much bandwidth is available to each site visitor and is a good indicator of whether your current hosting set up provides adequate bandwidth to support the site’s traffic. This data can be found by running a server stress test. If you find your bandwidth plateaus at unacceptably low levels, you should be looking at a bandwidth package that gives you guarantees of peak usage availability (bandwidth on demand).

That’s it for this week. Next article we move on to Popularity Metrics.

  • view Part 1 of this Artilce
  • view Part 3 of this Article

Measuring Site Performance (Part 1)

Establishing a set of reliable metrics for measuring the performance of your web site in the real world is a key success factor. In the next few articles, we will explore what can be measured, how to do it, and how to turn that data into some useful intelligence for your business.

Web site metrics can be roughly classed into three categories: performance measures, popularity measures and e-business measures. Today we will examine the first category _ performance measures.

Performance measurement is all about how well your code and hosting setup perform in actual use. Responsiveness and reliability are your goals and achieving those goals will require management of three key variables: the code set, the hardware, and the bandwidth.

In order to assess whether you’ve put together the optimal combination of the three factors, you will need benchmarks and objective indicators of the sites performance. Key indicators include:

  • system uptime
  • server response times
  • page download speeds
  • server errors
  • failed hits
  • form failures
  • effective bandwidth per user

The technophiles will wax rhapsodical about terms like throughput and latency, and certainly they are key technical indicators, but from a management perspective, the metrics are more understandable when expressed in the terms given above. That is, when expressed in terms that relate to the actual end-user experience.

Important sources of data include your Web Trends reports (or other log files), Web Check, server stress tests, and third-party services like Keynote. Server log files give you insight into server errors, form performance and the like, but will tell you nothing about download speeds, uptime, or effective bandwidth.

The industry standard for log file analysis is Web Trends (www.netiq.com/webtrends/). The Web Trends products take your log file data, organise it into useful categories, and display it in graphical formats that can be interpreted by laypeople. To get Web Trends, contact your web host, as they likely offer the service for a monthly fee. It is very affordable _ I have seen it offered for as little as US$2 per month.

Alternatively, if you own your own server, you will need to purchase a license or subscribe to Web Trends’ web-based service.

For more technical statistics, you will have to seek out the assistance of someone with the IT skills to run the tests and interpret the results. The WebCheck system is offered by CompuWare (www.compuware.com) and is a good benchmarking tool for checking a variety of data relating to the integrity of your site. It will help identify slow pages and errors in your link structures. The reports also give basic recommendations for handling problems.

CompuWare licenses aren’t cheap and as a result few firms outside of the IT arena maintain them. Try contacting your IT vendor about WebCheck, as they are likely have a licence for testing purposes.

Web server stress testing tools are another invaluable aid to measuring your performance. A server stress test will simulate loads on your server and provide analysis of effective response times, errors, and bandwidth per user. These tools tend to be quite technical but are excellent for assessing the robustness and scalability of your site. If you are planning a promotional campaign or a web-based event, a server stress tool allows you to simulate in advance load scenarios in order that you may determine whether your site is up to the job.

This year’s Superbowl provided a great lesson on the necessity of projecting loads and testing server capacity in advance of major events. Cadillac, Philip Morris and Universal Pictures were among the 17 advertisers who premiered new ads during the SuperBowl. Unfortunately for the companies, their commercials were too successful _ traffic to their web sites jumped dramatically after the commercials aired and their sites slowed to a crawl, becoming basically unavailable for the duration of the game.

In contrast, Sony, McDonalds and Levi Strauss all anticipated the load spikes and their sites remained accessible throughout the game. No executive ever wants to hear the phrase “your site’s down again,” so test it before the game!

A number of firms specialise in providing independent testing results for sites. Perhaps the best known is Keynote. The company has a large network of testing facilities globally and as a result they are able to produce snapshots of site performance and send you alerts when performance levels fall below a certain point. For a quick look at the metrics, try this link to Keynote indices:www.keynote.com/solutions/solutionspmperformanceindicestpl.html.

In the next Article I will expand on this topic as we delve further into measuring success online.

50 Top Joomla! Extensions

With more than 4,000 Extensions in the Joomla! Extensions Directory, one of the most daunting aspects of selecting a Joomla! Extension is finding the right tool for the job. With thousands of Extensions to choose from, you are sometimes faced with multiple options that appear to achieve your goals. While there really is no subsitute for downloading things and trying them out yourself, in this article I provide a list of fifty Joomla! Extensions as a starting point for addressing common needs.

This article is excerpted from Ric Shreves’ upcoming title, the Joomla! Bible, from Wiley & Sons. That book is due for publication in early November and can be pre-ordered directly from the publisher at www.wiley.com. Watch this site across the coming months as we preview more from this new title. This article orignally appeared on the author’s site,RicShreves.net.

Note that this is not an endorsement of one particular Extension over another, but rather simply a list of resources to help you get started. The list includes both commercial and non-commercial Extensions. The Extensions are numbered for convenience only — not as an indicator or preference or popularity.

The Extensions have been grouped as follows:

 

:: A Word of Caution ::
The rate of change in the open source world can be daunting. Developers change, projects fork, some projects get abandoned. While this list may hae been accurate when compiled, it’s impossible to say which projects will remain vital in six months’ time. The list of extensions I provide will no doubt change over time. You should always keep this in mind when you are selecting extensions, and if business risk is an issue for you, then you need to do your own research and consider carefully which extensions you adopt.

ECOMMERCE AND CATALOG MANAGEMENT

If you want to sell online or add a product catalog to your site, you should probably consider installing a dedicated Extension to expand on the core system’s functionality.

[01] VirtueMart

I list only one Extension in this category as VirtueMart is far and away the leader. Not only does VirtueMart provide flexible ecommerce options, it also provides usable catalog managament, so whether you want to sell online or just showcase products, this one Extension can do it all.
http://virtuemart.com/

IMPROVING CONTENT MANAGEMENT

The Extensions listed in this section all expand upon the systems default content management functionality. The list includes both Extensions to enhance existing Articles as well as several powerful tools for changing the nature of the Articles and the Article editing functionality.

[02] AllVideos Reloaded

This Component enables the embedding and display of videos on your website. The Component comes in multiple parts: a content plugin, an editor plugin, a system plugin and a module. Once installed you can display video files either inside of Articles or inside Module positions, or as a pop-up inside a light box. The most recent version also includes a utility to convert various video formats in .flv (flash video) files. This is a non-commercial extension.
http://joomlacode.org/gf/project/allvideos15/

[03] Attachments For Content Articles

This extension makes it easy to add attachments to your Articles. The attachments can be viewed or downloaded by your site visitors. The extension combines a Component for uploading and managing attachments and a Plugin for adding attachments to the site Articles. This is a non-commercial extension.
http://joomlacode.org/gf/project/attachments/

[04] Content Templater

Content Templater is a powerful extension that enables the creation of pre-defined, reusable templates for your Articles. If your site has multiple administrators, the use of content templates is one of the best ways to maintain a consistent appearance throughout the site. The extension allows you to create multiple templates which then appear inside the editor where they can be selected by the editor. The templates extend beyond content layout to include the other common attributes, including the title, alias, publishing settings, etc. This is a non-commercial extension.
http://www.nonumber.nl/contentTemplater

[05] Custom Properties

The Custom Properties extension provides a way to attach tags to your Articles. The tags can then be used as aids to organization and navigation. Custom Properties opens up the Joomla! content hierarchy as the Extension makes it possible to associate multiple tags with a single Article and to search and view the Article by each of those tags. Elements included in the Extension give you the option to provide a dedicated search by tag and an option to generate a tag cloud. This is a non-commercial Extension.
http://www.solidsystem.it/index.php/english/Custom-Properties/

[06] JCE

JCE is a WYSIWYG editor for your Joomla site. If you are looking for an alternative to the default editor, JCE is one option. The editor is extendable, allowing you to add in a file manager, a media manager and an image manager. This is a non-commercial Extension, however, some of the Extensions incur a fee.
http://www.joomlacontenteditor.net

[07] JomComment

JomComment enables user comments for your Articles. The system is Ajax-based, thereby avoiding page reloads, and supports templates and SPAM prevention. You can also configure the system to require that comments be moderated and approved prior to appearing on your site. There is an additional module available that allows you to display the most recent comments on the site in a module position. This is a commercial component.
http://azrul.com/products/jom-comment.html

[08] JoomlaFCK Editor

JoomlaFCK Editor is a port of the popular FCK Editor package. FCK is a powerful and easy to use WYSIWYG editor that gives you a strong alternative to Joomla’s default editor. The editor includes image uploading and management functions and a wide array of formatting tools and options. This is a non-commercial Extension.
http://www.joomlafckeditor.com

[09] K2

K2 bills itself as the ultimate content construction kit for Joomla. It presents a major change in the way content items are handled in your Joomla! site. Using this Extension, you can create custom content types with custom fields. This makes it possible for you to break out of the restrictions of the default Joomla! three-tier content hierarchy and the limited content type. The Extension supports tagging as well as the inclusion of a variety of media formats. This is a non-commercial Extension.
http://k2.joomlaworks.gr

[10] Labels

Labels provide a way to tag your Joomla! Articles and Contacts. The Labels can be used to impose organization on your site and to enhance user navigation. Using Labels, you can assign one Article to multiple classifications. The Labels can then be used as the basis for lists of Articles or they can be displayed independently as a Tag Cloud. This is a commercial Extension.
http://jxtended.com/products/labels.html

[11] MetaMod

The MetaMod Extension enhancing Module management. It allows you to add additional rules and logic for displaying Modules on your pages. You can set start and end date for Module publication and can trigger module display according to the appearance of text or metadata in an item. The newest version include geo-location filtering, making it possible to show visitors different content, based upon their IP address. One of the more useful features is the ability to hide modules once a user has logged in. This is a non-commercial Extension.
http://www.brandonitconsulting.co.uk/mod_metamod/

[12] News Show

News Show Pro is a content display Extension that allows you to display Articles in a wide variety of formats using a combination of Modules. The Extensions makes it easy to display multiple items on one page in a variety of formats and greatly eases the burden of managing them. Configuration options allow you to display Articles vertically or horizontally and to sort them and control their appearance by a variety of criteria. This is a non-commercial Extension.
http://tools.gavick.com

IMPROVING ADMINISTRATION

The Extensions listed in this section are all intended to make managing th administration of your Joomla! site easier. They provide functionality you may well get already from other tools, but with these Extensions you are able to do the job directly from within the Joomla! admin system, thereby savings yourself time and effort.

[13] EXtplorer

eXtplorer is a file and FTP management component. It allows you to browse and manage files from within your Joomla! admin interface without the necessity of using an external FTP or file management client. You can search, browse, upload and download files on your server and you can create and extract archives and manage file permissions. This is a non-commercial Extension.
http://joomlacode.org/gf/project/joomlaxplorer/

[14] Joomla! Tools Suite

The Joomla! Tools Suite Extension is intended to be installed independently of Joomla! in order to provide you with a fall back in the case of problems with the site and to allow you to assess and monitor the site’s health. Features include post installation health checks, installation assessment, security auditing, core-file modification auditing, file-system auditing, Extension reporting and database auditing facilities. This is a non-commercial Extension.
http://joomlacode.org/gf/project/jts/

[15] JoomlaPack

JoomlaPack is a back-up component for Joomla!. It creates a full backup of a site in a single archive and can be restored by any Joomla! capable server, thereby providing not only basic back-up facility, but also an aid for site migration. It is flexible and customizable. This is a non-commercial Extension.
http://www.joomlapack.net

ENHANCING SEARCH

Joomla! search sometimes needs a little help. Here are two Extensions that enhance the site search experience.

[16] JXtended Finder

Finder is an advanced search engine for Joomla!, giving you a more powerful alternative to the default search functionality. In addition to full text search, the Extension also enables a variety of filters, including custom-defined filters. This is a commercial Extension.
http://jxtended.com

[17] PixSearch

The PixSearch Module creates an Ajax-based search box that searches as you type and displays results immediately in a pop-up box. The search is similar to that seen on a number of sites and in the Mac OSX Spotlight search feature. This is a non-commercial Extension but it does require registration.
http://labs.pixpro.net

ENHANCING MENUS AND NAVIGATION

While the most recent version of Joomla! provides more flexibility in the Menu layouts, these two extensions make it easy to create great looking Menus in a variety of formats and styles.

[18] Extended Menu

Extended Menu extends the functionality of Joomla’s MainMenu Module. You will still have to use CSS to achieve the styling, but the configuration options make it very easy to change the menu orientation and to split and re-order the Menu. The Extension also enhances the ability to work with parent-child menu item relationships. This is a non-commercial Extension.
http://de.siteof.de/extended-menu.html

[19] SwMenu

swMenu is a set of Menu creation and management Extensions. You can create and integrate unlimited Menu Modules and achieve a wide variety of styling. There are commercial and non-commercial versions available on the developer’s site.
http://www.swmenupro.com/

BUILDING COMPLEX FORMS

The default Joomla! system offers extremely limited options for form creation. The Extensions listed below address this issue by providing the ability to create complex forms on your Joomla! site.

[20] BfForms

An AJAX admin interface makes it easy to create complex forms. The Extension supports unlimited forms and fields and is Smarty Templates enabled. Forms created with this Extension support the Akismet and Mollom anti-SPAM systems, as well as IP banning and blacklists. Submit buttons and validation are also configurable. This is a commercial Extension.
http://www.forms-for-joomla.com

[21] ChronoForms

ChronoForms is a great choice for those with HTML skills who want more control over their forms. With this Extension, you can create the form in your favorite HTML editor, then copy and paste it into the ChronoForms Component. There is also a drag and drop form creation interface for those who don’t want to do the work in HTML. The Extension also gives you to ability to create database tables and connect those to forms, thereby allowing you to capture form data in the DB. This is a non-commercial component, but does include a back link to the developer’s site. You can remove the back link for a fee.
http://www.chronoengine.com

[22] RSform!Pro

RSForm! Pro is an AJAX-enabled form builder. The Extension supports a wide variety of fields and input types and allows you to create forms without any HTML knowledge. Data gathered with the forms can be exported to CSV format. This is a commercial Extension.
http://www.rsjoomla.com/joomla-components/joomla-form.html

ADDING GALLERY FUNCTIONALITY

Galleries are one of the most commonly-requested Extensions to Joomla! Perhaps then it is not surprising that there are a large number of options in this area. The list below includes both full-featured galleries and simple slideshow components.

[23] Expose

Expose creates Flash-based slideshows. The size is adjustable and the resulting slideshow is search engine friendly. The Component includes album management and various configuration options that allow you to create attractive slideshows. This is a non-commercial Extension.
http://www.gotgtek.net/15/

[24] Frontpage Slideshow

Frontpage Slideshow creates JavaScript and CSS-based slideshows. One of the most powerful features of this Extension is the ability to integrate text with images to create PowerPoint-type slides. Configuration options give you a great deal of control over the timing, display triggers and transitions. This is a commercial Extension.
http://www.joomlaworks.gr/content/view/24/28/

[25] Phoca Photo Gallery

The Phoca Component provides an image gallery that also includes slideshow functionality. The Extension provides a large number of options for controlling the catalog categories and the images they contain. Images can be displayed using a variety of techniques, including light boxes, slideshows or standard page views. The gallery supports images and videos and is search engine friendly. There are a number of Modules and themes available to extend the functionality of this Component. This is a non-commercial Extension.
http://www.phoca.cz/phocagallery/

[26] RokSlideshow

RokSlideshow is a JavaScript-powered slideshow Module. The Extension provides a choice of six customizable transition types and thirty wipe and push transitions. You can add titles, captions and control font size and colors. This is a non-commercial Extension.
http://www.rocketwerx.com/products/rokslideshow/overview

[27] RSGallery2

RSGallery provides an easy to customize gallery component. The Extension’s use of a separate Template system means you can modify the presentation significantly without hacking the core files. The Extension includes not only image and category management but also a slideshow functionality. RSGallery supports image download and integrates well with Community Builder. This is a non-commercial Extension.
http://joomlacode.org/gf/project/rsgallery2/

ADDING A DIRECTORY

If you want to create a categorized listing of companies, products or other items or services, then these directory Extensions will help you create a professional and functional site.

[28] Mosets Tree

The Mosets Tree Extension enables the creation of a Yahoo! style directory on your site. The system provides all the features you normally associate with online directories including unlimited categories and sub-categories, the ability to browse the listings and the ability to search for listings. Listing fields are customizable and the Extension supports the creation of custom fields. This Extension is used to power the official Joomla! Extensions Directory. This is a commercial Extension.
http://www.mosets.com/tree/

[29] SOBI2

The SigSiu Online Business Index Extension allows you to create complex directories. The directory listings can be maintained by either the site administrator or by the registered users. The system offers a number of fields for listings and it is possible to create custom fields. The core Extension is non-commercial but many of the additional modules you will want — like search — are commercial.
http://www.sigsiu.net/

ADDING A FORUM

Threaded discussion forms have moved way past the old BBD format. Joomla! has several excellent forum Extensions. Here are two of the best.

[30] CcBoard

The ccBoard forum provides complete forum functionality with a wide variety of options. You can create moderated or unmoderated forums, and allow guest postings or force user registration. The Extension also supports user karma, bad word filtering, SPAM filters, and more. This is a non-commercial Extension.
http://codeclassic.org

[31] Kunena

The Kunena Extension is a fork of the popular Fireboard Forum Component. This is a full-featured forum supporting all common features, including threaded discussions, multiple categories, user management, moderation, avatars and much more. This is a non-commercial Extension.
http://www.kunena.com

ADDING A FILE EXCHANGE

File Exchanges provide a way for you to exchange documents or other files with your site visitors.

[32] DocMan

DocMan is a document management and file exchange Extension. You can manage documents and files in multiple categories and subcategories and give users permission to upload, download or edit documents. The system supports multiple group permissions that allow you to show specific files to only specific groups. A search system is integrated. This is a non-commercial Extension.
http://www.joomlatools.eu

MANAGING MULTI-LINGUAL CONTENT

While the Lnaguage Packs in Joomla! enable the system messages in multiple languages, they do nothing about the Articles and other content. If you want to display a fully multi-lingual site you will need to install a multi-lingual content extensions to help you manage the translations. The dominant Extension is Joom!Fish.

[33] Joom!Fish

The Joom!Fish Extension enables multi-lingual content management on your Joomla! site. With this Extension you can run your front-end content in multiple languages and allow users to switch easily between languages. The newest version supports routing to assist with your search marketing efforts and to build consistency into the URL structures. The core Extension is free of charge but some enhancements are now commercial.
http://www.joomfish.net

ENHANCING SEO

Joomla! provides SEF URLs as part of the Global Configuration options, but for those of you who want to do more, you should consider these Extensions.

[34] Artio JoomSEF

This SEF Extension re-writes your Joomla! URLs to be search engine friendly. The Extension handles multi-lingual sites and works with both the Apache web server and the IIS web server. The system allows you to customize the URL strings and supports multiple URL formats. JoomSEF goes beyond just SEF URLs, adding in support for expanded metatags and customizable error pages. This is a non-commercial Extension but does include a back link to the developer’s site. The back link can be removed for a fee.
http://www.artio.net/en/joomla-Extensions/joomla-seo-sef-component-artio-joomsef

[35] JooMap

Joomap is a sitemap component that generates both front-end site maps for your site visitors and XML sitemaps for the search engines. Note also the Xmap Extension, discussed below. This is a non-commercial Extension.
http://koder.de/projekte/joomap/

[36] Sh404SEF

This Extension generates search engine friendly URLs and also provides management for titles and meta tags. There are additional plugins available for this Extension to provide support for many other common Extensions, like VirtueMart, Fireboard and Community Builder. This is a non-commercial Extension.
http://extensions.siliana.com

[37] Xmap

Xmap is based on Joomap, discussed above. The two Extensions are very similar and both produce front-end user site maps and XML site maps. You should review both to determine your preference. This is anon-commercial Extension.
http://joomla.vargas.co.cr

EXTENDING USER MANAGEMENT

If you want to breakout of the limited Joomla! user manager and group access privileges, you will need to look at installing a third party Extension. Similarly, if you are integrating other software systems that require login access, you should consider a third party Extension to provide single log in for your users.

[38] JACLPlus

JACLPlus enables you to break out of the default Joomla! Access Control Rules and create custom groups and permissions. This system also included the ability to assign users to multiple groups. Note that this Extension requires that your server use the Zend Optimizer. This is a commercial Extension.
http://www.byostech.com

[39] Jfusion

If your site integrates additional systems that require login, Jfusion allows your users to log in only one time to access all systems. Systems supported include phpBB, Vbulletin, Magento, SimpleMachines Forum and Moodle. This is a non-commercial Extension.
http://jfusion.org

[40] JUGA

JUGA provides enhanced access control to Joomla! Articles and Components. Also enables you to create unlimited numbers of user groups and control user assignment within groups. One of the key features allows you to hide Menu Items and Modules based on a user’s group membership. The Extension has a dual licensing scheme with the basic version non-commercial. Basic version, however, lacks many of the key features. A complete version is available for a fee.
http://www.dioscouri.com

ADDING WEB 2.0 FUNCTIONALITY

Web 2.0 functionality is widely in demand. In this section are listed several Extensions that help build community and stimulate user interaction.

[41] AddThis Social Bookmarking

Integrates the AddThis social bookmarking button to your site. This is a non-commercial Extension.
http://www.informationmadness.com/cms/index.php?option=com_content&task=view&id=600&Itemid=1

[42] Community Builder

Community Builder is an entire suite of Components and Modules that enable you to turn Joomla! into a community website with user pages and a high degree of user interactivity. There are a large number of Modules and Plugins available for Community Builder and integration of the Extension is widely supported by other common Extensions. This is a non-commercial Extension, but it does require registration to download.
http://www.joomlapolis.com/

[43] JomSocial

The JomSocial Extension enables you to turn your Joomla! installation into a full blown social networking engine. The Extension is still relatively young, but the current release is feature rich and shows a great deal of promise. It is certainly your easiest, fastest route to a social networking website.
http://www.jomsocial.com/

[44] JReviews

 

JReviews is a powerful Extension that lets you create a reviews and ratings website with Joomla! The system is customizable and can even be used as an alternative method for handling your Joomla! content items, with custom structure and fields. This is a commercial Extension.
http://www.reviewsforjoomla.com/

[45] MyBlog

MyBlog provides greatly enhanced blogging functionality for Joomla! The default Joomla! system allows you to create blog-type layouts, buy MyBlog gives you true blogging functionality with a wide range of common features. Includes RSS feeds, Technorati pings, Trackbacks and support for multiple bloggers. Integrates with both Community Builder and JomSocial. This is a commercial Extension.
http://www.azrul.com

[46] Plugin Googlemaps

plugin Googlemaps is a Joomla! Plugin that integrates Google Map functionality. Not only does it allow users to view Google Maps, but also includes support for MKL files and marker placement. Directions are integrated and can appear in popup or lightbox. This is a non-commercial Extension.
http://joomlacode.org/gf/project/mambot_google1/

[47] Tweetme

Tweetme is a simple Extension that adds a Tweet This button to your Articles and items. This is a non-commercial Extension.
http://www.herdboy.com/support/viewtopic.php?f=4&t=14

IMPROVING AD MANAGEMENT

If you want to run ads on your site at anything more than a basic level, you will need to look to an Extension to provide you with greater functionality than Joomla’s basic Banner Manager.

[48] AdSense Module

The AdSense Module allows you to place single or multiple Google AdSense units on the pages of your Joomla! site. The Extension supports the various Google options as well as the ability to randomize ad colors and to block ads from being displayed to certain IP addresses. This is a non-commercial Extension.
http://www.joomlaspan.com/Free-Extensions/Google-AdSense-Related-Modules/index.php

[49] Easy AdSense For Joomla

Allows you to run one or more Google AdSense units on your pages. This simple Extension provides control over all key variables plus the ability to block an unlimited number of IPs and to use alternative messages when ads are not displayed. This is a non-commercial Extension.
http://www.wzcreativetechnology.com

[50] IJoomla Ad Agency

iJoomla Ad Agency is a full-featured banner and ad management system for Joomla! You can run single ads, campaigns or packages. The system also supports breaking pages into zones for the purpose of managing ads and rates. Supports a wide range of ad formats and sizes. This is a commercial Extension.
http://www.ijoomla.com/ijoomla-ad-agency/ijoomla-ad-agency/index

Tools for Tracking Buzz on Twitter

Twitter is one of the most popular expressions of the social media boom. Though a very limited “micro-blogging” format — where speakers are limited to messages that are no more than 140 characters in length — it has become extremely popular, particularly with early adopters and people who spend a great deal of time online. As someone interested in marketing, I find Twitter to be a way to tap into the buzz from social-minded, technologically-friendly Internet users. Gauging that buzz can be a challenge.

In the course of preparing this year’s Open Source CMS Market Share Report, I’ve spent a fair amount of time researching Twitter as a means of judging buzz and popularity. As a result of that I have bookmarked quite a few tools that I found useful. In this post I share what I’ve found — perhaps it will save you some time.

There are 23 tools here, organized topically as follows:

 

PRIMARY SOURCES

The message data contained at Twitter.com can be analyzed directly through either search of the Tweets or by looking at the use of hashtags, that is, tags users have associated with particular Tweets.

Twitter Search

search.twitter.com

You should be aware of the default Twitter search functionality, as it does show basic trending information, but more importantly, you can tailor your searches to extract trend data by using either the advanced search interface or the Twitter Search Operators in your queries. While this may not produce the prettiest charts and graphs, the tools allows you to search by date, user, location, sentiment and other variables, thereby giving you the best control over the raw data set — direct from the source, as it were. The results display allows you to filter by language. Use the RSS feed to save your query and keep up with the Tweets as they occur. One disappointing aspect of this tool: it lacks result counts, export, and charting of the result set.

#Hashtags

hashtags.org

This site accumulates a directory of hashtags and lets you search for particular tags and track their activity for the previous 30 days. The default homepage allows you to view the most popular hashtags for the past day, week or month. One handy option allows you to get an RSS feed for a hashtag.

GEO-TRACKING

Want to find out what’s buzzing in a particular place? Geo-tracking of Twitter users is one way to do it.

Nearby Tweets

nearbytweets.com

Geo-location filtering for Tweets. Want to find out every Tweet coming from within 100 miles of New York City or Paris or Hong Kong? You can do it here.

Twittervision

beta.twittervision.com

This application is more distraction than serious research but it is most certainly good fun. It takes Tweets and maps them on the world map as they happen.

REAL TIME MONITORING

When you have to know what’s happening across the Twitter-verse as it happens.

Monitter

monitter.com

Monitor up to three terms or hashtags in real time. Great for tracking breaking stories and top Twitter trends

Twendz

twendz.waggeneredstrom.com

A real time Twitter monitoring tool. Twendz shows you the most recent Tweets on a topic, along with the most popular subtopics. It does very little, but the ability to isolate the incoming Tweets by sentiment is somewhat useful (thought not terribly accurate!)

RETWEETING ACTIVITY

When one user retweets a message from another user, the message is assumed to have some special value — at least to the user that retweeted it. When a message is retweeted many times by many users, you have a trend worthy of further examination.

Retweetist

www.retweetist.com

Find out who and/or what is being re-tweeted now.

Retweet Radar

www.retweetradar.com

This is a limited tool that shows you a tag cloud related to the most popular topics on Twitter, judged by what is being retweeted. An archive lets you view the most recent days’ activity.

TRENDING TOPICS & URLS

There is a wide selection of tools for tracking what’s hot — both in terms of topics and URLs.

Backtweets

backtweets.com

A tool for tracking backlinks — in this case, links posted on Twitter. The system is able to identify both raw and compressed URLs. An advanced search option lets you filter by user and date. Useful options allow you to receive the information remotely, either by setting up e-mail alerts or by dragging the search bookmarklet to your browser toolbar. Perfect for tracking reputation or getting clues to the reach of the URLs you have tweeted. For a variation on this service, see this group’s other website service: backtype.)

Breaking Tweets

www.breakingtweets.com

This site aggregates news, photos and other current events type data from Tweets. Stories are categorized by region and topic. It is searchable and you can extract the data into an RSS feed.

Tweetbeep

tweetbeep.com

Set up email alerts for Tweets – sort of a Google Alerts-type service for Twitter. The free version sends either daily or hourly updates for up to 10 alert topics; the premium version costs $20 a month, gives you up to 200 alert topics and a 15 minute alert window. The tool includes a useful set of filters, allowing you to narrow searches by place, attitude, or speaker. Limited Boolean searches are also supported. Alerts can also be retrieved via RSS. (Note: At the time this was written the system was suffering from failures.)

TweetingTrends

twitter.com/tweetingtrends

A finger on the pulse of the Twitter masses. TweetingTrends tracks top Twitter trends and then uses Twitter to deliver the results. Follow their Twitter account to receive notifications via Twitter each time a new topic trending on Twitter enters the top 10.

Tweetmeme

tweetmeme.com

Tracks the top URLs being discussed on Twitter. This is perhaps the most complete of the various URL tracking services. It goes so far as to organize popular topics into channels and presents the information in a variety of ways — including for those who want to grab a hold of the information firehose — a live Tweet stream. The system supports searching as well. Tweetmeme maintains a large number of different Twitter accounts, enabling you to follow particular channels for the most popular stories.

Tweetreach

tweetreach.com

This cool one page website enables you to type in a word, phrase, URL or hashtag and get a snapshot of the reach of that term or phrase. It does this by finding all mentions, then reporting back to you the sources and the reach achieved by that user when they post a message. The system calculates total viewers and views. The tool is useful and interesting, but to get the most from it you will need to use the Twitter Search Operators in your query. Unfortunately there are significant limitations to the tool. The free version is limited to only 50 tweets. You can, for a fee of US$ 20, order a more complete report listing up to 1500 tweets across the last 7 days.

Twist

twist.flaptor.com

Twist lets you track trends in Twitter mentions on a daily, weekly or monthly basis. Output is provided in graphical form, as shown below, along with a list of the most recent items. Charts can be embedded in your local website.

twist

> above: Twist stats showing activity for search terms\ across 30 days.

Twitscoop

www.twitscoop.com

This site requires you to log in with your Twitter I.D. Once you have logged in you can monitor trends by tag cloud, or by searching for trends. The options allow you to graph activity on one or more topics by last 6 hours, 1 day or 3 day increments, as shown below.

twistscoop

> above: Part of the Twitscoop display.

Twitter Power Search

twitterpowersearch.com

This basic tool displays the Top Twitter Trends by day, week, or in near real time. You also have the option to enter the term of your choice to see Tweets in real time.

Twitturls

twitturls.com

Another URL popularity tool, this time showing the most popular URLs of the moment. What distinguishes this tool is that it also displays thumbnails of the most popular pictures and videos.

Twitt(Url)Y

twitturly.com

Tracks most popular URLs on Twitter. Shows by default a list of the top URLs, but you can also search for the terms or URLs you wish to track. They maintain a Twitter site that automatically displays the current top 3 most popular URLs.

USER INFLUENCE

Several tools allow you to assess the reach and influence of particular users. You can also gain insight into their interests and various activity levels.

TweetStats

tweetstats.com

A great way to run numbers of Twitter user influence. Use the tool to graph Twitter activity by user name. Enter the Twitter username and the system will graph a wide variety about the user’s Twitter posting activity. Stats include, frequency, time, retweets, tool used, and aggregate daily and weekly totals. Graph output quality, as seen below, is also a step above many of the other tools on this list. Note if the user has protected their updates, the tool will not work — the user’s Tweets must be publicly accessible.

tweetstats

> above: Some of the many graphs produced by TweetStats.

Twithority

twithority.com

By default this search tool shows you what’s hot right now, but the best feature here is the ability to run a search and get results displayed both by the authority of the poster and by most recent. Great way to find out who is talking about a topic. They also maintain a Twitter account that automatically Tweets the most popular trends.

Twitter Analyzer

www.twitteranalyzer.com

Twitter Analyzer claims to be “the most advanced Twitter analytic system in the world.” While it is certainly powerful and slick (see below), it is focused purely on users, rather than on topics, trends, etc. Great if you are looking to assess a user’s influence, or want to find out more about a particular user’s Twitter usage patterns.

Twitter Analyzer

> above: Part of the Twitter Analyzer’s user profile dashboard.

Xefer

xefer.com/twitter

Xefer is a Twitter activity monitor. Enter a user’s Twitter ID and the system produces a nice little heat map (see below, of the user’s historical activity. The output will also list the user’s replies, with a list of to whom they were directed and the frequency. Note if the user has protected their updates, the tool will not work — the user’s Tweets must be publicly accessible.

xefer

> above: xefer profile of a Twitter user.

This article originally appeared on RicShreves.net. Used by permission.

Smaller Budgets, Not Smaller Deployments

My fave tech industry insider, The Reg, today reports on an IDC study that indicates the recession is speeding adoption of Linux. The conclusion mirrors what we’ve been seeing at water&stone as well, that is, while the downturn has lead to a few people deferring projects, many have not, choosing instead to consider lower cost alternatives.

As the study put it: “IDC has found that economic downturns lead to a reduction in spending, but not necessarily an equal-sized reduction in deployments. In fact, past recessions have helped to accelerate platform shifts that were in progress.”

Note, this isn’t a fluffy little single digit shift in trends — a full 72% of the firms evaluated indicated that they “are either actively evaluating or have already decided to increase their adoption of Linux on the server in 2009.” Perhaps more surprising: 68% made the same claim for the desktop!

:: UPDATED 28 March ::

RedHat is reporting a 25% jump in their annual revenues, noting “Our value proposition is even more compelling in a challenging economic environment, and we believe that’s a key driver to our solid financial results and market share gains.” At least, that’s according to a story at ArsTechnica.

:: UPDATED 27 March ::

North Bridge Venture Partners have released their 2009 Future of Open Source survey results. Not only is it consistent with the conclusions in this posting, but it also indicates the web content management is one of the top areas set for disruption by this trend. The presentation can be viewed at SlideShare.

Securing the Joomla! Core

Security is not one single thing; it is a process, a set of steps that need to be taken in order to achieve a result. The process begins with your server settings and the Joomla! core files. If you fail to make this base level of the system secure, than additional steps are at the very least of limited effectiveness, at the very worst — they are pointless. Note as well, the first step towards assuring your site’s integrity is also one of the easiest: Only install the most recent version of the Joomla! core file packages found at the official download site, JoomlaCode.org. Do not download and install core file archives from other sites, as you cannot be certain of their origins, completeness, or integrity.

 

This article is excerpted from Ric Shreves’ upcoming title, the Joomla! Bible, from Wiley & Sons. That book is due for publication in early November and can be pre-ordered directly from the publisher at www.wiley.com. Watch this site across the coming months as we preview more from this new title. This article originally appeared on the author’s site,RicShreves.net.

 

PROTECT DIRECTORIES AND FILES

There are several steps you can take to enhance the security of the directories and files on your server. The first step is adjusting the permissions to be as strict as possible without impairing use of the site. Write-protect your critical directories. As a general rule, set the directory permissions to 755 and the file permissions to 644 using either FTP or the options in the Global Configuration Manager. Note that this is best done after you have fully completed your installation of the core and all Extensions. It is possible that you may have to make these setting more permissive if you need to install Extensions in the future.

There’s a good discussion of how to set file permissions and what they all mean on the Joomla! docs site — visit the resource to learn more.

There are a number of other steps you may want to consider taking, however you should note that each of these has a trade-off, either in terms of increased admin overhead or other limitations:

  • Move the configuration.php file outside of the public HTML directory on your server and rename it. Place a new configuration.php file in the public HTML directory pointing to the new file. Make sure your new file is not writable in order to avoid it being overwritten by the Global Configuration Manager. Note that making this change will force you to modify the new configuration file manually, rather than by using the Global Configuration Manager. For more information on how to set this up, see,http://docs.joomla.org/Security_and_Performance_FAQs
  • Use .htaccess to block direct access to critical files. Note this is only applicable to servers using the Apache web server and webhosts that allow you to modify .htaccess. Make sure you backup your old .htaccess file before you try this in case you experience problems and need to restore the old file.
  • Change the default log path. Hackers sometimes look to the log files as a way to identify what Extensions you have installed, in hopes of finding an Extension that has a known vulnerability they can exploit. To help deter this bit of information fishing, alter the log path settings in the Global Configuration Manager.
  • Change the default temp directory. The contents of the temp directory can also provide information you may not wish to disclose about your site. You can alter the temp directory settings in the Global Configuration Manager.

PROTECT ACCESS DETAILS

Humans are your most common point of security policy failure. Admin passwords should be changed often. The default user name that is produced for the administrator during the installation process should also be changed immediately after the system is set up. Leaving the default user name as “admin” gives a hacker one half of the answer to the puzzle they need to solve to gain access to your site. (Note that some commentators go further and recommend that you create a new superadministrator account and delete the one that was auto-created by the Joomla! installer.) Hopefully it goes without say, but passwords should also be as secure as practicable.

In addition to controlling the access to your admin system, you need to be sensitive to the access issues that relate to your database. If you have control over the access privileges to the user accounts on your MySQL database, make sure that all accounts are set with limited access.

REMOVE UNNECESSARY FILES & FEATURES

If you don’t need it now and you don’t intend to use it, get rid of it. Logical targets for deletion include: unused Templates and Extensions you have installed then decided not to use. Go further and disable unused core components as well. Not only does this make the site more secure (by removing one more potential access point) but it also removes unnecessary clutter from the admin interface.

If you have copied archive files to your server during the course of installation, make sure you get rid of those. Don’t forget the installation directory — don’t simply re-name the installation directory, delete it! Another candidate for deletion is the system’s XML-RPC server. If you are not using this functionality, delete it. It is located in the Joomla! root in the directory named xmlrpc/

MAINTAIN A SENSIBLE SERVER SETUP

In an ideal world, we would all have our own dedicated servers where we could control every aspect of the system. In the real world, shared hosting is the reality for many users. Shared hosting, though certainly more cost effective than a dedicated host, involves trade offs in terms of security and access privileges. Your goal should be to make the host set up as secure as possible, regardless of whether it is dedicated or shared. Exactly what you are able to do with your server varies, but you should consider the following:

  • Use Secure FTP, if available. This helps avoid the possibility that someone can determine your username and password while you are in the process of a file transfer.
  • If possible, use PHP 5. While both PHP4 and 5 are supported by Joomla!, PHP 5 is the superior solution and PHP 4 is being phased out.
  • Make sure your server does not have Register Globals enabled. Joomla! does not need it and it is a security risk.
  • If the mod_security module is installed on your Apache web server, use it. It acts as an embedded web application firewall and provides significant protection against many common attacks. Learn more about how to use it.
  • Turn safe mode off. Safe mode is not necessary for Joomla! and may cause problems with some Extensions.
  • Set Magic Quotes GPC to On.
  • Don’t use PHP allow_url_fopen. Set this option to Off.
  • Use PHP open_basedir. Set this option to On.

OFFICIAL JOOMLA! SECURITY RESOURCES

The Joomla! Team and Community have created and maintain a number of useful security resources.

Name of resource URL
Security Checklist: Getting Started http://docs.joomla.org/Security_Checklist_1_-_Getting_Started
Security Checklist: Hosting and Server Setup http://docs.joomla.org/Security_Checklist_2_-_Hosting_and_Server_Setup
Security Checklist: Testing and Development http://docs.joomla.org/Security_Checklist_3_-_Testing_and_Development
Security Checklist: Joomla Setup http://docs.joomla.org/Security_Checklist_4_-_Joomla_Setup
Security Checklist: Site Administration http://docs.joomla.org/Security_Checklist_5_-_Site_Administration
Security Checklist: Site Recovery http://docs.joomla.org/Security_Checklist_6_-_Site_Recovery
Joomla Security Strike Team Contact Form http://developer.joomla.org/security/contact-the-team.html
Security and Performance FAQs http://docs.joomla.org/Security_and_Performance_FAQs
Automatic Email Notification System http://feedburner.google.com/fb/a/mailverify?uri=JoomlaSecurityNews
Security RSS Feed http://feeds.joomla.org/JoomlaSecurityNews
Joomla! 1.5 Security Forum http://forum.joomla.org/viewforum.php?f=432
Vulnerable Extensions List http://docs.joomla.org/Vulnerable_Extensions_List
Security Announcements for Joomla! Developers http://developer.joomla.org/security/news.html
Joomla! Developers Security Articles and Tutorials http://developer.joomla.org/security/articles-tutorials.html

Open Source CMS Social Resources

We received a request the other day from someone interested in finding social networking-type resources focused on open source content management systems. We did a bit of looking around at the larger social networks and found a number of different groups and resources focused on the open source CMS.

Large networks, like Facebook, actually host a fairly large number of special interest groups. Some are broadly concerned with software or web design, but there are also quite a few that are focused on specific CMS platforms. While the majority of the groups are concerned with major systems like Joomla! or Drupal, you can also find a surprising number of other systems represented. Channels like Twitter, offer even more variety.

We’ve put together a list of what we found — at least for the larger networks and the larger groups. This list is not intended to be comprehensive, but you should give you a good idea of what it out there and how to contact them.

FACEBOOK GROUPS

Perhaps not surprisingly, (given the wide range of interests on the site) Facebook includes quite a few groups concerned with Open Source CMS-related topics. There are quite a few fan sites for popular systems like Joomla!, Drupal and WordPress, but only a couple of groups that cut across lines and cover the category as a whole. Here’s a short list of the biggest and most active groups.

General Interest Groups
Groups Focused on Specific Systems

LINKEDIN

I was surprised at the strength and variety of Groups in action over at LinkedIn. A number of systems are the focus of various groups, with Magento showing a large following.

General Interest Groups
Groups Focused on Specific Systems

MYSPACE GROUPS

Despite the size and vitality of MySpace, there is very little group activity focused on the Open Source CMS space. I guess they just can’t be bothered…

General Interest Groups
Groups Focused on Specific Systems

ORKUT

Orkut has a very active user base with a large number of relevant groups. While the vast majority of the groups are focused on specific systems, there are a couple of nascent general interest groups.

General Interest Groups
Groups Focused on Specific Systems

SCRIBD GROUPS

Scribd provides a social document sharing site. People upload documents, white papers, sample book chapters, etc. Here I list both the size of the group membership as well as the number of documents in the group.

General Interest Groups
Groups Focused on Specific Systems
  • Joomla (members = 104; documents = 34)
  • WordPress (member = 12; documents = 82)

TWITTER

Several of the open source CMS projects have their own Twitter accounts, here’s a quick list of the most active ones:

note: This article was updated on 18 March 2009.

New FTC Guidelines Affecting Social Media Marketing

U.S. federal guidelines concerning the disclosure of endorsements or incentives will set a new standard for online advertisers. The revised guidelines are intended to address hidden endorsements and incentives in a variety of new media, including blogs and word of mouth media. The rules are broad enough to affect activity on forums, Twitter and social networks.

(The various statements of fact made in this article concerning the guidelines come from the text of the FTC Guidelines: see, “Guides Concerning the Use of Endorsements and Testimonials in Advertising,” 16 C.F.R. Part 255. A hyperlink to a download of the full text of the rules can be found at the end of this article.)

The guidelines, promulgated by the United States’ Federal Trade Commission, go into effect on December 1, 2009 and and are intended to regulate endorsements by consumers, experts, organizations, and celebrities, as well as requiring the disclosure of “material connections” between advertisers and endorsers.

The term “endorsement” is defined as:

…any advertising message … that consumers are likely to believe reflects the opinions, beliefs, findings, or experiences of a party other than the sponsoring advertiser, even if the views expressed by that party are identical to those of the sponsoring advertiser.

The definition is clearly broad enough to cover social media, blogging and posts made on review sites or forums.

The standard applied to social media is stated in this passage:

The Commission does not believe that all uses of new consumer-generated media to discuss product attributes or consumer experiences should be deemed “endorsements” within the meaning of the Guides. Rather, in analyzing statements made via these new media, the fundamental question is whether, viewed objectively, the relationship between the advertiser and the speaker is such that the speaker’s statement can be considered “sponsored” by the advertiser and therefore an “advertising message.” In other words, in disseminating positive statements about a product or service, is the speaker: (1) acting solely independently, in which case there is no endorsement, or (2) acting on behalf of the advertiser or its agent, such that the speaker’s statement is an “endorsement” that is part of an overall marketing campaign? The facts and circumstances that will determine the answer to this question are extremely varied and cannot be fully enumerated here, but would include: whether the speaker is compensated by the advertiser or its agent; whether the product or service in question was provided for free by the advertiser; the terms of any agreement; the length of the relationship; the previous receipt of products or services from the same or similar advertisers, or the likelihood of future receipt of such products or services; and the value of the items or services received.

TERMS OF ENGAGEMENT

Under the new guidelines, advertisers and publishers must disclose in clear and unequivocal language the existence of any sponsorship of an advertising message. In the context of social media, here are some of the situations where we believe the guidelines would be applied:

(1) A posting to the Facebook forum recommending a particular hotel. If the speaker was compensated in some fashion for posting the recommendation, the guidelines require disclosure.

(2) A tweet on Twitter recommending a product. If the speaker was compensated in some fashion for posting the recommendation, the guidelines require disclosure.

(3) A blogger reviews a product. If the blogger received compensation or complimentary products or services, the guidelines require disclosure.

(4) An employee of a company recommends one of the company’s products on a forum. The existence of an employee/employer relationship would need to be disclosed.

Note that the guidelines themselves contain within the body an entire series of examples. We strongly encourage you to read these carefully as there are some subtle nuances at play that you need to recognize.

EXPANDING LIABILITY

In past versions of the rules, there was no specific provision stating that endorsers as well as advertisers could be liable for statements made in an endorsement. The revised guidelines clearly state that both advertisers and endorsers may be liable for false or unsubstantiated claims made in an endorsement – or for the failure to disclose material connections between the advertiser and endorsers. The revised guidelines also make it clear that celebrities have a duty to disclose their relationships with advertisers when making endorsements outside the context of traditional ads, such as on talk shows or in social media.

The rules also close an old loophole that was frequently exploited. It is no longer sufficient  to simply add small print at the end of an ad indicating that “results may vary.”

In terms of enforcement, it appears the FTC will continue to rely on public complaints, the Better Business Bureau, and even issues reported by competitors. The rules are at this time merely guidelines and do not carry penalties or fines, though clearly they are intended to provide a grounds for enforcement actions via Section 5 of the FTC Act (15 U.S.C. Sec. 45). The FTC is charged with protecting consumers in the United States. Therefore, if your message is published in the U.S. and a complaint is raised, it is conceivable the FTC would get involved where enforcement action is merited.

CONTROVERSY SURROUNDING THE RULES

The newly revised guidelines have already proven to be a magnet for controversy. While the U.S. Government can clearly regulate commercial speech, the present guidelines seem to muddy the waters. Under the new guidelines it is unclear when a speaker has ceased to be voicing an opinion protected by the First Amendment and when their statement rise to the level where there is a legitimate governmental or public policy interest that requires protection.

The Internet Advertising Bureau has even called for a rollback of the provisions. Read their argument in the open letter drafted by the IAB’s CEO:http://www.iab.net/insights_research/public_policy/openletter-ftc

HOW TO DEAL WITH THE NEW RULES

Only time will tell whether these new rules withstand test in the courts, but until then we encourage all to comply and to formulate clear rules of engagement for your brand.
We recommend that you create an internal best practices document that defines for your staff the permissible limits of both their interactions with bloggers and their own statements in forums or on their personal blogs. You should also raise this issue clearly with your PR department or agency, emphasizing the need for compliance.

If you are a blogger, the best path is “disclose and dispose” — that is, disclose if you have been given a freebie and dispose of it once you’ve reviewed it. Moreover, given that the rules require a clear and conspicuous disclosure, place your notice of disclosure above the fold in the article where it is not likely to be missed.

The Word of Mouth Marketing Association (WOMMA) is formulating best practice statements for advertisers and publishers. You would do well to follow the discussions on their site. See,http://womma.org/ftc/

TO LEARN MORE…