Tag Archives: CMS

The Lights Beyond LAMP

The 2009 Open Source CMS Market Share Report showed clearly the ongoing dominance of PHP-based content management systems. While the LAMP stack may be the leader in the arena of web content management, it is certainly not the only game in town. For the 2009 Open Source CMS Market Share Report we looked at not only the PHP-based systems, but also the Java and .NET-based systems.

LOOKING BEYOND LAMP

The LAMP stack is populist in nature. Not only does the stack carry the cost advantages of open source, but there also exists a wide assortment of low-cost hosting and a ready (and growing) supply of developers. These characteristics create low barriers for entry and an attractive choice for individuals, hobbyists and small to medium sized enterprises.
While few would dispute that there are numerically more deployments of the common LAMP stack systems, it would be a mistake to assume that this is the only platform that matters. The web content management space is not homogenous. A hobbyist building a personal site, a small company building an online marketing presence, and a medium sized enterprise building a portal for customer relationship management are just three examples of widely disparate, yet common, uses. And while it is possible that all three of those groups might be looking at the same systems, it is more likely that those who require higher level functionality will look beyond the most common PHP-based systems. The argument becomes even more persuasive when you look at enterprise level clients.

For users who demand more functionality, higher security and more robust platforms, Java-based and .NET-based content management systems hold a strong attraction. Indeed, in the enterprise space, those platforms are more likely to be the first choice. Though it is certain that The Big Three — Joomla!, WordPress and Drupal — continue to improve their offerings and are more capable of supporting robust websites, I think it is fair to state that at this point in time few enterprise clients put them on their shortlist.

THE JAVA CMS RACE

We included 4 Java-based systems in the survey: Alfresco, Jahia, Liferay and OpenCMS. Of the four, Alfresco topped the set in virtually all the metrics, in many cases ranking behind only The Big Three PHP systems. It was a very strong showing for a system that is not normally thought of in the context of web content management.

Alfresco had a strong lead in brand recognition and brand familiarity ratings. While Alfresco lead Liferay in many metrics, it did not do so across the board; Liferay also performed very well. Liferay showed significantly greater strength in third party support, website popularity metrics and social media prominence. Both Alfresco and Liferay ranked highly in the brand sentiment metrics, with Alfresco coming in third overall in the survey — one of the clear leaders in this key metric. Liferay was not far behind, coming in sixth overall.

Alfresco and Liferay lead OpenCms by a large margin in almost all categories and Jahia not only lagged relative to the other Java based systems, but was one of the weakest performers of the entire survey group. Most troubling for Jahia has to be the brand sentiment data which showed Jahia fourth from last in the survey set, with negative sentiment running very close to 50%.

In sum, from my perspective those interested in implementing Java-based open source content management systems for their web sites have a lot to cheer about. There exist several viable choices and at least two strong, growing players. This is a space that is set to grow and remain competitive in both the short to medium term.

The chart below shows the results of our query on brand familiarity to the survey group:

brand familiarity

THE .NET CMS RACE

.NET is not a platform most people traditionally associate with open source, but over the last couple of years that has begun to change. A large part of that credit has to go to DotNetNuke, who have been waving the open source flag and investing heavily in marketing to get that message out. Perhaps no other system in the survey has shown a more concerted marketing effort than DotNetNuke. That marketing has paid off in brand recognition and has opened the door for .NET as an open source alternative in the minds of many consumers.
This year’s survey found that DotNetNuke leads the .NET open source CMS race over the nearest rival, Umbraco, by a significant margin. However, the good news for DotNetNuke seems to stop right about there.

Our survey found an ongoing deterioration in DotNetNuke market interest; a slide that has continued across the last several years. The system also had one of the worst ratios of trial usage to actual usage, in other words, while they were successful in getting  prospects to try the system, they were less successfully in converting them into actual users. Most troubling of all were the numbers relating to brand sentiment. DotNetNuke finished last of the entire survey set in brand sentiment and was one of only two systems to show more negative than positive responses to the question “What is your general feeling about these companies or projects?” Further corroboration of this conclusion can be found at the Windows Web App Gallery which lists user rankings for four .Net-based content management systems. Of the four, DotNetNuke is ranked the lowest, lagging behind Umbraco, mojoPortal and Kentico CMS.

The chart below shows the results of the query to the survey group on brand sentiment: Do you feel positive or negative about the following brands/products?

brand sentiment

Aside from the brand sentiment metric, DotNetNuke lead Umbraco across the board. However, when you look at the trend in interest levels, there is a sharp contrast: Interest in Umbraco is strengthening. The improvement is slow but steady and the gap between the two systems seems to have closed significantly in the last 12 months. One has to wonder what would happen if Umbraco could match the marketing might of DotNetNuke.

In conclusion, the .NET-based open source CMS market is still wide open. DotNetNuke was certainly the early mover but seems struggling now to hold on to that advantage. The arrival of competing systems like Umbraco, and even more recently mojoPortal, shows that there is plenty of room for competition in this space and that things are only going to get more challenging for DotNetNuke.


 

The data underlying these conclusions can be found in the 2009 Open Source CMS Market Share Report, from water&stone and CMSWire. Download a free copy of the report at:http://www.cmswire.com/downloads/cms-market-share/
Note: This article originally appeared, in slightly different form, on CMSWire.com: http://www.cmswire.com/cms/web-cms/open-source-cms-market-lights-beyond-lamp-005849.php

Changing the Way We Work

Context

It wasn’t so very long ago that companies who wished to employ content management technology for their websites were faced with only two choices: Either build it, or purchase a proprietary platform.

Building a CMS was not to be undertaken lightly. It required an experienced development team working in either ASP, Java, or Cold Fusion, and a good grasp of database architecture. Each language presented its own strengths and each had its own weaknesses and between license fees, development expense, and lead times, none were particularly cost-effective.

The proprietary system space was occupied by big names with even bigger price tags. In an arena dominated by Broadvision, Interwoven, and Vignette, prices in six figures (US$) were not uncommon. Per user licenses, consultant fees, server licenses, database licenses, and customization fees assured that proprietary systems were for the Enterprise – well out of the reach of SMEs.

With the high ground held firmly by the big brands, new players began to appear in the mid-priced market. With the appearance of these new more affordable solutions, price pressure began to be exerted on suppliers. Allaire, and much later Microsoft — relative new-comers — pushed market prices down more with mid-priced CMS products.

As the market matured, viable products started to emerge form the proprietary development field. (The Ektron products being a prime example.) Clients started to face an growing array of choices and began to look to their local vendors to provide viable CMS solutions. Many of those local market players received a major boost with the appearance of ActiveX features in Internet Explorer, which allowed WYSIWYG editor implementation through the browser interface. Almost overnight it seemed that server-side content management systems were both plentiful and affordable.

LAMP Shines

The CMS market really took wing with the liftoff of the LAMP stack and the growth of a supportive development community. Suddenly it seemed everyone was producing LAMP-based CMSs under Open Source licenses.

phpNuke set the pace early on and is largely responsible for inspiring others to follow suit. In the past several years, out of a very large pack of contenders (somewhere in the neighborhood of 85 active projects from my count!), some Open Source “brand names” have emerged as market leaders: Drupal, Zope, Plone, Mambo, Midgard, Typo3, and OpenCMS, in particular stand out.

All these names have produced multiple versions, with regular updates and a solid patch history. All have produced a wide set of features and have managed to achieve sizeable installed bases.

Of that group of market leaders, few have the support of a reliable vendor behind them. One clear exception is Mambo, which is backed by a non-profit Foundation that promotes and protects the intellectual property and the developers. The Foundation stands behind Mambo, offering support from their development resources, assistance with PR and the added assurance of the backing of a corporate presence in the event of legal problems, major meltdowns, or team instability.

Backing by a reputable vendor is unusual in the loose Open Source development community, but it becoming more common, as major players start to release software under the FOSS model and move their companies towards service-based business models.

While I would think that it is obvious that it is extremely desirable to have the support of an established and stable player, let’s look at an example: Drupal, though a very good and popular system with wide adoption, went through a major embarrassment in July of this year when the Drupal community servers went down for two days, leaving the Drupal team to post a one page website on a borrowed server asking the community for monetary donations to get them going again! This is the sort of incident that will send the typically conservative CIO scurrying for brand name cover.

Blogs, Wikis, And Other Niches

The Blog phenomenon is great example of how the proliferation of easy to use content management technologies has trickled all the way down to individual users. Blogging is a direct by-product of the presence and accessibility of CMSs employing WYSIWYG content editors.

One of the interesting by-products of the blogging phenomenon is the vitality of what I would call non-standard content management approaches. For example, we see hosted solutions, like Blogger, doing exceptionally well. We also see the client-side application Radio Userland developing quite a loyal following. I label those two approaches as “non-standard” in the sense that those approaches to content management have never been taken seriously for large scale content management. (Yet, when you consider the sheer volume of data handled by something like Blogger, you have to give credit to the system for being very robust!)

Blogging has also given rise to unusual features like content management via email and even voice mail. It’s innovative. How much of this will migrate into future mainstream content management tools, it is hard to say, but it is worth watching.

As a result of the popularity of blogging, some blogging platforms are gaining real strength in their own right: RadioUserland, Serendipity, and WordPress being leaders in the field.

Wikis are another example of how content management has become such a ubiquitous feature of the Internet landscape that specialized tools built for particular purposes are not unrealistic. (How many Wikis are there floating around on the Web these days?) Many of these Wiki systems are specialized in some manner to accommodate different formats / tasks / file sizes / etc. It is a remarkably robust community – and unheard of 3.5 years ago.

Dangers In The Road

The Open Source CMS market’s strength is not too different from its weakness: The large number of projects, indicative of the vitality of the movement, also brings with it the danger of fragmentation. Of all the various scripting communities only the Python community has solidified around one core product – Zope (and now that solidarity too is threatened by the emergence of Django). In contrast, PHP developers have an amazing choice of systems to devote their attentions and development skills.

The rapid pace of updates is similarly a double-edged sword. While we all appreciate improvements and enhancements, the simple fact is that every upgrade carries with it a cost in terms of maintenance overhead and the possibility for problems. As a Mambo user who manages more than a dozen Mambo sites, I let out a groan each time a new upgrade hits.

Ironically, a final danger we see emerging from the Open Source market is the marriage of certain to systems to particular technologies – the loss of platform independence and interoperability. Mambo and Midgard require MySQL (though Mambo claims that will change in the next version). Bricolage only uses PostgreSQL. Zope requires an obscure database hardly used outside the Python world.

While betting on the continued vitality of a technology like MySQL or PostgreSQL is probably a pretty safe strategy, you have to agree that the ability of a system to handle alternatives is a better long-term survival strategy.

The Bleeding Edge

Open Source Content Management is now moving into a leadership position in the field. The rapid pace of Open Source development is generating innovations and advances in the underlying technology at an amazing pace.

Open Source systems are now moving beyond creating out-of-the-box CMS solutions and into the field of web application frameworks. The framework approach is much more powerful and allows for the creation of much more complex and customized solutions.

To a certain extent products like Mambo and the xNuke family are frameworks, offering a great deal of flexibility in the creation of a website, but they come nowhere close to new technologies like Ruby on Rails or Django.

Rails is a full-stack, open-source web framework in Ruby for writing real-world applications. Ruby is an object-oriented, highly dynamic “scripting” language. The system is very young, but with out of the box support for MySQL, PostgreSQL, SQLite, SQL Server, DB2, and Oracle, it shows a great deal of promise.

Django is a framework built around the Python language. It enjoys many of the benefits offered by Rails, but also the added advantage of the support of the larger Python community. Django also has the advantage in the content management arena as the system is designed to create administration interfaces with ease. Django is also very young.

While the jury is still out on these two new technologies, they clearly signal the way forward. From a developer’s perspective, the emergence of these frameworks also begins to provide alternatives to the .NET and J2EE development environment.

The bottom line is that this is a very dynamic area of the Internet technology. The CMS market is moving so quickly less nimble players are finding it hard to keep the pace. One has to wonder if market consolidation in the face of competition isn’t on the horizon.

How To Choose

Evaluating a content management solution for a firm, or for personal use, is largely the same exercise. Begin with a needs analysis. Define your goals, prioritise them, and then assess what features or tools are needed to help you reach those goals. At a later point, once cost research is under way, you can then assess the cost of features relative to the priorities of the goals and come up with the basis of an intelligible cost-benefit analysis.

Start by examining the nature of your site. Is it a portal? A marketing exercise? An e-commerce site? A blog? An Intranet? These questions will set the outer boundaries for defining the type of system you need. Intended use will shape the decision process significantly.

Consider not only your short term needs but also your long term goals. Many of the systems that are in the market today are modular. This allows you the flexibility to start with only the features you need to meet your short term goals, then to expand the system as justification (or necessity) develops.

Accordingly, look at the modules offered by the vendor and assess whether the system will suit your planned future expansion. It is foolish to try to build it all at once, as the cost will be high and the time line extended. It is better to start conservatively with a modular system that you can grow into.

When shopping for systems, it is best to approach the vendor/developer with a shopping list of features that you require/desire. Mature systems will offer more modules, but make sure you demo the modules you are interested in, as implementations of similar functionalities tend to vary more than you might expect.

While many systems support basic modules, like membership tracking or online polls and surveys, there are other features which are harder to find and which may narrow your choices significantly if required. Key features you should be aware of include multi-lingual support, archiving and roll back, and syndication. If your site requires one or more of these more advanced functions, you will find the number of choices left for your review has dwindled (and you may be locked into a proprietary solution).

Another factor to consider is dependencies on other software packages. Some systems, like the Microsoft CMS, require you to license not only the CMS product, but also a number of other related products which are required for the CMS to work properly. Make sure you check database requirements, server and OS requirements, and whether third party components are needed to create templates or maintain the site in the future. And of course, never forget those frequently shocking consulting fees that are often part of any major implementation. Add it all up and you will find that some systems which may initially appear to be attractively priced are, in fact, quite expensive.

One issue many companies fail to consider is how well the CMS can be tailored to fit the firm’s existing work flow. Most systems will give you some flexibility in assigning roles and permissions. Systems vary in complexity from offering only a set of pre-defined roles to completely customisable user systems. Permissions, editorial review, and scheduling are related concepts: Does your firm need to put content through a review and permissions phase and does your firm need to schedule start/stop days or pre-schedule content (load the content before the start date)? Look for a system that matches, or can be tailored to match, your existing structure and work flows, otherwise you will face challenges in modifying offline processes and training staff.

There’s no magic formula for finding the right CMS. The market is very fragmented and many systems use similar labels to provide widely disparate levels of functionality. It is essential that you be proactive about approaching vendors and go in the door knowing what you need — put the burden on them to show that they can meet your needs. Have clear requirements and research best practices so that you are equipped to deal with this (sometimes expensive) decision.

How to Select a CMS

There’s recently been a lot of discussion and considerable interest in content management systems. Buyers are starting to ask for these solutions from vendors with greater regularity and the buyers are clearly better informed than in the past. Still the issue that comes up again and again is, how do you know which content management system (CMS) is right for you?

Begin with a needs analysis. Define your business goals, prioritise them, and then assess what features or tools are needed to help you reach those goals. At a later point, once pricing research is under way, you can then assess the price of features relative to the priorities of the goals and come up with the basis of an intelligible cost-benefit analysis.

Start by examining the nature of your site. Is it a portal? A marketing exercise? An e-commerce site? These questions will set the outer boundaries for defining the type of system you need. A marketing site will demand far less from a system than a portal. Moreover, security, support, and data integrity issues will be dominant concerns for any firm involved in e-commerce.

Consider not only your short term needs but also your long term goals. Many of the systems that are in the market today are modular. This allows you the flexibility to start with only the features you need to meet your short term goals, then to expand the system as justification (or necessity) develops.

Accordingly, look at the modules offered by the vendor and make an assessment of whether the system will suit your planned future expansion. It is foolish to try to build it all at once as the cost will be high and the time line extended. It is better to start conservatively with a modular system that you can grow into.

When shopping for systems, it is best to approach the vendor with a shopping list of features that you require/desire. Mature systems will offer more modules, but make sure you demo the modules you are interested in, as implementations of similar functionalities tend to vary more than you might expect.

While many systems support basic modules, like membership tracking or online polls and surveys, there are other features which are harder to find and which may narrow your choices significantly if required. Key features you should be aware of include: multi-lingual support, archiving and roll back, and syndication. If your site requires one or more of these more advanced functions, you will find the number of choices left for your review has dwindled (and prices have crept up, too).

Another factor to consider is dependencies on other software packages. Some systems, like the Microsoft CMS, require you to license not only the CMS product, but a number of other related products which are required for the CMS to work properly. Make sure you check database requirements, server and OS requirements, and whether third party components are needed to create templates or maintain the site in the future. And of course, never forget those frequently shocking consulting fees that are often part and parcel of any major implementation. Add it all up and you will find that some systems which may initially appear to be attractively priced are, in fact, quite expensive.

One issue many companies fail to consider is how well the CMS can be tailored to fit the firm’s existing work flow. Most systems will give you some flexibility in assigning roles and permissions. Systems vary in complexity from offering only a set of pre-defined roles to completely customisable user systems. Permissions, editorial review, and scheduling are related concepts: Does your firm need to put content through a review and permissions phase and does your firm need to schedule start/stop days or pre-schedule content (load the content before the start date)? Look for a system that matches, or can be tailored to match, your existing structure and work flows, otherwise you will face challenges in modifying offline processes and training staff.

There’s no magic formula for finding the right CMS. The market is very fragmented and many systems use similar labels to provide widely disparate levels of functionality. It is essential that you be proactive about approaching vendors and go in the door knowing what you need _ put the burden on them to show that they can meet your needs. Have clear requirements and research best practices so that you are equipped to deal with this sometimes and often expensive buying decision.

Ready for the Enterprise?

A quick look at 10 Open Source Content Management Systems which are beginning to find their way inside Enterprise IT Departments.

1. Alfresco

Alfresco is the new kid on the block. (The first public release just hit the streets in October ’05.) The system positions itself as an open source alternative to Windows SharePoint Portal Server. It features a number of desirable document management features including workflow management and audit capabilities. The system is OS independent and can operate on a variety of databases, including MySQL, PostgreSQL, Oracle and SQL Server. Underneath it all lies a heart of Java.

Alfresco offers a dual licensing model, with a free Open Source version of the system and several commercial versions. The Open Source version has more limited user management, but is otherwise largely comparable with the commercial versions of the program.

License: Mozilla Public License (MPL)
Websitewww.alfresco.org

2. Bricolage

Bricolage is an interesting system and atypical in a number of ways. The system uses one of the more unusual configurations in this list, employing Perl as the primary scripting language and running off the PostgreSQL RDBMS. It is powerful and highly configurable, but some users may find it to be less friendly to administer than other systems on this list. It’s powerful, but the power comes at the cost of some usability. The newest version (1.9.1) addresses one of the important shortcomings (the ability to edit an entire story in one textbox), but basic users will not doubt find the administration interface a bit daunting.

Bricolage allows for configurable workflow, complex user hierarchies, multiple output channels, and even supports rollback – a rare feature in Open Source systems. The multi-site management features are particularly impressive. On the downside, Bricolage is relatively boutique and does not have a wide variety of third party created extensions available. Limited commercial support is available.

License: BSD
Websitewww.bricolage.cc

3. DotNetNuke

DotNetNuke is a bit of an anomaly: an Open Source CMS built on Microsoft’s .NET platform (it employs ASP.NET and VB.NET). The system is supported by a significant community and as a result has available a number of modules which can extend the functionality of the core. DotNetNuke’s strengths lie in the power of the system and the ability to create good looking websites with flexible templating. The downsides most commonly cited are the necessity possessing the .NET skillset (to modify the system) and the existence of only a few third party firms offering professional support.

Despite the name, DotNetNuke is not part of the phpNuke, PostNuke family. The system actually began as a free demo application released by Microsoft as part of their efforts to promote the .NET platform.

License: BSD variant
Websitewww.dotnetnuke.com

4. Drupal

The Drupal system has quickly won a devoted following. The popularity stems from a variety of factors: the easy to use and widely available LAMP platform, the PHP-based code, the ability to run either MySQL or PostgreSQL, and the easy to use admin system. The community surrounding the Drupal project is large and has developed a wide assortment of modules for the platform. This system has been translated into a number of languages. Templating with the system is not necessarily the easiest, but should present no problems to anyone with PHP skills.

Drupal’s forte is community-oriented content and the site works very well at that level. The system has been the target of some criticism relating to security, but the vulnerabilities are frankly no worse than anyone else’s. Only limited commercial support is available through third parties.

License: GPL
Websitedrupal.org

5. EzPublish

Though not as widely known as some of the other systems on this list, ezPublish enjoys a good reputation and claims to have more than 1,000,000 downloads to date. The system is backed by a corporate partner, ezSystems, who bases their business model on a dual licensing scheme that allows them to sell a professional version of the product, along with add-ons and support. Without a large developer community to support it, eZPublish lacks the wide choices of add-ons you find with some of the other systems on this list, but you can find the most common items, including a large number of translations and solid commerce options.

While it is powerful, the system does receive some criticism for being less than user-friendly and a bit bulky. Still, that said, if you are looking for a hardy application with commercial support and backing, it is definitely worth looking at.

License: multiple licenses
Websiteez.no

6. Magnolia

Magnolia was launched just over 2 years ago and in that time has gone through some serious improvement and evolved into a powerful system. More framework than CMS, the current version is based on the Java Content Repository Standard JSR-170. The Magnolia Server (or Framework) includes options for content management, document management, and business process navigation (BPN). Backed by the firm obinary, Magnolia presents a rather complicated dual licensing model. The CMS component and Magnolia Server can be used free of charge, but document management and the BPN module are fee-based.

Magnolia is built around J2EE and while it can be run on all common operating systems, the JDK requirement will be a show stopper for some. As the system lacks a large developer community, extension modules are few and far between. Professional support, however, is available from obinary.

License: dual licenses
Websitewww.magnolia.info

7. Mambo

Mambo is built on the LAMP platform and employs PHP as the scripting language. It is one of the most popular Open Source CMSes, largely due to the ease of installation, the ease of use, and the wealth of options for extending the core. The downsides from an enterprise perspective, however, are significant, as Mambo lacks the ability to handle complex workflow, highly granular user management, rollback or multiple site administration.

The system makes up for many of the drawbacks with its flexibility and the ease with which the code can be modified to suit the users’ needs. Mambo is highly configurable and the PHP code base is very tolerant of modification. The templating is simple and effective, allowing for extensive control of a site’s look and feel. The system is backed by a nonprofit Foundation and commercial support is available from third party vendors.

License: GPL
Websitesource.mambo-foundation.org

8. Midgard

Midgard provides a CMS framework which runs atop the LAMP stack, utilizing PHP as the scripting language. The system also provides integration interfaces with Java and C, giving it more flexibility than many of the systems on this list. That said, it is the sort of system programmers will love, but users may find less enticing – even installation can be a bit of challenge for basic users. There is a limited number of extensions available for this system.

Midgard is an ad hoc community-driven project. Some commercial support is available through third party vendors.

License: GPL
Websitewww.midgard-project.org

9. OpenCMS

OpenCMS is based on Java and XML and has the flexibility to run on just about any platform. The system includes good user management, the ability to run multiple sites from one installation, and support for multiple languages. Commercial support is available from the parent company, Alkacon, and a number of other vendors.

On the downside, OpenCMS lacks a certain amount of flexibility. Templating and modifying the codeset can be a bit of a challenge given the site’s use of JSP. Moreover, the admin system, while relatively easy to use, lacks some of the advanced features available in other systems on this list. As a result of these limitations, OpenCMS sites often struggle to achieve a distinctive look and feel, tending rather toward a more uniform “portal” look.

License: LGPL
Websitewww.opencms.org

10. Plone

The Plone system has built a diehard cadre of devotees. The system is the most “exotic” on this list, being built primarily in Python and running off the Zope framework. If you’ve the stomach for Python and Zope, you should look at Plone. It is powerful, flexible and loaded with potential. The developer community which has quickly grown around this program is dedicated, verging on fanatical. They have created a number of innovative and desirable extensions for the Plone core (largely courtesy of the power of Zope). The admin interface is friendly and easy to use. Plone’s client list is quite impressive, including eBay, Lufthansa, NASA/JPL, and a number of other firms who clearly have some serious technology credentials.

If Plone can be said to be lacking in any particular area, it is in the document management feature set, which is likely to be disappointing to the enterprise webmaster.

License: GPL
Websiteplone.org

50 Top Joomla! Extensions

With more than 4,000 Extensions in the Joomla! Extensions Directory, one of the most daunting aspects of selecting a Joomla! Extension is finding the right tool for the job. With thousands of Extensions to choose from, you are sometimes faced with multiple options that appear to achieve your goals. While there really is no subsitute for downloading things and trying them out yourself, in this article I provide a list of fifty Joomla! Extensions as a starting point for addressing common needs.

This article is excerpted from Ric Shreves’ upcoming title, the Joomla! Bible, from Wiley & Sons. That book is due for publication in early November and can be pre-ordered directly from the publisher at www.wiley.com. Watch this site across the coming months as we preview more from this new title. This article orignally appeared on the author’s site,RicShreves.net.

Note that this is not an endorsement of one particular Extension over another, but rather simply a list of resources to help you get started. The list includes both commercial and non-commercial Extensions. The Extensions are numbered for convenience only — not as an indicator or preference or popularity.

The Extensions have been grouped as follows:

 

:: A Word of Caution ::
The rate of change in the open source world can be daunting. Developers change, projects fork, some projects get abandoned. While this list may hae been accurate when compiled, it’s impossible to say which projects will remain vital in six months’ time. The list of extensions I provide will no doubt change over time. You should always keep this in mind when you are selecting extensions, and if business risk is an issue for you, then you need to do your own research and consider carefully which extensions you adopt.

ECOMMERCE AND CATALOG MANAGEMENT

If you want to sell online or add a product catalog to your site, you should probably consider installing a dedicated Extension to expand on the core system’s functionality.

[01] VirtueMart

I list only one Extension in this category as VirtueMart is far and away the leader. Not only does VirtueMart provide flexible ecommerce options, it also provides usable catalog managament, so whether you want to sell online or just showcase products, this one Extension can do it all.
http://virtuemart.com/

IMPROVING CONTENT MANAGEMENT

The Extensions listed in this section all expand upon the systems default content management functionality. The list includes both Extensions to enhance existing Articles as well as several powerful tools for changing the nature of the Articles and the Article editing functionality.

[02] AllVideos Reloaded

This Component enables the embedding and display of videos on your website. The Component comes in multiple parts: a content plugin, an editor plugin, a system plugin and a module. Once installed you can display video files either inside of Articles or inside Module positions, or as a pop-up inside a light box. The most recent version also includes a utility to convert various video formats in .flv (flash video) files. This is a non-commercial extension.
http://joomlacode.org/gf/project/allvideos15/

[03] Attachments For Content Articles

This extension makes it easy to add attachments to your Articles. The attachments can be viewed or downloaded by your site visitors. The extension combines a Component for uploading and managing attachments and a Plugin for adding attachments to the site Articles. This is a non-commercial extension.
http://joomlacode.org/gf/project/attachments/

[04] Content Templater

Content Templater is a powerful extension that enables the creation of pre-defined, reusable templates for your Articles. If your site has multiple administrators, the use of content templates is one of the best ways to maintain a consistent appearance throughout the site. The extension allows you to create multiple templates which then appear inside the editor where they can be selected by the editor. The templates extend beyond content layout to include the other common attributes, including the title, alias, publishing settings, etc. This is a non-commercial extension.
http://www.nonumber.nl/contentTemplater

[05] Custom Properties

The Custom Properties extension provides a way to attach tags to your Articles. The tags can then be used as aids to organization and navigation. Custom Properties opens up the Joomla! content hierarchy as the Extension makes it possible to associate multiple tags with a single Article and to search and view the Article by each of those tags. Elements included in the Extension give you the option to provide a dedicated search by tag and an option to generate a tag cloud. This is a non-commercial Extension.
http://www.solidsystem.it/index.php/english/Custom-Properties/

[06] JCE

JCE is a WYSIWYG editor for your Joomla site. If you are looking for an alternative to the default editor, JCE is one option. The editor is extendable, allowing you to add in a file manager, a media manager and an image manager. This is a non-commercial Extension, however, some of the Extensions incur a fee.
http://www.joomlacontenteditor.net

[07] JomComment

JomComment enables user comments for your Articles. The system is Ajax-based, thereby avoiding page reloads, and supports templates and SPAM prevention. You can also configure the system to require that comments be moderated and approved prior to appearing on your site. There is an additional module available that allows you to display the most recent comments on the site in a module position. This is a commercial component.
http://azrul.com/products/jom-comment.html

[08] JoomlaFCK Editor

JoomlaFCK Editor is a port of the popular FCK Editor package. FCK is a powerful and easy to use WYSIWYG editor that gives you a strong alternative to Joomla’s default editor. The editor includes image uploading and management functions and a wide array of formatting tools and options. This is a non-commercial Extension.
http://www.joomlafckeditor.com

[09] K2

K2 bills itself as the ultimate content construction kit for Joomla. It presents a major change in the way content items are handled in your Joomla! site. Using this Extension, you can create custom content types with custom fields. This makes it possible for you to break out of the restrictions of the default Joomla! three-tier content hierarchy and the limited content type. The Extension supports tagging as well as the inclusion of a variety of media formats. This is a non-commercial Extension.
http://k2.joomlaworks.gr

[10] Labels

Labels provide a way to tag your Joomla! Articles and Contacts. The Labels can be used to impose organization on your site and to enhance user navigation. Using Labels, you can assign one Article to multiple classifications. The Labels can then be used as the basis for lists of Articles or they can be displayed independently as a Tag Cloud. This is a commercial Extension.
http://jxtended.com/products/labels.html

[11] MetaMod

The MetaMod Extension enhancing Module management. It allows you to add additional rules and logic for displaying Modules on your pages. You can set start and end date for Module publication and can trigger module display according to the appearance of text or metadata in an item. The newest version include geo-location filtering, making it possible to show visitors different content, based upon their IP address. One of the more useful features is the ability to hide modules once a user has logged in. This is a non-commercial Extension.
http://www.brandonitconsulting.co.uk/mod_metamod/

[12] News Show

News Show Pro is a content display Extension that allows you to display Articles in a wide variety of formats using a combination of Modules. The Extensions makes it easy to display multiple items on one page in a variety of formats and greatly eases the burden of managing them. Configuration options allow you to display Articles vertically or horizontally and to sort them and control their appearance by a variety of criteria. This is a non-commercial Extension.
http://tools.gavick.com

IMPROVING ADMINISTRATION

The Extensions listed in this section are all intended to make managing th administration of your Joomla! site easier. They provide functionality you may well get already from other tools, but with these Extensions you are able to do the job directly from within the Joomla! admin system, thereby savings yourself time and effort.

[13] EXtplorer

eXtplorer is a file and FTP management component. It allows you to browse and manage files from within your Joomla! admin interface without the necessity of using an external FTP or file management client. You can search, browse, upload and download files on your server and you can create and extract archives and manage file permissions. This is a non-commercial Extension.
http://joomlacode.org/gf/project/joomlaxplorer/

[14] Joomla! Tools Suite

The Joomla! Tools Suite Extension is intended to be installed independently of Joomla! in order to provide you with a fall back in the case of problems with the site and to allow you to assess and monitor the site’s health. Features include post installation health checks, installation assessment, security auditing, core-file modification auditing, file-system auditing, Extension reporting and database auditing facilities. This is a non-commercial Extension.
http://joomlacode.org/gf/project/jts/

[15] JoomlaPack

JoomlaPack is a back-up component for Joomla!. It creates a full backup of a site in a single archive and can be restored by any Joomla! capable server, thereby providing not only basic back-up facility, but also an aid for site migration. It is flexible and customizable. This is a non-commercial Extension.
http://www.joomlapack.net

ENHANCING SEARCH

Joomla! search sometimes needs a little help. Here are two Extensions that enhance the site search experience.

[16] JXtended Finder

Finder is an advanced search engine for Joomla!, giving you a more powerful alternative to the default search functionality. In addition to full text search, the Extension also enables a variety of filters, including custom-defined filters. This is a commercial Extension.
http://jxtended.com

[17] PixSearch

The PixSearch Module creates an Ajax-based search box that searches as you type and displays results immediately in a pop-up box. The search is similar to that seen on a number of sites and in the Mac OSX Spotlight search feature. This is a non-commercial Extension but it does require registration.
http://labs.pixpro.net

ENHANCING MENUS AND NAVIGATION

While the most recent version of Joomla! provides more flexibility in the Menu layouts, these two extensions make it easy to create great looking Menus in a variety of formats and styles.

[18] Extended Menu

Extended Menu extends the functionality of Joomla’s MainMenu Module. You will still have to use CSS to achieve the styling, but the configuration options make it very easy to change the menu orientation and to split and re-order the Menu. The Extension also enhances the ability to work with parent-child menu item relationships. This is a non-commercial Extension.
http://de.siteof.de/extended-menu.html

[19] SwMenu

swMenu is a set of Menu creation and management Extensions. You can create and integrate unlimited Menu Modules and achieve a wide variety of styling. There are commercial and non-commercial versions available on the developer’s site.
http://www.swmenupro.com/

BUILDING COMPLEX FORMS

The default Joomla! system offers extremely limited options for form creation. The Extensions listed below address this issue by providing the ability to create complex forms on your Joomla! site.

[20] BfForms

An AJAX admin interface makes it easy to create complex forms. The Extension supports unlimited forms and fields and is Smarty Templates enabled. Forms created with this Extension support the Akismet and Mollom anti-SPAM systems, as well as IP banning and blacklists. Submit buttons and validation are also configurable. This is a commercial Extension.
http://www.forms-for-joomla.com

[21] ChronoForms

ChronoForms is a great choice for those with HTML skills who want more control over their forms. With this Extension, you can create the form in your favorite HTML editor, then copy and paste it into the ChronoForms Component. There is also a drag and drop form creation interface for those who don’t want to do the work in HTML. The Extension also gives you to ability to create database tables and connect those to forms, thereby allowing you to capture form data in the DB. This is a non-commercial component, but does include a back link to the developer’s site. You can remove the back link for a fee.
http://www.chronoengine.com

[22] RSform!Pro

RSForm! Pro is an AJAX-enabled form builder. The Extension supports a wide variety of fields and input types and allows you to create forms without any HTML knowledge. Data gathered with the forms can be exported to CSV format. This is a commercial Extension.
http://www.rsjoomla.com/joomla-components/joomla-form.html

ADDING GALLERY FUNCTIONALITY

Galleries are one of the most commonly-requested Extensions to Joomla! Perhaps then it is not surprising that there are a large number of options in this area. The list below includes both full-featured galleries and simple slideshow components.

[23] Expose

Expose creates Flash-based slideshows. The size is adjustable and the resulting slideshow is search engine friendly. The Component includes album management and various configuration options that allow you to create attractive slideshows. This is a non-commercial Extension.
http://www.gotgtek.net/15/

[24] Frontpage Slideshow

Frontpage Slideshow creates JavaScript and CSS-based slideshows. One of the most powerful features of this Extension is the ability to integrate text with images to create PowerPoint-type slides. Configuration options give you a great deal of control over the timing, display triggers and transitions. This is a commercial Extension.
http://www.joomlaworks.gr/content/view/24/28/

[25] Phoca Photo Gallery

The Phoca Component provides an image gallery that also includes slideshow functionality. The Extension provides a large number of options for controlling the catalog categories and the images they contain. Images can be displayed using a variety of techniques, including light boxes, slideshows or standard page views. The gallery supports images and videos and is search engine friendly. There are a number of Modules and themes available to extend the functionality of this Component. This is a non-commercial Extension.
http://www.phoca.cz/phocagallery/

[26] RokSlideshow

RokSlideshow is a JavaScript-powered slideshow Module. The Extension provides a choice of six customizable transition types and thirty wipe and push transitions. You can add titles, captions and control font size and colors. This is a non-commercial Extension.
http://www.rocketwerx.com/products/rokslideshow/overview

[27] RSGallery2

RSGallery provides an easy to customize gallery component. The Extension’s use of a separate Template system means you can modify the presentation significantly without hacking the core files. The Extension includes not only image and category management but also a slideshow functionality. RSGallery supports image download and integrates well with Community Builder. This is a non-commercial Extension.
http://joomlacode.org/gf/project/rsgallery2/

ADDING A DIRECTORY

If you want to create a categorized listing of companies, products or other items or services, then these directory Extensions will help you create a professional and functional site.

[28] Mosets Tree

The Mosets Tree Extension enables the creation of a Yahoo! style directory on your site. The system provides all the features you normally associate with online directories including unlimited categories and sub-categories, the ability to browse the listings and the ability to search for listings. Listing fields are customizable and the Extension supports the creation of custom fields. This Extension is used to power the official Joomla! Extensions Directory. This is a commercial Extension.
http://www.mosets.com/tree/

[29] SOBI2

The SigSiu Online Business Index Extension allows you to create complex directories. The directory listings can be maintained by either the site administrator or by the registered users. The system offers a number of fields for listings and it is possible to create custom fields. The core Extension is non-commercial but many of the additional modules you will want — like search — are commercial.
http://www.sigsiu.net/

ADDING A FORUM

Threaded discussion forms have moved way past the old BBD format. Joomla! has several excellent forum Extensions. Here are two of the best.

[30] CcBoard

The ccBoard forum provides complete forum functionality with a wide variety of options. You can create moderated or unmoderated forums, and allow guest postings or force user registration. The Extension also supports user karma, bad word filtering, SPAM filters, and more. This is a non-commercial Extension.
http://codeclassic.org

[31] Kunena

The Kunena Extension is a fork of the popular Fireboard Forum Component. This is a full-featured forum supporting all common features, including threaded discussions, multiple categories, user management, moderation, avatars and much more. This is a non-commercial Extension.
http://www.kunena.com

ADDING A FILE EXCHANGE

File Exchanges provide a way for you to exchange documents or other files with your site visitors.

[32] DocMan

DocMan is a document management and file exchange Extension. You can manage documents and files in multiple categories and subcategories and give users permission to upload, download or edit documents. The system supports multiple group permissions that allow you to show specific files to only specific groups. A search system is integrated. This is a non-commercial Extension.
http://www.joomlatools.eu

MANAGING MULTI-LINGUAL CONTENT

While the Lnaguage Packs in Joomla! enable the system messages in multiple languages, they do nothing about the Articles and other content. If you want to display a fully multi-lingual site you will need to install a multi-lingual content extensions to help you manage the translations. The dominant Extension is Joom!Fish.

[33] Joom!Fish

The Joom!Fish Extension enables multi-lingual content management on your Joomla! site. With this Extension you can run your front-end content in multiple languages and allow users to switch easily between languages. The newest version supports routing to assist with your search marketing efforts and to build consistency into the URL structures. The core Extension is free of charge but some enhancements are now commercial.
http://www.joomfish.net

ENHANCING SEO

Joomla! provides SEF URLs as part of the Global Configuration options, but for those of you who want to do more, you should consider these Extensions.

[34] Artio JoomSEF

This SEF Extension re-writes your Joomla! URLs to be search engine friendly. The Extension handles multi-lingual sites and works with both the Apache web server and the IIS web server. The system allows you to customize the URL strings and supports multiple URL formats. JoomSEF goes beyond just SEF URLs, adding in support for expanded metatags and customizable error pages. This is a non-commercial Extension but does include a back link to the developer’s site. The back link can be removed for a fee.
http://www.artio.net/en/joomla-Extensions/joomla-seo-sef-component-artio-joomsef

[35] JooMap

Joomap is a sitemap component that generates both front-end site maps for your site visitors and XML sitemaps for the search engines. Note also the Xmap Extension, discussed below. This is a non-commercial Extension.
http://koder.de/projekte/joomap/

[36] Sh404SEF

This Extension generates search engine friendly URLs and also provides management for titles and meta tags. There are additional plugins available for this Extension to provide support for many other common Extensions, like VirtueMart, Fireboard and Community Builder. This is a non-commercial Extension.
http://extensions.siliana.com

[37] Xmap

Xmap is based on Joomap, discussed above. The two Extensions are very similar and both produce front-end user site maps and XML site maps. You should review both to determine your preference. This is anon-commercial Extension.
http://joomla.vargas.co.cr

EXTENDING USER MANAGEMENT

If you want to breakout of the limited Joomla! user manager and group access privileges, you will need to look at installing a third party Extension. Similarly, if you are integrating other software systems that require login access, you should consider a third party Extension to provide single log in for your users.

[38] JACLPlus

JACLPlus enables you to break out of the default Joomla! Access Control Rules and create custom groups and permissions. This system also included the ability to assign users to multiple groups. Note that this Extension requires that your server use the Zend Optimizer. This is a commercial Extension.
http://www.byostech.com

[39] Jfusion

If your site integrates additional systems that require login, Jfusion allows your users to log in only one time to access all systems. Systems supported include phpBB, Vbulletin, Magento, SimpleMachines Forum and Moodle. This is a non-commercial Extension.
http://jfusion.org

[40] JUGA

JUGA provides enhanced access control to Joomla! Articles and Components. Also enables you to create unlimited numbers of user groups and control user assignment within groups. One of the key features allows you to hide Menu Items and Modules based on a user’s group membership. The Extension has a dual licensing scheme with the basic version non-commercial. Basic version, however, lacks many of the key features. A complete version is available for a fee.
http://www.dioscouri.com

ADDING WEB 2.0 FUNCTIONALITY

Web 2.0 functionality is widely in demand. In this section are listed several Extensions that help build community and stimulate user interaction.

[41] AddThis Social Bookmarking

Integrates the AddThis social bookmarking button to your site. This is a non-commercial Extension.
http://www.informationmadness.com/cms/index.php?option=com_content&task=view&id=600&Itemid=1

[42] Community Builder

Community Builder is an entire suite of Components and Modules that enable you to turn Joomla! into a community website with user pages and a high degree of user interactivity. There are a large number of Modules and Plugins available for Community Builder and integration of the Extension is widely supported by other common Extensions. This is a non-commercial Extension, but it does require registration to download.
http://www.joomlapolis.com/

[43] JomSocial

The JomSocial Extension enables you to turn your Joomla! installation into a full blown social networking engine. The Extension is still relatively young, but the current release is feature rich and shows a great deal of promise. It is certainly your easiest, fastest route to a social networking website.
http://www.jomsocial.com/

[44] JReviews

 

JReviews is a powerful Extension that lets you create a reviews and ratings website with Joomla! The system is customizable and can even be used as an alternative method for handling your Joomla! content items, with custom structure and fields. This is a commercial Extension.
http://www.reviewsforjoomla.com/

[45] MyBlog

MyBlog provides greatly enhanced blogging functionality for Joomla! The default Joomla! system allows you to create blog-type layouts, buy MyBlog gives you true blogging functionality with a wide range of common features. Includes RSS feeds, Technorati pings, Trackbacks and support for multiple bloggers. Integrates with both Community Builder and JomSocial. This is a commercial Extension.
http://www.azrul.com

[46] Plugin Googlemaps

plugin Googlemaps is a Joomla! Plugin that integrates Google Map functionality. Not only does it allow users to view Google Maps, but also includes support for MKL files and marker placement. Directions are integrated and can appear in popup or lightbox. This is a non-commercial Extension.
http://joomlacode.org/gf/project/mambot_google1/

[47] Tweetme

Tweetme is a simple Extension that adds a Tweet This button to your Articles and items. This is a non-commercial Extension.
http://www.herdboy.com/support/viewtopic.php?f=4&t=14

IMPROVING AD MANAGEMENT

If you want to run ads on your site at anything more than a basic level, you will need to look to an Extension to provide you with greater functionality than Joomla’s basic Banner Manager.

[48] AdSense Module

The AdSense Module allows you to place single or multiple Google AdSense units on the pages of your Joomla! site. The Extension supports the various Google options as well as the ability to randomize ad colors and to block ads from being displayed to certain IP addresses. This is a non-commercial Extension.
http://www.joomlaspan.com/Free-Extensions/Google-AdSense-Related-Modules/index.php

[49] Easy AdSense For Joomla

Allows you to run one or more Google AdSense units on your pages. This simple Extension provides control over all key variables plus the ability to block an unlimited number of IPs and to use alternative messages when ads are not displayed. This is a non-commercial Extension.
http://www.wzcreativetechnology.com

[50] IJoomla Ad Agency

iJoomla Ad Agency is a full-featured banner and ad management system for Joomla! You can run single ads, campaigns or packages. The system also supports breaking pages into zones for the purpose of managing ads and rates. Supports a wide range of ad formats and sizes. This is a commercial Extension.
http://www.ijoomla.com/ijoomla-ad-agency/ijoomla-ad-agency/index

Smaller Budgets, Not Smaller Deployments

My fave tech industry insider, The Reg, today reports on an IDC study that indicates the recession is speeding adoption of Linux. The conclusion mirrors what we’ve been seeing at water&stone as well, that is, while the downturn has lead to a few people deferring projects, many have not, choosing instead to consider lower cost alternatives.

As the study put it: “IDC has found that economic downturns lead to a reduction in spending, but not necessarily an equal-sized reduction in deployments. In fact, past recessions have helped to accelerate platform shifts that were in progress.”

Note, this isn’t a fluffy little single digit shift in trends — a full 72% of the firms evaluated indicated that they “are either actively evaluating or have already decided to increase their adoption of Linux on the server in 2009.” Perhaps more surprising: 68% made the same claim for the desktop!

:: UPDATED 28 March ::

RedHat is reporting a 25% jump in their annual revenues, noting “Our value proposition is even more compelling in a challenging economic environment, and we believe that’s a key driver to our solid financial results and market share gains.” At least, that’s according to a story at ArsTechnica.

:: UPDATED 27 March ::

North Bridge Venture Partners have released their 2009 Future of Open Source survey results. Not only is it consistent with the conclusions in this posting, but it also indicates the web content management is one of the top areas set for disruption by this trend. The presentation can be viewed at SlideShare.

Securing the Joomla! Core

Security is not one single thing; it is a process, a set of steps that need to be taken in order to achieve a result. The process begins with your server settings and the Joomla! core files. If you fail to make this base level of the system secure, than additional steps are at the very least of limited effectiveness, at the very worst — they are pointless. Note as well, the first step towards assuring your site’s integrity is also one of the easiest: Only install the most recent version of the Joomla! core file packages found at the official download site, JoomlaCode.org. Do not download and install core file archives from other sites, as you cannot be certain of their origins, completeness, or integrity.

 

This article is excerpted from Ric Shreves’ upcoming title, the Joomla! Bible, from Wiley & Sons. That book is due for publication in early November and can be pre-ordered directly from the publisher at www.wiley.com. Watch this site across the coming months as we preview more from this new title. This article originally appeared on the author’s site,RicShreves.net.

 

PROTECT DIRECTORIES AND FILES

There are several steps you can take to enhance the security of the directories and files on your server. The first step is adjusting the permissions to be as strict as possible without impairing use of the site. Write-protect your critical directories. As a general rule, set the directory permissions to 755 and the file permissions to 644 using either FTP or the options in the Global Configuration Manager. Note that this is best done after you have fully completed your installation of the core and all Extensions. It is possible that you may have to make these setting more permissive if you need to install Extensions in the future.

There’s a good discussion of how to set file permissions and what they all mean on the Joomla! docs site — visit the resource to learn more.

There are a number of other steps you may want to consider taking, however you should note that each of these has a trade-off, either in terms of increased admin overhead or other limitations:

  • Move the configuration.php file outside of the public HTML directory on your server and rename it. Place a new configuration.php file in the public HTML directory pointing to the new file. Make sure your new file is not writable in order to avoid it being overwritten by the Global Configuration Manager. Note that making this change will force you to modify the new configuration file manually, rather than by using the Global Configuration Manager. For more information on how to set this up, see,http://docs.joomla.org/Security_and_Performance_FAQs
  • Use .htaccess to block direct access to critical files. Note this is only applicable to servers using the Apache web server and webhosts that allow you to modify .htaccess. Make sure you backup your old .htaccess file before you try this in case you experience problems and need to restore the old file.
  • Change the default log path. Hackers sometimes look to the log files as a way to identify what Extensions you have installed, in hopes of finding an Extension that has a known vulnerability they can exploit. To help deter this bit of information fishing, alter the log path settings in the Global Configuration Manager.
  • Change the default temp directory. The contents of the temp directory can also provide information you may not wish to disclose about your site. You can alter the temp directory settings in the Global Configuration Manager.

PROTECT ACCESS DETAILS

Humans are your most common point of security policy failure. Admin passwords should be changed often. The default user name that is produced for the administrator during the installation process should also be changed immediately after the system is set up. Leaving the default user name as “admin” gives a hacker one half of the answer to the puzzle they need to solve to gain access to your site. (Note that some commentators go further and recommend that you create a new superadministrator account and delete the one that was auto-created by the Joomla! installer.) Hopefully it goes without say, but passwords should also be as secure as practicable.

In addition to controlling the access to your admin system, you need to be sensitive to the access issues that relate to your database. If you have control over the access privileges to the user accounts on your MySQL database, make sure that all accounts are set with limited access.

REMOVE UNNECESSARY FILES & FEATURES

If you don’t need it now and you don’t intend to use it, get rid of it. Logical targets for deletion include: unused Templates and Extensions you have installed then decided not to use. Go further and disable unused core components as well. Not only does this make the site more secure (by removing one more potential access point) but it also removes unnecessary clutter from the admin interface.

If you have copied archive files to your server during the course of installation, make sure you get rid of those. Don’t forget the installation directory — don’t simply re-name the installation directory, delete it! Another candidate for deletion is the system’s XML-RPC server. If you are not using this functionality, delete it. It is located in the Joomla! root in the directory named xmlrpc/

MAINTAIN A SENSIBLE SERVER SETUP

In an ideal world, we would all have our own dedicated servers where we could control every aspect of the system. In the real world, shared hosting is the reality for many users. Shared hosting, though certainly more cost effective than a dedicated host, involves trade offs in terms of security and access privileges. Your goal should be to make the host set up as secure as possible, regardless of whether it is dedicated or shared. Exactly what you are able to do with your server varies, but you should consider the following:

  • Use Secure FTP, if available. This helps avoid the possibility that someone can determine your username and password while you are in the process of a file transfer.
  • If possible, use PHP 5. While both PHP4 and 5 are supported by Joomla!, PHP 5 is the superior solution and PHP 4 is being phased out.
  • Make sure your server does not have Register Globals enabled. Joomla! does not need it and it is a security risk.
  • If the mod_security module is installed on your Apache web server, use it. It acts as an embedded web application firewall and provides significant protection against many common attacks. Learn more about how to use it.
  • Turn safe mode off. Safe mode is not necessary for Joomla! and may cause problems with some Extensions.
  • Set Magic Quotes GPC to On.
  • Don’t use PHP allow_url_fopen. Set this option to Off.
  • Use PHP open_basedir. Set this option to On.

OFFICIAL JOOMLA! SECURITY RESOURCES

The Joomla! Team and Community have created and maintain a number of useful security resources.

Name of resource URL
Security Checklist: Getting Started http://docs.joomla.org/Security_Checklist_1_-_Getting_Started
Security Checklist: Hosting and Server Setup http://docs.joomla.org/Security_Checklist_2_-_Hosting_and_Server_Setup
Security Checklist: Testing and Development http://docs.joomla.org/Security_Checklist_3_-_Testing_and_Development
Security Checklist: Joomla Setup http://docs.joomla.org/Security_Checklist_4_-_Joomla_Setup
Security Checklist: Site Administration http://docs.joomla.org/Security_Checklist_5_-_Site_Administration
Security Checklist: Site Recovery http://docs.joomla.org/Security_Checklist_6_-_Site_Recovery
Joomla Security Strike Team Contact Form http://developer.joomla.org/security/contact-the-team.html
Security and Performance FAQs http://docs.joomla.org/Security_and_Performance_FAQs
Automatic Email Notification System http://feedburner.google.com/fb/a/mailverify?uri=JoomlaSecurityNews
Security RSS Feed http://feeds.joomla.org/JoomlaSecurityNews
Joomla! 1.5 Security Forum http://forum.joomla.org/viewforum.php?f=432
Vulnerable Extensions List http://docs.joomla.org/Vulnerable_Extensions_List
Security Announcements for Joomla! Developers http://developer.joomla.org/security/news.html
Joomla! Developers Security Articles and Tutorials http://developer.joomla.org/security/articles-tutorials.html

Open Source CMS Social Resources

We received a request the other day from someone interested in finding social networking-type resources focused on open source content management systems. We did a bit of looking around at the larger social networks and found a number of different groups and resources focused on the open source CMS.

Large networks, like Facebook, actually host a fairly large number of special interest groups. Some are broadly concerned with software or web design, but there are also quite a few that are focused on specific CMS platforms. While the majority of the groups are concerned with major systems like Joomla! or Drupal, you can also find a surprising number of other systems represented. Channels like Twitter, offer even more variety.

We’ve put together a list of what we found — at least for the larger networks and the larger groups. This list is not intended to be comprehensive, but you should give you a good idea of what it out there and how to contact them.

FACEBOOK GROUPS

Perhaps not surprisingly, (given the wide range of interests on the site) Facebook includes quite a few groups concerned with Open Source CMS-related topics. There are quite a few fan sites for popular systems like Joomla!, Drupal and WordPress, but only a couple of groups that cut across lines and cover the category as a whole. Here’s a short list of the biggest and most active groups.

General Interest Groups
Groups Focused on Specific Systems

LINKEDIN

I was surprised at the strength and variety of Groups in action over at LinkedIn. A number of systems are the focus of various groups, with Magento showing a large following.

General Interest Groups
Groups Focused on Specific Systems

MYSPACE GROUPS

Despite the size and vitality of MySpace, there is very little group activity focused on the Open Source CMS space. I guess they just can’t be bothered…

General Interest Groups
Groups Focused on Specific Systems

ORKUT

Orkut has a very active user base with a large number of relevant groups. While the vast majority of the groups are focused on specific systems, there are a couple of nascent general interest groups.

General Interest Groups
Groups Focused on Specific Systems

SCRIBD GROUPS

Scribd provides a social document sharing site. People upload documents, white papers, sample book chapters, etc. Here I list both the size of the group membership as well as the number of documents in the group.

General Interest Groups
Groups Focused on Specific Systems
  • Joomla (members = 104; documents = 34)
  • WordPress (member = 12; documents = 82)

TWITTER

Several of the open source CMS projects have their own Twitter accounts, here’s a quick list of the most active ones:

note: This article was updated on 18 March 2009.

Front-end Content Management in Joomla!

If you have ever worked with the front end content management workflow in the default Joomla! system, you will appreciate that, straight out of the box, it is not as user-friendly as you might like it to be (indeed, some might say that is a generous description!). Nonetheless, it remains a powerful tool when properly configured — and when the team using it is adequately trained.

This article is excerpted from Ric Shreves’ upcoming title, the Joomla! Bible, from Wiley & Sons. That book is due for publication in early November and can be pre-ordered directly from the publisher at www.wiley.com. Watch this site across the coming months as we preview more from this new title. This article orignally appeared on the author’s site,RicShreves.net.

From a workflow perspective, one of the most frustrating limitations of the front end content management system is the lack of an effective, configurable notifications and tracking system. The more complex your content structures are, the more significant this limitation becomes.

The problem is purely a practical one: As Authors contribute Articles, the Editors have to be notified, then the Editors have to find the contributed Articles and edit them. Once the Articles are edited, the Editors need to notify the Publisher who again has to find the Articles and publish them.

While relying on notifications is fine up to a point, if you want another way to add some more certainty to the process and make it easier to deal with once the Editors and Publishers are actually working inside the system, you may want to consider the following – it’s one way I’ve found that seems to improve on the default approach.

Basically, the essence of this approach involves the creation of a Content Section and two Content Categories that are specifically for the use of the front-end content management team. Here’s how to set it up:

1. Create a new Section, name it “Submissions.”

2. Set the Access Level for the Section named “Submissions” to Special.

3. Create two new Categories inside the new Section. Name these two new Categories “To be Edited” and “To be Published.”

4. Next, create a new Menu Item on the User Menu. Select the Menu Item Type toCategory List Layout. Name the new Item “To be Edited,” and select in the Basic Parameters the Category “To be Edited.”

5. Finally, create another new Menu Item on the User Menu. Select the Menu Item TypeCategory List Layout. Name the new Item “To be Published,” and select in the Basic Parameters the Category “To be Published.”

All the tools are in place, now you need to instruct your team on how to use them.

  • Instruct the Authors to assign all new Articles to the Category named “To be Edited.”
  • Instruct the Editors to check the “To be Edited” Menu Item each time they log in. Once they complete their edits on the pending Articles, the Editors must re-assign the Articles to the Category named “To be Published.”
  • Instruct the Publishers to check the “To be Published” Menu Item every time they log in. The Publishers can then assign the pending Articles to the proper Sections and Categories and publish the Articles.

This approach has two main advantages. First, it makes the editing process easier to manage, as all the Articles appear in the same place and move logically from station to station in the workflow. Second, you gain the ability to set a specific template to the entire front-end content management work flow by associating that template with front end content management Menu Items. (For example, a nice wide template makes it easier to use the editing window, and a lightweight, clean template without unnecessary graphics or module assignments can speed your work.)

While this is not the only way to crack this problem, it’s easy to set up and simple to remember and train against. Have you found another solution? If so, please share it using the comment controls on this article.

Joomla! Performance Tips

The struggle for optimal site performance is a battle all web designers & site owners face from time to time. You see a lot of sites on the web that load slowly or perform poorly. While some sites have hosting issues, most are simply built without performance in mind. Joomla!, in and of itself, is neutral in terms of site performance; it’s how you configure it and what you do with it that creates — or prevents — solid site performance.

 

This article is excerpted from Ric Shreves’ upcoming title, the Joomla! Bible, from Wiley & Sons. That book is due for publication in early November and can be pre-ordered directly from the publisher at www.wiley.com. Watch this site across the coming months as we preview more from this new title. This article orignally appeared on the author’s site,RicShreves.net.

 

This article is an excerpt from the chapter on Site Performance, and it includes information about content and technical issues that impact site performance. As performance factors are not purely Joomla! issues, many of the tips (particularly in the content section) are applicable to any website. Note that Joomla’s caching controls are not discussed in this text below, as the first portion of the chapter (not shown here) deals with Joomla! caching in some detail.

CONTENT ISSUES AFFECTING PERFORMANCE

Everything that is on the pages of your website has an impact on the site’s performance. If you build large pages with large files, the page will load more slowly than a smaller, lighter page. While the pages your Joomla! site generates from Components are largely beyond your control, you can have a significant impact on your Articles pages. If you work smart and keep in mind the need to build lean pages, you can serve web pages to your visitors more quickly as well as reduce the burden on your server. Never forget, it all adds up. If you have multiple visitors on your site simultaneously, the page each is viewing contributes to the load. Saving a few kilobyte in file size here and there can add up quickly.

Here is a list of issues and tips you should consider when creating content for your site:

Avoid Large Files

This is most commonly an issues with graphical files inserted into Articles. Optimize your images to keep file sizes down to reasonable levels. As image file size is at least partially a by-product of the physical dimensions of the image files (width and height), it is hard to say what is right for your site, however a reasonable goal is to keep your images under 50K in size. If your images are too large to achieve that goal without a loss in quality, you may want to consider whether you need to display images that large on the page, or perhaps you should consider whether a better course would be to display a smaller image, a thumbnail, that is clickable to open a larger image. Note also that for the web, image resolution of 72 dpi is sufficient; anything higher is overkill and unlikely to be reflected in the user’s monitor. If you are using the Firefox web browser, there are two free add-ons that can help you diagnose and solve performance problems. The YSlow and Firebug add-ons include tools that help you identify the sizes of all the files on any particular web page. This is a great way to identify problem areas and bottlenecks. YSlow also provides suggestions for improving performance. Get both extensions fromhttps://addons.mozilla.org

Save Images In The Right Format

Closely related to the point above is this issue: use the right image format for the content you need to display. The most common formats for web use are .jpg (or .jpeg), .gif and .png. Use .jpg for photos and anything that requires smooth transition from color to color or large amounts of detail. Use .gif or .png for anything that is primarily large blocks of color or black and white. For example, photos are best saved as .jpgs. A chart or a graphical illustration is best served as a .gif or .png. Given a choice between .png and .gif, prefer .png as it produces a smaller file and is copyright-free. Choose .gifs if you need animation, as .png does not support this, or if the file is very small, in which case .gif often produces a smaller file. Tip: .png files can be created either interlaced or non-interlaced. Interlaced files provide progressive rendering, that is, they render little by little on the screen, starting out fuzzy and getting clearer. Avoid interlaced .pngs. They are larger in size and they confuse some users.

Don’t Re-Size Images

Upload your image in the actual size that it will be displayed. Do not, in particular, upload files larger than what is needed then force them to re-size into a smaller display. Forcing the images to a new size not only fails to save file size, as the file size remains constant, but it also forces the system to do additional work to re-size the image dimensions.

Keep Your Code Clean

If you are copying and pasting text into your WYSIWYG editor, pay careful attention to the code that results. While the system will do its best to eliminate unneeded tags and redundant code, it is always best to look at it yourself and make sure that no redundant tags and inline style definitions have found their way into your page formatting. One of the worst culprits in this area is text copied from older versions of Microsoft Word. The clean up option on the default WYSIWYG browser can help, but a manual check is always the best solution. Note also that valid code renders faster, so it is always a good idea to validate your HTML and CSS.

Avoid Tables

To the extent practicable, use CSS to format your page layouts. Tables slow things down as the whole table needs to be assembled before the contents are rendered. Tables also have implications for accessibility. Complex tabular data may require the use of tables, but as a general rule, CSS is the better way to go.

Use Image Rotators Conservatively

Image rotators are Modules that provide a rotating image inside a Module position on your page. A popular technique you see on many websites today is the use of a rotating image on the header of the page. The rotator works like a slideshow, displaying a series of images as the visitor is looking at the page. The problem is that many of the Extensions that provide this functionality require all the images to load before the rotation occurs. This means that a large amount of data is loaded for the page, some of which may be completely pointless as the user has already clicked and moved on before the image displays. If you have to use an image rotator, keep the image sizes small and do not load too many images into the sequence; three images in rotation will perform much better than four, five or six images. If front page performance is a key concern, keep image rotators off the front page.

Use Wrappers Reluctantly

Wrappers are used to display a web page inside of your web page. This means that the Wrapper contents have to fetched and displayed inside your page. By definition this increases the number of HTTP requests that have to be made to complete the page, thereby increasing the loading time of the page. Where the web page you are wrapping is located on another server, the display of the Wrapper content will depend upon the performance of the remote system and upon the quality of your connection to that server. All of these factors add up to a greater risk of disruption and to increases in page loading time. If, on the other hand, the wrapped content is kept on your server, the risk decreases dramatically, but the delay factor remains. If front page performance is a key concern, keep wrappers off the front page.

Limit Use Of Animation

Animation files tend to be larger in size and must load in their entirety before they function properly. Accordingly, limit the use of animation on your page to keep page file size down.

Limit Use Of Flash

Flash files can be quite large in size and they keep your visitors waiting as they spool in to play. If you must use Flash on your pages, use only Flash elements inside the page, rather than use Flash for the entire page content area. Also plan your Flash so that there are not long delays for your viewers.

Don’t Stream Video Until Requested

If you wish to give users access to video files, do not stream the video until requested by the user. While this does mean that users who want to view the video have to wait for it, it does not force all the users to endure slow page loading while a file they may never view eats up their bandwidth.

PERFORMANCE TUNING

This section looks at various techniques you can use to tweak the performance of your Joomla! site. Not all of these suggestions will be suitable for your site, but certainly some of them will be applicable.

Use Server Side Compression

Joomla! support the server side compression protocol GZIP. If your server supports GZIP, enable this option in the Global Configuration Manager as it can result in some significant performance improvements. The GZIP Page Compression options are located on the Server tab in the Global Configuration Manager.

If You Don’t Use It, Disable It

Disable all Components, Modules and Plugins that you are not using. Even if you are not displaying the output on the page, the system is likely doing at least some of the processing associated with the feature.

Minify Your CSS And JavaScript

Minification is the process of reducing the size of CSS selectors and JavaScript by reducing unnecessary spaces and characters. While minifying a single selector saves only a small amount, it all adds up and minifying the entire CSS can result in a meaningful savings. This is a tedious manual process, so if you want to employ this technique I suggest you use one of the many tools designed to make this easier. Run a Google search for “minify CSS” and “minify JavaScript” for lists of options. The Joomla! Extensions Directory also lists several Extensions that can compress your CSS and JavaScript.

Be Careful With Google Analytics

Google Analytics, though a wonderful and useful service, can slow down your site. Every page that includes the Analytics code increases your load time as the Analytics script causes the system to wait while it contacts the Google servers. The impact of this varies greatly depending on the time of day, the traffic on your site and the location of your servers.

Be Selective About Your Template

Your Template developer can have a significant impact on your site performance. Many of the lovely Templates I see in circulation rely heavily upon images to achieve their look and feel. The size of the Templates and the number of HTTP requests they generate are not optimal. Select carefully your Template. Look at the file size, and the quality of the code. You want to select Templates that use CSS, not tables, and those that prefer system text to image usage. Be particularly careful of Templates that use images for the menus, rather than system text and CSS. Not only do these Templates have a negative impact on site performance, but they also tend to be less than optimal from the perspective of both SEO and accessibility.

Be Selective About Extensions

Some third party Extensions are incredibly resource-intensive. When you are comparing Components, Modules or Plugins, use YSlow to compare the impact on your page performance and check resource usage on your server. Don’t forget that small differences in performance can balloon into big differences when the site experiences spikes in traffic.

Skip Live Stat Reporting

Components or Modules that produce live real-time statistics on your site can be significant drains on site performance. If you don’t have a compelling need for real-time statistics, skip them.

Disable SEF URLs

Though this may not be an option for many of you, if your goal is performance above all else, disable the SEF URLs option. The conversion of your native URLs into Aliases causes a performance hit.

Optimize Your Database

One of the main performance bottlenecks for any content management system is the database server. To improve performance, you should periodically optimize the database tables. Optimization is performed from within phpMyAdmin. To learn more about this process, visit the MySQL website.