Joomla 3.5 is Ready to Roll

Joomla 3.5 is Ready to Roll

Joomla 3.5 was released in the past week. As I mentioned in a post earlier this year, it was originally scheduled to release in February; however, you know what they say about the best laid plans.

If you have been keeping your Joomla installation up-to-date, this should be an easy update. Simply back up your site and then run the auto-updater.

What’s New in Joomla 3.5

So what’s new in Joomla 3.5? The big news of course is that it supports PHP 7, which allows Joomla to run much faster. The other feature added is a notification system when the platform needs to be updated. WordPress has had this functionality for quite some time. It’s nice to see Joomla adding this feature.

Here is an overview of the other new features from the Joomla site:

  • Download system & environment information: gives users the option to download system/environment information for support purposes.
  • Ability to add a user CSS file to Protostar: currently it is impossible to use a custom.css file when using the Protostar template. This update adds a check to see if the file user.css exists and loads the file to allow for user customisation.
  • Added site and admin links to module user: adds switches to the mod_status module to show/hide links to the front-end and back-end of the site.
  • Article counts: a set of updates that allows the visual presentation of published, unpublished and trashed articles in the Category Manager for articles, banners, contacts and newsfeeds.
  • Random category blog and list order: this update answers a common user request to add a random ordering option for articles in the blog category and category list view.
  • Editor Buttons added to the Toolbar: You no longer need to scroll down the page to find the “readmore” or “insert image” buttons. Editor extension buttons that used to be placed below the text area can now be found in the toolbar where they belong.
  • Easily Insert Modules in Articles: allows users to easily add a module into an article with a button directly on the editor toolbar. Users don’t need to learn any syntax or remember the module details as the user interface does it for them.
  • Drag and Drop Images: Adding an image is now as easy as dragging and dropping it from your computer directly into the content. This works anywhere that you are using the default TinyMCE WYSIWYG editor.

In terms of every day use, I think the most useful of these features is the editor buttons added to the toolbar and the addition of a button on the toolbar that allows you to insert a module within an article. I use module within articles all the time and even knowing the tag format well, occasionally I have a typo or an extra space.

Need help managing or updating your Joomla site? Contact us.

10 Must Have Joomla Extensions – 2015 Edition

10 Must Have Joomla Extensions – 2015 Edition

One of the most time consuming tasks when developing a web site on Joomla is choosing which extensions to use.  The Joomla Extension directory is full of helpful plugins, which ones are the best to use?

Below are my top ten extensions to use with a Joomla site on the 3.4 version.

 

1. Template from Joostrap

Before Joomla switched to the Bootstrap framework for the stock front end and administration templates in version 3, Joostrap published Boostrap based templates for version 2.5 (you can read more on mobile site options here).  They are my go-to for a starting template.  I usually start with a simple theme with no styling and create the design for the site from there.

They also publish several extensions that are compatible with their Bootstrap templates.  This is an important feature, as I mentioned previously, the most frequent issue I’ve run into while developing sites in the past year on Joomla have been conflicts between jquery and css in different extensions and Bootstrap.

If you are looking for responsive themes that have specific styles, Bow Themes and Theme Forest are both good places to start.  I haven’t used a theme from Bow Themes; ; however, I have used several of their extensions which they often incorporate with their themes.  Theme Forest is part of the Envato marketplace that connects developers and users across the world.  There is a wide selection of responsive themes for Joomla designed, both generic and those designed for specific industries.

 

jce editor for joomla

2. JCE Editor for Joomla

This is an absolute must have for every Joomla web site.  JCE is an extension that adds a WYSIWYG editor that is highly configurable.  There are two main features that make this editor stand out above the rest.

The first is the ease of linking to other content within your Joomla site.  If you’ve worked for any amount of time with a Joomla site without it, you know exactly how tedious this can be.  The standard editor will insert hyperlinks, but doesn’t have an easy way to link between content.  Inserting a link as it displays on your site with the SEF url is doable, but an extra step.  Also, if for any reason you change the format of your url, you will have to go back and manually change every occurrence in your site that is linking to it.

JCE Editor stands out by allowing you to link to content on your site by searching for and article (helpful in large site) or listing content sections with categories and then the articles beneath it.  It also lists menu items that you can link to from within your articles.  There are a number of extensions that are compatible with JCE; however, if one is not, you can still make frequently used content within it easily accessible from within JCE by creating menu items which will display in the link selection dialogue box.

The other helpful feature in JCE is the ability to allow different options in the WYSIWYG  editor based on the user group or role.  Read more on how to configure user groups in JCE here.

 

sh404sef for joomal

3. sh404SEF

Back in the day, Joomla did not have a native option for configuring search engine friendly urls (something like: yoursite.com/category/your-article-title/.)  and a third party extension was needed to add this functionality.  Joomla soon made SEF urls part of the core platform; however, at this point there were several third party extensions that had not only gained a following, but added options to the SEF components beyond url rewriting.

sh404SEF was one of these components and this, along with JCE, are absolute must-haves for any Joomla site I develop.  If an extension is not compatible with either one, it is not even up for consideration.

What sh404SEF does beyond url rewriting:

  • Allows for highly custom configuration of the structure of the urls, including making it compatible for submission to Google News
  • Allows the customization of urls
  • Generates short urls
  • Generates 404 reports and allows you to specify existing content for those 404’s to be redirected to
  • Allows you to set the meta description and keywords for each page on the entire site from one screen.
  • Integrates with Google Analytics
  • Allows you to custom urls for components and items such as web links
  • Has an option to manage template switching for mobile (this isn’t necessary if the site is responsive)
  • Social SEO options with configuration for Google authorship, Twitter cards, Opengraph, and social sharing
  • Multiple security features

For years, the sales and support of the extension were handled by Anything Digital.  However rhe original developer recently moved the support and download page to his own site at Weeblr.

 

akeeba backup for joomla

4. Akeeba Backup

Akeeba Backup is another absolute must-have extension.  This extension allows one click backups of your entire Joomla site or you can create profiles to only back up specific areas.  In addition to backing up the site, the Kickstart program allows you to easily reinstall, clone or move a web site to another server.

 

5. Sitemap Extension

This is one that is currently up in the air.   For years, the defacto extension for generating XML sitemaps on Joomla was Xmap.   It wasn’t updated all that often, but it wasn’t really necessary either.  The end of last year, Xmap was discontinued and the project taken down.  You can read more about the saga here.

However, the extension still worked through Joomla 3.3.6.  Taking the jump to 3.4.1 was a problem.  So far, I’ve tried mapX, which picks up Xmap where it left off, and OSmap, another Xmap derivative.  The problem is OSmap doesn’t generate an HTML site map, at all.  Both extensions have to be excluded from sh404SEF to work.  MapX will generate an HTML site, although occasionally it will run into a PHP memory issue.  It will also create an XML sitemap; however, some of the plugins that added the urls for particular components doesn’t work with MapX.  The sitemap for Google News doesn’t work on either of them.


 

The five above are extensions I use regardless of the type of site.  Since migrating to Joomla 3, I find that much fewer third party extensions are needed.  The next five extensions are handy to have in the day to day use of your site.


 

Better Preview from NoNumber

6. Page Preview from NoNumber

The one basic feature that WordPress has that is not part of the Joomla core is a preview function for articles.  For business web sites that have set company information, this isn’t an issue.  For news portals or active blogs where content is published on a continual basis, this is a critical feature.  At least for me anyway, I want to see what it looks like before it goes live.

Page Preview is a plugin that adds a preview button to the article publishing screen that is accessible after the article is saved.  Either save the article as “unpublished” or schedule it for a future date as published and then view.

 

mini frontpage for joomla

7. Mini Frontpage

What can you do with this module?  Pretty much whatever you want.  It allows you to specify which content you want to display and how and place it wherever you want.  This page is an example.

 

snippets for joomla

8. Snippets from NoNumber

This is extension is a component and plugin.  It allows you to create text, html, or scripts identified by a snippet label.  That content can then be displayed in any article by placing {snippet label} where you would like it display.  Need to change it?  Just update the content in the Snippet component and it will be changed sitewide.

 

related items extended for joomla

9. Related Items Extended

Joomla has a core feature that will display related items to the current article; however, this module offers a little more control over the display.

 

improved ajax login for joomla

10. Improved Ajax Login and Register

Every stock Joomla site has a login module.  It has always been part of the core since the days of Mambo.  However, it’s a little boring and sometimes you don’t want a huge block taking up space in your page layout.  This extension has several display options as well as integration with social media logins.

 

Critical Site Update for WordPress 4.2 with Scripting Vulnerability

Critical Site Update for WordPress 4.2 with Scripting Vulnerability

Combine a popular web site platform (WordPress) with a user base where a good percentage lacks technical expertise and add to that malicious intent.  The result? A wide swath of sites that are vulnerable to attack.

This is the situation with WordPress.  The official site boasts corporate and celebrity users such as People, Motley Crue, and CNN.  This is true.  There are many multi-million dollar corporations, publications, and applications that run on the WordPress platform.

However, it is also true that a lot of users of the self hosted version of WordPress are casual users.  The ease of use of the platform, as well as the familiarity through the free sites on wordpress.com, drew a wide range of users.  Beyond the hobby bloggers, there are small businesses that had a site built on WordPress based on their developer/designer’s recommendation and then never looked at it again.

This chart by Built With shows almost half of the sites on the internet are using WordPress.

sites using wordpress

This chart by W3Techs shows the percentage of WordPress installations using each platform.  As you can see, a little over 30 percent of the installations are still running on version 3 or lower.

wordpress versions usage

 

What this tells me is that an awful lot of those 14 million sites are sitting out there unmanaged and wide open for attack.

I’ve mentioned before that outside of content and design, if you don’t have someone on staff that manages and maintains your web site, a web site maintenance service plan is often a good idea.  An excerpt of a previous article.

Open Source platforms like WordPress, Joomla, and Drupal are wonderful in that they allow the individual blogger and small business person to have world class sites. The downside to that is that since the code is open to all, it is also open to those who explore it to find vulnerabilities to maliciously hack your site.

When people contact me to recover their site after it’s been hacked, most of the time it is because they didn’t keep the platform up-to-date. There can be occasions when someone purposely tries to take a site down and overcomes security measures.

But the reality is for most of our web sites, hackers just don’t care that much about coming after you specifically. They are just looking for opportunity to do damage and most of the times are choosing the path of least resistance to do so.

Not keeping your site up-to-date or monitoring add-ons for security issues is like driving your car to the center of town, leaving the keys in the ignition, the doors, open, and blaring the words “Come take me.”

This past week has been a good illustration of this.

Last week, security notifications went out on a vulnerability in WordPress 4.1.1 and earlier  that allowed cross site scripting.

The issue was not only with the WordPress core platform, but the vulnerability was also found in plugins and themes.  Envato Marketplace sent out an email on Saturday warning their users of the possible exploit.  They encouraged all their vendors to check for vulnerability in extensions and to modify and patch them.  I received emails from theme and plugin developers warning of the problem.

Version 4.2 came out to patch that vulnerability.  Almost immediately, another vulnerability was discovered in the update that fixed the previous one.

The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet.

Both vulnerabilities are known as stored, or persistent, cross-site scripting (XSS) bugs. They allow an attacker to inject code into the HTML content received by administrators who maintain the website. Both attacks work by embedding malicious code into the comments section that appear by default at the bottom of a WordPress blog or article post. From there, attackers can change passwords, add new administrators, or take just about any other action legitimate admins can perform. The most serious of the two vulnerabilities is in WordPress version 4.2 because as of press time there is no patch.

“If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors,” Jouko Pynnönen, a researcher with Finland-based security firm Klikki Oy, wrote in a blog post published Sunday evening. “Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.”

A nightmare waiting to happen ranking right up there with the experience of my friend Stephanie after someone went after her attempting to hijack her accounts and succeeded with her Facebook page.

An update to WordPress 4.2.1 that fixed this vulnerability was released hours ago.  If the automatic updates are set on your site will have already updated.

 

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.1 or venture over to Dashboard ? Updates and simply click “Update Now”.

The danger is for those who don’t have a system in place for back-ups and updates and who maybe haven’t checked their site in awhile.

Next Steps

If you’re reading this and asking yourself, “What do I do now?”

  1. Back up your web site.  It is a good idea to keep a series of back ups on hand in case it is necessary to take your site back to a previous version.
  2. Update WordPress
  3. Update the installed plugins and themes.
  4. Research any plugin that an update wasn’t prompted after updating to the latest version of WordPress for vulnerability issues.  Plugins that are outdated or where the development has been abandoned can be a huge issue.

If you need help with your site, either or update or recovery or an ongoing WordPress maintenance service plan, contact us.

 

Do You Need a Web Site Maintenance Service Plan?

Do You Need a Web Site Maintenance Service Plan?

You may be saying, “I have a web site and we add/update content every once in a while.  Why would I need a web site maintenance service plan?”

Content management systems are amazing things.  They allow a web site to organically grow, added to by the average user.

The downside to CMS program is that there are a lot more pieces than a static HTML site. Just as a CMS based web site can grow organically as a garden does, just like a garden, a web site takes continual updates and maintenance.  This is exclusive of content updates.

To illustrate, I’ll share what I did to one of my personal sites. I had multiple domains running on one installation of WordPress Multisite.  I never do this on client sites, and I am constantly telling people to back up their web sites, but I was on the phone, trying to multi-task and without stopping to back up the site, I hit the “Update” button on WordPress.

Big Mistake.

It completely messed up the WPMS installation.  I might have been able to recover it except for that the original installation was from 8 years ago when WPMU was a separate platform.  There were a few carryovers from that, which I think contributed to the problem. I didn’t have the most recent backup.  Directly editing the files and database to recover it wasn’t working.  The host tried to revert the site with the backup they had . . . which didn’t work as the database was too large.

It was a complete mess.

You can export a blog on a WPMS installation to convert it to a standalone version.  However, all of the instructions to do so assume that the WPMS installation is functioning when you do so.

Mine wasn’t.

What I ended up doing is:

  • Created a standalone WordPress installation for each domain
  • Exported the database (of an old backup)
  • Identified the blog ID for each domain
  • Copied the images and uploads for each domain into the new installation
  • Separated the tables for each domain into their own SQL file.
  • Renamed each the tables for each domain in the new SQL file.
  • Edited the options table in each domain SQL file for the new standalone installation.
  • Imported the revised SQL file into the new WordPress installation
  • Double checked the settings for each plugin and deleted those that weren’t being used.

For 10 different domains. All of that because I didn’t take five minutes to back up the web site before I hit update.

Open Source Means More Vulnerability

Open Source platforms like WordPress, Joomla, and Drupal are wonderful in that they allow the individual blogger and small business person to have world class sites. The downside to that is that since the code is open to all, it is also open to those who explore it to find vulnerabilities to maliciously hack your site.

When people contact me to recover their site after it’s been hacked, most of the time it is because they didn’t keep the platform up-to-date. There can be occasions when someone purposely tries to take a site down and overcomes security measures.

But the reality is for most of our web sites, hackers just don’t care that much about coming after you specifically. They are just looking for opportunity to do damage and most of the times are choosing the path of least resistance to do so.

Not keeping your site up-to-date or monitoring add-ons for security issues is like driving your car to the center of town, leaving the keys in the ignition, the doors, open, and blaring the words “Come take me.”

The moral of all this is keep your site updated.

Things Change

Sometimes it’s not as catastrophic as what I described in my first example, but the truth is with every platform core or plugin update that you do, there is a risk of a conflict between the new files and the existing plugins.

With the majority of hosts switching to PHP 5.3 as the server defaults, sites with deprecated coding had issues. Or sometimes files are corrupted during an update. Sometimes things just stop working.

Last week, I had two sites with compatibility issues after updates.  The first was a WordPress site with several custom post types.  The permalinks for one custom post type stopped working due to a conflict with another third party plugin.

The second was a site on Joomla with a membership component that stopped creating new accounts after an update to the core Joomla platform. A very big deal.

These types of things usually take you by surprise and it is something that you just have to be prepared to handle.  If you don’t have someone on staff that is able to troubleshoot an issue, then have a reliable contractor that you can go to.

An ounce of prevention is worth a pound of cure Benjamin Franklin

Familiarization Takes Time

Which brings me to my next point, I may be familiar with the platforms, but unless a site is a plain vanilla install, before I can trouble shoot an issue I first have to familiarize myself with the site including what plugins are installed, how the settings are configured, and any custom features or coding.

This all takes time.

If someone calls because of a crisis with their site and I’ve never looked at it before, it is going to take time to get familiar with it before I can fix the issue.  Having someone that can monitor and maintain it on an ongoing basis is usually much cheaper than waiting until disaster strikes.

Another situation similar to this is when I developed the site for them initially, but I haven’t maintained it since and other people have done various things to the site.  That also takes time to research.

Proactive Maintenance

Even if you are comfortable updating the content on your site yourself, unless you are also comfortable handling the technical details and troubleshooting when problems arise, it is a good idea to have someone monitoring your site for potential issues.

It is so critical that we do not even offer web site hosting anymore to clients unless we have a maintenance agreement in place.  The potential risk of having out-of-date and unmonitored sites on our server just isn’t worth it.

What Is a Web Site Maintenance Plan?

web site maintenance service plan can include a variety of things, but the most basic level of service includes updating the core platform and plugins of the site, backing up the site, monitoring for uptime and security issues, and resolving conflicts when they arise.

Get Started with a Web Site Maintenance Service Plan

If you need a go-to person for your web site, contact us.

WordPress Maintenance Service Plans  Joomla Monthly Maintenance Service Plans

Preparing for a Redesign:  Looking to the Past

Preparing for a Redesign: Looking to the Past

Over the past month, I’ve talking about different reasons why it might be time to redesign a site.  I covered the process of the overhaul of our own site and the three main options for mobile friendly web sites.

If you’re at the point where you’ve decided, “Yes, I need to redesign our site,” before you go any further and starting thinking about what you want, stop for a moment and look at what you have.

Ideally, the next rendition of your business web site should go a step further than where you are now.  That’s the goal.  But don’t throw out what is already working well in the process.

Before you talk to a web developer about new colors and technologies, look at the data of your existing site and answer the five following questions:

Hopefully, you have a statistics program such as Google Analytics installed on your site collecting data.  If so, the answers to these questions are as simple as pulling up a few charts.  If not, every hosting service should have one, if not several, statistics programs available in the hosting control panel.  The statistics will not be as accurate as a program like Google Analytics, but it will give you an overview of the traffic coming to your site.

Five Questions to Ask Before a Site Redesign

#1 How are people currently coming to your site?

How are people coming to your web site.  Are they coming directly to the url by offline promotion?  Are they finding your site through search?  If so, which keywords are they using to search and which page are they arriving at?  Are they coming through email links?  Social media sites?

What pools of traffic is your site already capturing well?  This is important to know because you don’t want to lose ground you’ve already gained by drastically changing something that is working well.

#2 How are people currently using your site?

Are people primarily using it for information and then completing the order offline?  Are they checking for weekly specials?  Having you engaged your users in a community?

How long does the average user stay on your site?  How many pages do they view?  What is the path they take through your site?  If you have goals site up in your tracking program, what is working well?

#3 What does your current web site do really well?

What does your current web site do really well?  What do you really love about your existing site that you can’t do without in the next one?

#4 What does your current web site not do?

What does your current web site not do?  Is there something that really frustrates you when using it?  Is there something that is continually causes hangups, either for your customers or your staff, that you do not want to repeat?

#5 What are the priorities for your new web site?

Make a list of features you would like to have in your next site and prioritize them in order of importance.  Along with this, determine your budget.  Keep in mind that a web site that is developed with a view towards future expansion can be built on over time.  If your wish list is bigger than your current budget, realistically consider what the “must have” items are and plan for addition of the other items in stages.

 

Do you need a new look for your web site?  Contact Us.

10 Signs Your Website Might Be Due for a Redesign

10 Signs Your Website Might Be Due for a Redesign

There are two main groups of people I work with for web development:  those who have an existing web site and those who have never had a site.

Those who have never had a web site before very often do not understand the scope of what is involved in developing and maintaining a web site.    What they look for in their first web site is not usually what they look for in the subsequent versions of their sites.

It’s kind of like when you bought your very first computer.  You didn’t know what you needed, so you relied primarily on recommendations of those who already had one.  The next time you upgraded your computer, you  knew what was important to you and the focus in your purchasing decision was made on those factors rather than the recommendations of other people.

As you use your site, you figure out what is important to you and your business.

It isn’t necessary to constantly redo your web site, but just as we remodel our homes, upgrade our smart phones, and replace our computers, over time a web site redesign comes due.

Below are 10 signs that your web site might be due for a redesign.

#1 Flash based site

Flash at one time was cool but it was never a good idea.  Unless you are in the entertainment or gaming industry, just stay away.  Heavy load times, uncrawlable content, and incompatibility with most mobile devices make this a no go.

#2 What Was Once a Great Idea Really Wasn’t

The very first web site I ever created was on AOLPress with floral divider bars and animated gifs.  Sometimes there are things that we think are cool at the time, but really aren’t and never were.  If there are remnants of that on your website, it might be time for a new look.

#3 Little to No Content

Images and videos are engaging; however, priority number one is content on your site . . . words on the page.  If the extent of the content on your site is a bullet point list of services, it may not be an aesthetic redesign that you need so much as an examination of how your web site is incorporated into your marketing strategy as a whole.

#4 Hasn’t been updated in 15 years

If your site hasn’t had new information posted in a significant amount of time, as with the point above, it might be time to examine why that is.  Is it because no one in your business knows how to update the site or is it because the web site is considered ancillary to or an afterthought of your overall marketing strategy?

I actually came across a web site a few days ago that had been a “Coming Soon – Under Construction” page since 1997.  At that point it would be better to just put up one page with a company name and phone number.

#5 Barriers to Use

Is the web site too difficult to use?  Some of the reasons for this could be that the site is a static site requiring the manual addition of pages; a site that is based on a proprietary system that limits extending the functionality; or a site that just too complicated for the user.  If it is the latter, a determination needs to be made whether the best option is staff training, hiring a third party company for updates, or making the switch to another platform.

#6 Company Focus Has Changed

The services and focus of a business can evolve over time.  What was the primary revenue source of your company when your web site was first launched may not be the primary source today.  Or maybe there is another area of your market that you want to target.  If that is the case, the structure and focus of your web site should reflect that.

#7 Scattered, Unorganized Content

When you have a web site and are actively using it, it is very easy to let the content and focus get away from you.  Some web sites have a problem of not enough information.  The opposite can also be a problem if not organized.  Ideally, every page, every piece of content should be furthering one of your organization’s goals.  Regardless of how someone comes across your site, are they getting the message you are trying to send?

#8 Dysfunctional Platform

A lot of the web site redesigns I do are because the platform the existing site is on is now dysfunctional.  Something about it just doesn’t work anymore for the business.

That happens.  Things change.

Web sites are like houses.  Once you build them they still need maintenance and upkeep.   There comes a time when certain systems become obsolete and have to be replaced.

#9 User Functionality Needed

Another reason a business will overhaul their web site is if additional user functionality is needed.   If your web site is currently on an up-to-date CMS like Drupal, Joomla, or WordPress, you don’t necessarily need to redo the whole site.  That individual functionality can usually be added.

However, if your site is one of those drag-and-drop, DIY web site builders, the site is probably going to have to be rebuilt from the ground up to get the features you want.

#10 Need a Mobile Friendly Site

As I mentioned in my article last week on mobile web site options, having a mobile friendly web site is increasingly important.  Studies have shown that between 30 and 50  percent of all internet traffic is through mobile apps.

If your site is older than three year, the odds are the layout is not optimized for mobile.

 

Does your web site need an overhaul?  Contact us.

Pin It on Pinterest