Open Source Vs Commercial CMS

By Jonathan Camp

Any business or individual contemplating the purchase of a Content Management System in order to create a website in today’s environment is faced with a dilemma: should they purchase a commercial CMS, which will be quick to deploy, have a dedicated support team (and very likely a maintenance contract) but can cost a lot of money; or should they use an open source CMS, which is usually free of charge but offered without warranty and is still regarded by many as an inferior product. So which is best?

Open source software has been one of technology’s “movers and shakers” over the last 10 years and is now finding favour with many industry sectors, including governments. The traditional software house now finds itself running to stand still, with open source alternatives competing on virtually all levels and dominating on price. There are many, however, who still believe that open source products are not suitable for commercial applications, a theory without any substance but one that commercial software manufacturers are keen to uphold.

The number of open source content management systems now available is large and shows no signs of shrinking. The best-known alternatives are WordPress, Joomla, Drupal and CMS Made Simple, but there are many new products coming onto the market all the time. Examples of these include Hippo CMS, Tomato CMS, Automne CMS and Gazelle CMS – there are currently in excess of 200, but most of these will have little, if any, support and many will have no documentation to speak of. The more established brands, on the other hand all have strong support communities, particularly the larger ones. Joomla for example has one of the largest forums on the Internet and WordPress is the world’s most popular blogging platform accounting for a massive 12% of all websites globally.

The thing that reassures most commercial customers about a CMS, apart from the maturity of the brand, is the fact that there is a team of developers at the end of a phone to not only give support, but to act as a middleman between themselves and this technology that they know nothing about. An open source CMS on the other hand can leave them feeling isolated and unsure of where to turn for assistance should that be necessary. What many commercial customers fail to recognise, is that the developers upon whom they are relying may well be using an open source CMS to develop their website anyway, and done properly, nobody would know.

One of the great benefits of open source software is its availability at little or no cost, and this is something that commercial developers have been quick to exploit. In fairness, most will be quite open about the fact that they are using free software and will pass those cost benefits on to the customer. Some CMS platforms like Drupal and Joomla are quite complex to set up and develop to the customer’s satisfaction, so any agency undertaking this work has every right to charge commercial fees for it. Where things can get a little tricky is in the e-commerce arena; individuals attempting to add shopping carts or electronic payment gateways should be very wary. In these cases it can be comforting to know that the assistance of the professional is only a phone call away.

D, John Millard is a web designer and Internet marketer from England. His FREE 5 Day Article Writing Course is available by visiting Netresult Web Design.

Article Source: http://EzineArticles.com/?expert=D._John_Millard

Article Source: http://EzineArticles.com/5045669

Joomla 1.7 gets ready

By Jonathan Camp

• Joomla 1.7 status and upgrade info – Joomla news – Blog
  The release of Joomla 1.7 is not far away. In fact, the stable version (1.7.0) is scheduled for release on Tuesday, July 19 (new date!).
  In this post, you’ll find some dates and information on upgrading to Joomla 1.7 from versions 1.5 and 1.6.
  The Alpha version of 1.7 was released on June 5th.
  Joomla 1.7.0 beta is targeted for release on Tuesday, June 28.
  (tags: joomla cms upgrade)

List of top things to do to secure your Joomla website

By Jonathan Camp

Top things to do to secure your Joomla website

Updated: 3/2/2011 (you can now download and view this as a checklist document for your reference and guidance)

Here’s my list of the top things to do to make sure that your not leaving security vulnerabilities in your Joomla website and that it runs smoothly each and every day…

• FIRSTLY MAKE SURE YOU ARE RUNNING THE LATEST RELEASED VERSION OF JOOMLA. Login to your Joomla site and look at the version number. If you are not running the latest version, download it and update your site straight away! At the time of writing this (Feb 2011) there are two major versions of Joomla. 1.6 is the latest brand new release and version 1.5.xx. If your site is using a 1.5.xx version make sure you upgrade to the latest version in that range e.g. 1.5.xx to 1.5.xx – do not jump to version 1.6 without a lot of testing and looking at the implications of doing so!
• If your database tables in MQSQL for Joomla have ‘jos_’ as the prefix, read this first tip:
  Download EasySQL (http://extensions.joomla.org/extensions/hosting-a-servers/database-management/2867) and rename the database prefix of our databases within MySQL from the jos_ prefix (if everyone wants more feedback on how to do this leave me a comment and I’ll create a blog entry )
• Create a spreadsheet grid showing all your Joomla websites against modules / version installed in each site with dates and links to latest versions (this should be reviewed and signed off every month)
• Delete the Administrator account and create an account within each site with Super Administrator rights – use a different user account for each site in case one site gets hacked. Create the Super Administrator account before you logout (having deleted the original Administrator account) – for obvious reasons – you don’t want to lock yourself out!
• Verify that your DATABASE password is not the same as your ADMINISTRATOR password. The database password is the password you chose when you first installed Joomla and went through the wizard to install the MYSQL database. It’s important that the Joomla Administrator password is not the same. Use an FTP client to login to your website, navigate to your ROOT directory on your site, and view the CONFIGURATION.PHP file. Look for the line that says “var $password = ‘. Check this password is NOT the same as the password you have just used to login as administrator. If it is the same CHANGE YOUR ADMINISTRATOR PASSWORD NOW!You can also check your “var $dbprefix = ” line  is NOT SET TO ‘jos_’ (see my first tip here about renaming this prefix with the EASYSQL product.
• Change the default editor to NONE and manually add the Tiny Editor to all those named users you want to use the full editor. This way the default users will not be able to use the full editor.
• Enable SEF from the control panel. This will create nice URL’s that are search engine friendly AND it will stop hackers from searching GOOGLE for index.php?com_<modulename> and getting a list of all websites that use a certain module that has a security issue. After you switch on the SEF under the control panel, make sure you check the links on your site and they are now using proper SEO friendly links rather than then older links.
• Disable ALL Non used Joomla core modules/components and extensions in each site that are not being used
• Uninstall all 3rd party modules that are not being used on each site
• Use an exploit and vulnerability site like inj3ct0r (http://inj3ct0r.com) to  check to see if there have been any security issues with all your third party modules. Go to that website and type in the name of the component to see if there are any issues. Then check the version number returned and that your site is above that version. Also check with the third party component site to check if there are updates that fix the reported issues.
• Make sure that the admin database MySQL account password is not the same as the Joomla site login
• Use Akeeba Backup (http://www.akeebabackup.com/software/akeeba-backup.html) in order to completely automate the backup and download of all Joomla websites on a daily basis. Keep a monthly backup that stays static and is not overwritten.
• Download the full web logs monthly from each Joomla site and use the weblog expert software (http://www.weblogexpert.com/lite.htm) and review the reports for potential attacks and phishing attempts.
• Install free web monitoring software to alert non availability for each Joomla website and ensure the alerts are SMS’d to make them immediate.
• Subscribe to the Joomla Security forum (http://feeds.joomla.org/JoomlaSecurityNews) on joomla.org to receive regular updates of critical level fixes and updates.
• Check the version of PHP your site is currently running. You need to have version 5.x installed. Login to your site and select HELP -> SYSTEM INFO. Look for PHP Version.. it should say something like 5.2.xx. If you are still using PHP version 4.x on your site you need to upgrade the PHP for your site. This can usually be done via CPANEL or by contacting your ISP via their support system.
• Make sure that each sites configuration.php is set to READ ONLY once we have it set
• Ensure that the Joomla installation folder is deleted for each site
• Make sure that every third party modules and components have the correct  php coding structure at the top of the file:// no direct access
  defined(‘_JEXEC’) or die(‘Restricted access’); 

  This will check and use the built in Joomla security which is the official method for security with Joomla websites. To do this you will have to login to your site using an FTP client and look at each third party component.

• Make sure the .htaccess file in the root of each site is set correctly – this means renaming ‘htaccess.txt’ to ‘.htaccess’ on Apache servers and uncommenting code within the file that stops XML access issues. Please note that .htaccess is usually marked as a hidden file, so you may need to set an option in your FTP to view hidden files on your site.You should also add ‘IndexIgnore *‘ (without the speechmarks and capitalised as this) to the bottom of the .htaccess file.
• Put the following into each sites php.ini to stop SQL Injections:

allow_url_fopen = OFF
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open

• Finally make sure you delete all accounts that are not required, and you regularly review all users allowed into the system for security permissions.

All the above information has been gleaned from various videos and websites and considered ESSENTIAL within the Joomla community as the MINIMUM required to keep Joomla websites protected.

View this article here

Joomla 1.5 – How to create templates

By Jonathan Camp

Creating a basic Joomla! template – Joomla! Documentation

Tutorial on how to create a basic Joomla template. This WIKI article goes through all aspects of creating a standard template for Joomla including how to format your directory structure and the index.php file. The final template is simple but covers all aspects of creating the template – as start for your new template or website creation using Joomla.

joomla – gallery – screwturn – wiki

By Jonathan Camp

MorfeoShow

ScrewTurn Wiki