Prepping Joomla! For Deployment

Posted: February 27th, 2009 | Author: Bryan | Filed under: Open Source | 1 Comment »

Joomla! is an extremely popular open source CMS, and one that is used in production environments the world over. We’ve set up quite a few Joomla sites in our day, so I thought I’d share our handy guide to prepping your development installation for a live launch. The topics will cover anything from basic server side security to specific plug-ins we find useful. In no particular order…

1: Choose a good password, for everything.

Your database password, your admin password, your FTP password, etc. should be solidly locked down with good passwords. I mean no dictionary words and simple acronyms. Use some symbols in there as well. Honestly, this can make all the difference and for goodness’ sake DO NOT use anything as simple as ’123456′ or ‘password.’ If you neglect this, you deserve to be hacked. You should even change the admin user name to something else.

2. Use the most recent version of Joomla!.

Try very hard not to use an old version because you’ve use it before and are familiar with it, or because a plug-in you’d like won’t work in the new one (there is a Legacy mode for that, though you should try not to use it if you don’t absolutely need to). Also, update it often.

3. Optimize your URL structure.

The newest version of Joomla! has some nice SEO optimized URLs right out of the box, but you can improve this even further by simply renaming the htaccess.txt file in the installation’s root to .htaccess. Now hop in the Site’s configuration and enable ‘mod_rewrite’. If you’d like even more overriding control with your URL structure, try the plugin named ‘sh404sef.’

4. Secure your folders with an index file.

This one is a general tip that most guys running a web server already know about. Make a blank html file named ‘index.html’ and upload it to each of the folders that you feel may be left open to prying eyes. A good example is the template folder and all subsequent folders.

5. Use SEO improving plug-ins.

My favorite SEO plug-in is JoomSEO. This plug-in allows for auto generated meta tags based on keyword density, titles, and categories for each article. This is a must have because otherwise the meta tags are for the most part site wide. (Please note that if you use sh404sef that you may have to disable its meta generating feature to make this work correctly.)

6. Perform a health and security audit on Joomla!.

Use Joomla! Tools Suite to do a quick audit of your site and try to plug all the holes that it finds. This tools suite is a great asset.

7. Prepare regular backups.

There are many ways to do back-ups, including off site backups using Amazon’s S3 service, but the fastest and simplest way to protect yourself should something go south is to install a plug-in like ‘JoomlaPack’ to do automated backups for your site. This plug-in packs your current site into a redistributable zip file ready to be installed just like a new Joomla! site. Great for cloning sites as well.

8. Set up your cache.

The cache is a standard feature for Joomla!, make sure its working by checking out the ‘cache’ folder in the root install directory. There should be a bunch of files in there, if not, make sure the folder is writable and that you’ve enabled the cache in the ‘Site Configuration’.

—

This should pretty much cover all the basics, you can always further optimize your server using compression, CSS sprites, image optimization and far-future headers, but those are all high effort/low return ideas that are best reserved for sites with extremely high traffic.

What else do you do to prep your site for production?

---