I learned something new today to improve Joomla websites. Two of them can actually plug potential security holes, and the other 2 improves search visibility.

Redirect users if the "template" parameter exists in URL

If you go to this URL on your Joomla website, you can really mess up the template: http://www.yourwebsite.com/index.php?template=test. You can write a simple system plugin that does the following onAfterRoute.

$template = JRequest::getVar('template', '', 'GET');
if ($template != '')
$mainframe->redirect(JURI::root());

Depending how your template and 3rd party extensions are written, this may be important to plug a security hole.

Redirect users if the "tp" parameter exists in URL

If you go to this URL on your Joomla website, you can see the module positions of your template: http://www.yourwebsite.com/index.php?tp=1. You can write a simple system plugin that does the following onAfterRoute.

$tp = JRequest::getVar('tp', '', 'GET');
if ($tp!= '')
$mainframe->redirect(JURI::root());

Depending how your template and 3rd party extensions are written, this may be important to plug a security hole.

Turning Off article PDF by default

If someone searches something on search sites, and one of the articles PDF on your website turns up as a result, the user will have no way to browser your website from the generated PDF file unless he manually re-enters your URL on the browser. To turn off PDF generation for content articles, go to your administrator backend > Content > Article Manager > Parameters (top right), and select Hide for "PDF Icon"

Allow Searchbots to access your /images folder

Go to robots.txt (located in your Joomla root) and remove the following line:

Disallow: /images/

This is because Google Images (and other similar services) uses the "alt" tag of your website's images to search for meaningful content. The content is then correlated with the physical image. If searchbots are unable to crawl the image folder, then meaningful image search results for your website will not appear.

For the same reason, Disallow: /components/ and Disallow: /modules/ should probably be removed as well.


Sharing is Caring (ParaInvite feature):

To avoid spam, please login to leave a comment.

Cron Job Starts