Category Archives:
Tutorial & Guides

Joomla is the most popular CMS software which is free to get and fully customizable. You can easily create a professional and full functinoal website using this platform. However, because of its powerful and complex structure, it's a big challenge to set perfect security protection. In order to minimize the chance to get hacked, we collected the following 8 tips to secure your joomla site. Please follow instructions and configure your website.

Keep core/extensions up to date

The basic but most important requirement for all website softwares. Every new release contains lots of bug fix from previous edition. So make sure to check regularly on your site and keep updated with most reliable release. How to upgrade joomla to new version? Just login to joomla administrator panel and new version notification will be shown under "quick links". Click "Update now" to proceed the upgrade.

To update extensions, just navigate to extension manager then click "update" link on left panel. It will show up all available extensions. Select all then click "update" button on left top to complete the update process.

Back up often

Backup is always your most reliable source in case something goes wrong. Joomla backup includes both website files and mysql database. For joomla files, just refer to hosting control panel file manager and zip your joomla website directory then download to local computer. As about mysql database, you need refer to phpmyadmin -> select your joomla database -> select all tables -> Click "export" to save the sql file on local computer.

Now you have successfully generated a full backup of your joomla site.

Set strong login credentials

Strong login id/password is always suggested. Not just about password, we can also edit its default user name "admin". To complete this, login to joomla admin panel then refer to user manager. Click the edit link and provide a new user name/password you prefered. This greatly reduces the chance to be hacked.

For further protection, we can also set password protection to "administrator" folder in control panel so users need to authenticate before get the login form. For some crucial sites, website admin even set IP restriction so just people from the specific IPs can access to it. It can be done by uploading a .htaccess to administrator folder and put following to this file:

Deny from ALL
Allow from 10.2.2.2

Just replace the 10.2.2.2 to the exact IP address you allow to access.

Set proper file permissions

Proper file permission will stop lots of potential hacking. Many people give 777 during setup and forget to change it back. It's a big security issue that we should avoid. From joomla official recommendation, following file permissions are suggested

• Joomla folders permission set to 755
• Joomla files permission set to 644
• configuration.php file permission set to 666

Joomla security extensions

There're lots of official and third party extensions to tight joomla security. Following names are highly suggested

• SH404SEF: Re-write urls to friendly ones and prevent url exploits by hacker.
• Akeeba Admin Tools: Automate the process of joomla update, maintain and optimization.
• jomDefender: Joomla security guard with lots of configurable parameters.
• jSecure: Similiar to above with whitelist/blacklist IP feature.

Manual installation

Lots of people today use control panel auto installer for joomla installation because it's simple and quick. However we highly recommend the manual option. Not just because the learning process but also about security. During installation we have lots of parameters to configure, especially the default database table prefix "jos_". It's used by every joomla installation by default. It's absolutely not good for secure site. Instead, we can change it easily during manual installation. By changing that, we can prevent most sql injection attempts.

Hide version details

It's good tactic to hide your website version so hackers can not determine the proper hacking attempts. We can now easily turn on/off the version details from joomla global configuration.

Log into Joomla administrator dashboard -> click Global Configuration -> click Site -> Click Yes / No beside "Show Joomla! Version" at the bottom -> click Save to reflect your changes

Use a secure hosting server

The most important part. Hosting server decides your joomla site security directly no matter how you configured from client end. Web server software, PHP variables and mysql servers etc are all critical to joomla security. A secure joomla hosting server must be setup to meet up with the script extreme requirements. Server hardwares/network must be powered from certified data center space. Based joomla expert experience and official recommendation, inmotion hosting is on top of the best joomla hosting provider list. Not just because their secure and blading fast server, their people are actually joomla enthusiasts that apear in various joomla events.

It's easy to get your prefered hosting service nowadays because of the amount of providers. However, not everybody can use it properly even they have used the service many years. Based our editorial experience, almost every hosting service is different from each other. We have generated following 10 tips to help managing a healthy hosting account. It's extremely helpful for hosting novice who is not so familiar with the business.

Pay by paypal
It's highly suggested pay your hosting service via paypal instead other solutions like credit card. Why is that? Because in case you find the hosting is not what you needed, you can request money back easily. Especially when your hosting provider does not cooperate with the dispution, you can do chargeback request directly from paypal center.

Disable auto renewal
Many hosting service have auto renewal option turnned on after account setup. It's not good to clients because not everybody will use the service for more than one year. The trick is they provide us "regular price" other than promotional one from the first sign up. We might receive very good price for sign up but pay much more for renewal. The only way to save money is probably to renew several years. Hence, it's suggested to check if your account is set to auto renew after account setup.

Free domain or not?
Yes, almost every hosting provider offer free domain opportunity. Should you take it? We suggest no. Using free domain option means your business is tied up to hosting company. Most hosting companies are actually domain reseller from certified registrars like Godaddy, Enom etc. Thus if you need to transfer out to other company, they can not handle it efficiently or even ignore your request sometimes. That's why we always suggest use domain and hosting from different providers to keep your properties in safe hands.

Dedicated ip or not?
Many providers highlight dedicated ip offers to attract visitors. Especially from old times when dedicatd IP was considered as great feature for SEO. But such advantage does not exist anymore today. Google has clarified this multiple times from official announcements. When do we need dedicated IP? Mostly when we operate an online cart that needs SSL protection. SSL installation requires a dedicated IP address to proceed.

Evaluate addon products carefully
It's easy to pick up a cheap and good hosting service, but it's not the end. Many hosting providers even those leading brands put advertisements in hosting control panel. They either provide this service directly or affiliate with third party providers. They always give good reasons to convince people to get registered. Once you get into such service, you may receive unlimited marketing emails.

Check account usage regularly
Every hosting service provides analyzing tools for account usage such as disk and traffic. This will help us understand how much we have used and how is our website performing. The traffic report will also tell us some unnatural visits like hacking attempts so we can apply necessary security reinforcement.

About shared SSL
Shared ssl is working the same as dedicated one. However, please keep in mind the secure url will be working on server address not our actual domain. For example https://serverid.servername.com. It's always provided free but may be not perfect choice if you're promoting a cart site. Your dedicated ssl will keep everything on your own site but not others.

About secure FTP
Secure ftp is highly suggested if you concern about account security a lot. You just need to make initial configuration then everything will be transfered via secure tunnel. Check with your hosting support if they support secure ftp or not.

Pay attention to hosting announcement
Your hosting team will always send out newsletter every few periods. It's not all about marketing, sometimes they send out announcements for security fix on some popular website softwares. If you use such softwares, you should follow their guidance to upgrade its security. They also send out promotional offers for your account service sometimes that could save a lot such as for renewal. If you keep an eye on this, you're saving money with their service.

Don't use from pubic computer
It's not recommended to login your hosting from public computers because it will leave cookies. Especially for ftp connection, it will keep your connection once it's configured from softwares like filezilla, it brings big security issue by doing this. Unless you can clear out everything after use, it's never recommended to login your hosting service from pubic computers.

Shared hosting is the most popular choice by lots of people for its ease of use, low cost and rich features. Comparing to all other hosting solutions, we can put up website online in least time. However, because of the shared environment, there're hundreds or even thousands of other websites, security is a must concern. We have reviewed the top tactics for website protection under shared server and hopefully our readers will benefit from it.

Unlike VPS or dedicated server service, there're many uncertain factors for security setup. What we can do is to apply as much rules as we can to ensure the best security for our websites.

Use strong password

Strong password should be used for whatever online service. No matter for hosting control panel or website admin login, it's necessary to set a strong password and keep it at safe place. You might also consider to change passwords every few periods for best security. If you operate a business website, it's necessary to apply a fail try blocking so people who try to login via bad credentials will be blocked.

Use secure website software

Website script is core of security. No matter if you programmed by yourself or use any existing CMS, you should evaluate its security seriously. More and more people use cms softwares today thus it's crucial to use the right one. This includes two points – The software overall performance and your familiarity to it. Because many softwares are open sourced and everybody be able to view its source codes, you must find a reliable solution. Those leading softwares like joomla/drupal are supported and tested by thousands of users with frequent security fix. They're highly recommended if you like to use such solutions. Those less popular solutions should be avoid for business site creation since there's less support articles and you can't learn good experience from other users.

No matter what software you use, it's quite important to keep updated with the latest software release. Those vendors are always active in collecting customer feedbacks and do testing by theirselves to find security holes then apply hot fixes. Once there're enough bugs to fix and new features requirements, they will release new versions. Hence it's crucial to keep updated on your website for best security protection.

Disable database remote access

Mysql database remote access is disabled by default in cpanel. Web masters always have to enable the connection for easy remote maintenance. But once you finished the work, you should disable this feature so no people can hack into your data easily.

Scan your files regularly

This includes both file permission and virus affections. Many security issues are produced by permission settings other than website itself. By default, all permissions are good enough in control panel because it's generated by optimized server settings. However, we always need to edit it sometimes. For example some app installations require full 777 permissions to proceed, but once installed, we don't have to keep everything under such permission so we must remember to reverse it back.

For other website volunabilities, we highly suggest use some reputable service like 6scan. Once we set the service, 6scan will frequently check your site and give out good reports for potential security issues. The best of the best is it will provide step by step fix. We personally received multiple warnings from 6scan service and applied several crucial fixes.

Use a good hosting provider

The most important part. No matter how you secure your website, if it's hosted on bad server with bad support, all your efforts worth nothing. A good web hosting service will save your half work in configuring a secure site. What's considered a good hosting regarding to security?

• Leading server/network setup. Server hardware/software should be up to date and installed from reputable data center space. It's the best if hosting company manages their own data centers.
• Good selling policy. No overselling can avoid lots of potential issues no matter for performance or security.
• Ease of use. An ease of use service can simplify the process of securing account & fixing potential issues.

By following above rules we might have found it's not cheap to get such service. Price and quality are always on the same level. If we need high performance and quality security protection, those several bucks per year service should never be considered. Instead, a little more paying will actually save a lot in hosting a healthy site.

When you have a big application to put online, dedicated resource is necessary to ensure its performance and simplify your management experience. There're two choice available, dedicated server and cloud hosting service. They each have their own advantages based your different needs. This posting provides comparison between dedicated server and cloud hosting service. Our readers will understand their difference and decide which is better choice if there's such needs.

About Dedicated Server
Dedicated server is simplely composed by solid hardwares just like your personal computer. All resources are provided as it is such as hard drive size, CPU and RAM etc. Once the server is setup you can make full use of all available resources and not effected by other users.

About Cloud Server
Cloud server is a bit different than traditional dedicated server. All cloud server resources are generated from a group of hardware configurations and sometimes from different data centers. You just get remote access to your server configurations but don't know which hardware being used exactly. Hard drives, CPU/RAM and all resources can be from different locations.

Performance Comparison – Both Win

It actually depends the kind of application you host on server. Since we get dedicated resource from both platform, there's actually no much difference on performance. If all server resources are good engouh to work with, you won't find any performance issue. But things might change when you need extra support besides your existing server configuration. For example if you're hosting a heavy download site that have extremely high requirements to server/network, cloud should serve you better because your server hardware can be from any location within the company network. So if people download files from multiple locations on your site, cloud server will work better because of its smart configuration.

Ease of Use – Both Win

There's actual no difference in using either service. We manage services via control panel or remote connection directly. We just use it the same as regular server and no matter how it's configured we can still install softwares as normal. Although cloud server hardwares may from different locations, they all connected together to support a server system.

Scalability Comparison – Cloud Wins

Cloud server definitely provides better scalability. Especially when you need to increase its hardware resources, system managers can easily add it on the fly without affecting your running applications. This is crucial feature when your got a business application and suddenly you need extra resource support because you might loose an order if people can not load your site.

Dedicated server is different. We can also add extra hardwares to it but the process is completely different. If we need to add 100GB hard drives or 1GB RAM etc, server admin will have to shut down your server first and most of the time they will have to uninstall from server RACK to operate. Especially when there's no products backup, they will have to purchase separately and you have to wait for it.

Security Comparison – Dedicated server wins

This is decided by the server setup. You keep everything on the same hard drives for dedicated server and everything is protected properly. On the same level security setup, dedicated servers can be fully separated from other devices and ensure your data security.

Things are not the same for cloud server. Because it's created from a group of hardware resources, it's hard to track where your data will be located. After several backup, your data might have delivered to everywhere in the system. In case you're hosting some sensitive or copyrighted materials, it's absolutely not acceptable. Especially when there's hardware failure in cloud environment and your server provider does not have good policies for those retired products, you're in big security problem.

Server setup time – Cloud Wins

Cloud provides almost instant setup as we have reviewed from bluehost dedicated service. Because everything is ready in the environment, we just need to program properly to automate the process. If you need urgent server service, cloud should be your primary consideration.

Because almost every server is customly setup, so server providers will have to confirm your payment first then they will purchase your required hardwares then prepare installtion in data center. The process may take hours to days depends the actual situation.

Based all above comparison, using which service completely based what kind of application you're going to host and the level of security protection you expect. If security is top concern, the traditional server is suggested as everything will be stored on reachable hard drives. If extremely high performance/scalability is expected, cloud server would be perfect based all advantages above.

It's common for lots of people especially for those webmasters who operate multiple websites. Many hosting providers also announce to support multiple websites per single account. However, there're many choice to host multiple websites together other than shared hosting service. This article will compare the different solutions and find out how should you host multiple websites properly.

Shared Web Hosting

The most popular choice by lots of people. Most shared hosting plans allow to host multiple or even unlimited websites per single hosting account. Hence it's always the primary consideration when people have such requirements. The biggest advantage is we can manage everything centrally via low cost. We don't have to remember multiple user names for different accounts. Especially when we used the same website structure and need to apply regular maintenance/upgrade, we can handle the process efficiently.

How about the weakness? It's all about performance. We must understand all server resources are shared on the server. When we add a new site then there's less resource left. As always, there're hundreds of clients on same hosting server, if everybody host many sites in account then it's horrible sight. Also please note many shared hosting service set strict limitations to avoid flooding. Because you can not tell how will your sites be visited and if your account usage passed the server limitation, you will get warning or suspension notice easily. So unless you clearly understand how much server resource to be used then it's not recommended to put several websites under the same space especially for business websites.

VPS Server

A better choice from shared hosting. Normally you get dedicated hardware resource so you can utilize everything with no limitation. Unlike shared hosting where everything is controlled by hosting support, you have full access to server OS for vps hosting. In this way you can optimize the server accordingly based your website scripts. Although the service cost is much higher than shared service, you get more reliability and server control.

The biggest disadvantage is you find it hard to get a balance point between price and server quality. A high performance vps costs high while nothing can be guaranteed for cheap server service. You need a leading virtualization platform to ensure the server performance. We highly suggest use XEN, Virtuozzo and Hyper-V for reliable server service. Openvz is not good as we discussed from this earlier post.

Reseller Hosting

Very similar to vps server except we don't have server access. We can understand reseller hosting as combination of multiple shared hosting accounts. The difference is we have reseller control panel to manage all accounts together and view it's performance directly. We can use it the same way as shared hosting but have more control and we get much more resources there because we pay more.

Comparing to regular shared hosting, there's less restriction. But since it's still under shared environment, once other people use more then you can not receive guaranteed performance. If you decide to use reseller option, make sure to find a reputable provider or you can run into problems easily like shared hosting.

Dedicated Server

The best but also the most expensive choice. You get no limitation in using all resources and you don't have to worry about any restriction like shared server. Especially when you need frequent server access to configure various services, dedicated server is the best solution. Dedicated server also provides the best security protection since just you on the same server. If you host some sensitive information or copyright protected materials, it's highly suggested using this service.

The only weakness is about the high cost. A cheap dedicated server monthly fee can afford one year's shared hosting service. It's not affordable choice for personal business unless you're highly profitable on those sites. Also, you're fully responsible for server security protection and monitoring because only you have access to it.

Find the right one

As described from above, for multiple simple and small websites, shared hosting is good enough but you need to evaluate carefully and ensure the shared resource will be enough. VPS and reseller hosting provide extra abilities but you have to find a reliable server provider. If you run a web development company and need to host lots of different websites, dedicated server would be idea choice because you get everything under control for professional and secure management.

Once you decide to put your ecommerce website online, you have chosen to trust the modern business mode and mostly you're going to live for it. Thus it's crucial to start the first step correctly and treat it as your little daughter. This article briefly introduce some important points in promoting a successful shopping cart site. Some helpful tips are generated by real store owners who work or manage a store site.

Choose a Proper Domain Name

It's important to choose a proper domain name to build your store site. Unlike a physical store where you can pick up any name for it, domain name is invisible treature that's shared by many people. Lots of great names already preemptive registered by domain companies. You must research a lot and find the corresponding name for your business. For example if you're selling shoes, then it's suggested to get the word shoe in domain so people can get to your site easier from store search.

Find a Right Hosting Service

The most important part. Once your website goes online, all actions on website will 100% rely on hosting thus we can not use any hosting service to upload our business store. With regarding to business site, uptime and fast connection is a MUST no matter how many transactions you get. Because of this, those super cheap server plans should be avoided from the very beginning. A decent store hosting is configured at a reasonable price because they must ensure our business site performance and apply necessary technologies from server end. When you look for a reliable store hosting service, following points must be primarily considered

• Industry reputation is the first checking point, just search some negative terms regarding to their service and check what problems you might encounter.
• Server features is crucial for what kind software you can run with their service. You also need to learn about server end restriction such as CPU/RAM.
• Network facility help us understand if we can get fast loading speed directly. For example if our clients are mainly from local city then it's no reason to host websites from thousand miles away.
• Customer support availability determines if we can get instant communication when our site fails or when we need some server end changes.

InmotionHosting is by far the best recommendation for fast and secure store hosting service. Not only for its server performance but also their leading concept in offering the most helpful customer service. For many years till present, their company has been recognized standard choice for business hosting. Their people are also sponsoring lots of shopping cart softwares as platnium partner.

Check out InmotionHosting for business hosting plans www.inmotionhosting.com

Use the Right Cart Platform

It's quite important to learn what kind of cart site you would like to setup then you can pick up the right software. For example if you plan to setup up a global store site and multiple child stores feature required then those giant solutions like magento should be your choice. For small and medium size cart site, what you need is simple and easy without dealing with lots of technical stuff. Some good and light weight software like opencart and zencart should be the best choice for such purpose.

Use a Suitable Payment Gateway

Payment gateway is the door to allow people to submit money. There's no free gateway however and each gateway service is working different with difference service fees. Some gateway service requires lots of server end installation to ensure the best security and reliability. So it's crucial to understand you online transaction requirements and frequency to determine the best gateway solution. Many hosting companies also provide merchant account service that you can use directly on website with small fees. Find the most suitable gateway service based your needs because its money collector on your store.

Tips in promoting a successful store

It's not so easy to get success in any business. You really need to work hard in order to be profitable. For online stores, we collected the following tips from real e-store owners who have been running their business for years. Hopefully you can benefit from it.

Upload new products regularly
You should upload new products or promos regularly to home page. In case you don't have something new, you can also update old products via new images. The reason by doing this is people would like to stay longer to learn about your products information so more sales opportunity is expected.

Be active in customer interaction
Keep online as much as possible and be active in communicating with your customers/visitors. Try as much as you can to guide more potential buyers to your store. You don't have to convert each visitor to purchaser but need to give them good impression so they can remember your site for recuring visits.

Keep update with industry development
That means to learn from your competitors and keep an eye about what's going to be style so you can foretell the next selling point.

Handle negative information properly
Don't think negative comments are bumbs to your business. Sometimes it's good chance to show your confidence by heartful replies.

Be positive in doing all above
You don't need more tips. The simple and gold rule of success is to repeat what you have been doing. Just do what you have planned and never stop then success is just a matter of time.