How to create your own Joomla admin menu

How many times you asked yourself: "Why my customers have to see exactly this same admin menu as I do, it's too complicated for them". One thing that Joomla users mostly appreciate about the platform is its flexibility. One of the great things is that almost each part of the back-end is easily customizable, also the admin top menu.

Why customize the admin area on backend?

While the Joomla admin panel is already very intuitive, there is always room for improvement. For example, depending on the extensions you are using on your website, it can become extremely crowded. If that is the case, it can be a good thing to know how to rearrange, hide and get rid of menu items, admin modules, and other elements that have been put there by others. That way, you can gain more control over your site.

The second reason to learn how to customize the Joomla backend is if you do a lot of client work. Here, the ability to change the admin panel’s design allows you to use more corporate (visual) identity experience, for example by adding custom colors and logo.

Disabling the admin modules

In most cases, we do not use and not even need all the admin modules displayed on the Control Panel screen. Most of them you can easily disable. Follow the instructions below. 

1. Start with the blue infobox "You have post-installation messages". Click Read Messages button to disable one by one all messages inside. With no messages, no blue background rectangle anymore.
2. Go to Extensions > Modules.
3. Switch to Administrator Module list.
4. Disable selected modules published on "cpanel" and "icon" positions.

Figure: Default Layout with modules of Administrator Control Panel.

Figure: How to disable/unpublish Administrator modules from the list.

Note! If somebody is going to use SP Page Builder (Pro) allow them to see only this admin module in Control Panel.

Customizing the admin menu

In new versions of Joomla, you can create your own admin menu and replace with the default one. How can it be helpful? Less positions in the menu means less unnecessary questions from your client, who in most cases also does not need at least half of them.

Step 1: Create a new admin menu.

Figure: How to create a new Administrator menu (step 1)

Step 2: Customize menu positions, disable or/and add new menu items for your admin menu.

Figure: How to add new menu item into Administrator Menu.

Step 3: Now you can replace the default admin menu with the new one.

1. Go to Extensions > Modules.
2. Switch to Administrator Module list.
3. Edit the "Admin Menu" module.
4. In the field "Menu to Show", choose new menu "Admin Menu" (or other name which you've used).
5. Check Menu: "No" (think 2x before using it)
6. Save changes, if you're 100% sure that it's okay. Click Save & Close.

Figure: Administrator Menu without two main menu items.

Changing admin area colors

In a previous blog post, we presented how to customize the Joomla admin login screen. Using this same method, you can change colors for the header, toolbar and upload a logo to be used in Joomla 3 admin.

1. Go to Extensions > Templates > Styles.
2. Switch to Administrator templates list.
3. Open the ISIS default template.
4. Click on the “Advanced” tab from the menu.
5. Then check corporate identity (CI) guide book, and take colors from it.
6. Use them in "Nav Bar Color" and "Header Color" fields, as I did. 

Figure: Administrator Panel with changed background colors and new logo, instead Joomla! default.

Note! In Joomla 4.0, there will be a new admin template, named "Atum", it means that, after several months from now, you will be "forced" to do this same again.

And, it’s done! We hope you’ve liked those tips. Please let us know your thoughts in the comment section.

Source:

https://www.joomshaper.com/blog/how-to-create-your-own-joomla-admin-menu

Read More

How to hide Help Menu in Joomla backend?

While customizing the Admin template, most of us come across a situation where you want to hide the “Help” menu and the first solution which pops up in your mind is to use CSS to hide it. However, there is a very simple way to hide it.

How do we do it?

1. You might know the “Admin Menu” module that is present specifically at admin site. Go to Administrator area -> Click on Module manager from the drop down of Extension manager -> From the very first filter shown on left side (where you are seeing Site by default) select Administrator.
   
2. On the main page you will find a module named “Admin menu”. Click on it. Now go to Advanced tab. You will find a parameter Help Menu. You need to set it to “Hide”.
   

You’re good to go! I hope that now you’ll be able to hide the “Help” menu in backend without using CSS. :)

Source:

https://techjoomla.com/blog/cms-tips-tricks/how-to-hide-help-menu-in-joomla-backend.html

Read More

10 advanced Joomla tips to become a pro

Joomla offers a great number of functionalities to smoothen your development life. But these features could seem overwhelming sometimes and you might miss some of the great functionalities that will make you a pro user.

So, today we are going to discuss some of the tips that have been found popular among professional Joomla developers. Let's dive in.

1. Show the site name on the browser tab

It’s cool to display your site name on the browser tab, fortunately, Joomla allows you to do it easily without any extension along with your main page title.

Process:

• Go to System and click on “Global Configuration”
• Navigate to “SEO Settings” and look for “Site Name in Page Titles”
• By default, it is set to “No”. You can choose “Before” or “After” depending on your wish. Enabling this feature will show your site name before or after the page title
• Save changes

If you go to the front of your site, you will see the site name is visible in the browser bar.

2. Boost your website speed

Reducing the site loading time is one of the basic needs you have to fill while developing a site. This trick will show you how to do it smartly.

Process:

• Go to System and click on “Global Configuration”
• Now navigate to “System” tab and look for “Cache Settings” section
• From “System Cache” select “ON - Conservative caching”
• We are not done yet, now go to “Server” tab and look for “Server Settings” section
• Turn “Gzip Page Compression” to “Yes”
• Save changes

3. Unlocking global check-in option

When a specific user edits an article, other fellow users of that site lose the access to edit that article at the same time. Enabling global check-in will unlock the editing feature for all the users. This option will come in handy when someone forgets to finish editing their articles.

A screenshot of locked articles (list view):

Process:

• Go to System and click on “Global Check-in”
• From the “Database Table” row select all the items
• Finally, click on “Check-in” button

4. Edit menu from the frontend

You can edit your navigation menu right from the frontend of the website.

Process:

• Go to System and click on “Global Configuration”
• From “Site Settings” tab, look for “Mouse-over Edit Icons for”
• Select “Modules & Menus” from the drop-down list
• Save changes

Please note, in order to see the edit option, you have to sign in on the frontend.

5. Using the same module multiple times

This trick will come in handy when you want to use the same module multiple times. You can duplicate a module by following the process below:

• Go to "Extensions" and click on “Modules”
• Select the module you want to copy
• Now click on “Duplicate”
• Save changes

6. Article versioning

Sometimes you might want to go back to the previous version of an article. Joomla has that option for you. It's very easy.

Process:

• Open your desired article in editing mode
• Click on “Version” from the top menu
• Select the version you want to restore, then click on “restore” button
• Save changes

Please note, the article versioning option is turned on by default. If you have disabled it, then you need to enable it again for using this functionality.

7. Enable rating for every post

You will always want to know your users' feedback, how much they are liking the content you are providing. In order to give your users access to this awesome feature do the following.

Process:

• Go to System and click on “Global Configuration”
• Now go to “Articles” from the left sidebar.
• Find “Show Voting” and click on “Show”
• Save changes

8. Know the modules

Deep knowledge of module position will help you a lot while developing any website. You can be the master of module positioning within a minute.

Process:

• Go to “Extensions” and click on “Templates”
• Click on “Options” from the top right bar
• Find “Preview Module Positions” and set it to “Enabled” status
• Save changes

In order to see the position of your module, go to the page of which you want to see the module position and add “/?tp=1” at the end of the URL. For instance: www.yoursite.com/any-page/?tp=1

9. Enable HTTPS and make your entire site secure

Security and privacy should be the most important concern when you publish your site on the internet. You must have a valid SSL certificate installed on your site. Then do the following to activate HTTPS on your whole site. If you don’t have any SSL certificate installed on your server, please contact your hosting provider for support.

Process:

• Go to System and click on “Global Configuration”
• Go to “Server” tab
• In “Server Settings” section, you will find “Force HTTPS”
• Select “Entire Site” from the drop-down list
• Save changes

10. Language overrides

When you need to customize the text of a button or a label, this tip will come in handy.

Process:

• Go to “Extensions” and find “Language(s)” then click on “Overrides” from the drop-down list.
• Click “New” from the top left corner
• Type the text you want to change/translate into the search bar, for instance: “forgot” and then click on “Search”
• Locate your desired string
• On the left side you will find “Text” field, now make your desired changes here
• Click "Save" to apply changes

We can guarantee you, these 10 pro tips will help you a lot in your development career. Please stay with us to get more and more tips and tricks. And don't forget to share your feedback about this article with us in the comments section. 

Read More

Making Joomla site SEO friendly by removing ID from URLs

Before we begin, let's have a brief look at the URL variations of Joomla.

The evaluation of Joomla URL
The ancient one:
www.example.com/index.php/category-alias/123-article-alias

The customized one: 
www.example.com/category-alias/123-article-alias

The modern one (after customization):
www.example.com/category-alias/article-alias

The difference among all those three versions of URLs is pretty visible. The first one (as I’m calling it the ancient one) is not user-friendly at all. It has an extra index.php and a random number (ID) in the middle of the URL. That makes it non-readable and people are very likely to forget them.

You’ll get the ancient one right after you install Joomla. If you want to get the customized one (removing index.php from URLs), I’d suggest you have a look at this article which explains how to do so with a very simple step by step guideline. And, today’s article will show you how to remove ID from URLs in Joomla.

Let's go through the step by step guideline

Step 1

We need to log into the Joomla admin area of our website then go to System > Global Configuration.

Step 2

Now select “Articles” from the left sidebar.

Step 3

Navigate to the “Integration” tab of Articles configuration.

Step 4

We will change the “URL Routing” option. The following screenshot shows the default settings. 

Step 5

This is the step where we’ll do the actual work. We need to change “URL Routing” from “Legacy” to “Modern”. Doing so will open up a new option “Remove IDs from URLs”, we need to set it to “Yes”.

Yes, we’re done here. You need to hit “Save” or “Save & Close” before you can see the result.

This URL Routing feature can be enabled for few other components. The above process was shown for Article component. If you want to enable URL Routing for other components like contacts, news feeds, and users you can do so as well. The process is pretty much same. But hey, if you face any difficulties just comment below. We are always here to help. Thanks for being with JoomShaper. 

Source:

https://www.joomshaper.com/blog/making-joomla-site-seo-friendly-by-removing-id-from-urls

Read More

Tips For Maintaining A Secure Joomla Website

Joomla is a popular Content Management System (CMS) used by thousands of people world-wide, and is the second most popular CMS used on our hosting platform.

Here, we provide some hints and tips to help keep your Joomla website safe and secure

Always use the latest version

Older versions of Joomla contain security holes and bugs, and are only supported by the Joomla community for a certain length of time. Once their support has ended, these bugs are no longer fixed, and your site becomes vulnerable if you haven't kept up-to-date with updates and patching.

By installing the latest version of Joomla, and keeping it patched and up-to-date, you minimise the risks of your website being compromised.

The latest available version can always be downloaded from http://www.joomla.org/download.html

Choosing your login/username

Since version 2.5, Joomla has removed the default username from the easily-guessed "admin", and lets you choose your own username for administering your Joomla site.

Choosing a username other than "admin" helps prevent brute-force attacks, where someone repeatedly tries to log in to your website with the username of admin, changing the password each attempt.

Change the database prefix

When you're installing Joomla, you should change the table prefix for the database Joomla uses from the default value.

Doing so will help prevent any potential hackers from trying to access tables in the database

Password protect your administrative area

A major failing in Joomla is that you can't rename the "administrator" folder. It has to be called that, because there are 3rd party plugins and themes that rely on it existing to work correctly.

So, because anyone trying to break into your site knows they can always go to /administrator, we need to have some additional protection. We can do this using a htaccess file.

Find the path for your administrator folder

Create a file called path.php with the following code in it: 

<?php                        echo "The path is " . getcwd();                        ?>

and upload it to your administrator folder.

Visit the file in your web browserat http://[your Joomla website address]/administrator/path.php and copy or make a note of the path

Create a username and password for accessing this folder when it's protected

Go to http://aspirine.org/htpasswd_en.html and fill in the form with the username and password you want to use to protect the administrator folder. Use the crypt() method when using the form on this site so the correct format is created.

In the Source box, enter your desired username and password on one line (eg: freddblogs mypassword), then click on the Generate htpasswd button. Copy or make a note of the text in the htpasswd file box

Create your password protection files

Create 2 new files in a text editor, like Notepad (Windows) or Text Wrangler (Mac), called htaccess.txt and htpasswd.txt.

In htaccess.txt, add the following lines:

<Files ~ ^.\ht*>                    
    order allow,deny                    
    deny from all                    
</Files>                    
AuthUserFile {the path that you copied down from path.php}/.htpasswd                    
AuthGroupFile /dev/null                    
AuthName EnterPassword                    
AuthType Basic                    
require valid-user

In htpasswd.txt, add the following lines:

{the text you copied from the htpasswd box in the previous step}

Upload htaccess.txt and htpasswd.txt to your Joomla administrator folder, and rename them to .htaccess and .htpasswd

Test the password-protection works

Visit the admin section of your Joomla website in your web browser. A box should pop up on screen asking you for a username and password.

Type in the ones you used and you should then be able to see the Joomla admin section, where you will need to log in using you normal Joomla username and password.

Protect Your Site With Some Basic htaccess Rules

Joomla displays your site using the files index.php and index2.php. It normally doesn't need to access any other file on your site.

A basic htaccess file to enforce this is

<Files *.php>     
    deny from all     
</Files>     
<Files ~ "^index(2)?\.php$">     
    allow from all     
</Files>

Additionally, you can stop the following files from being accessed in a web browser. You wouldn't normally have files with these extensions accessible

<FilesMatch "\.(htaccess|htpasswd|ini|phps|log|sh|conf)$">     
    Order allow,deny     
    Deny from all     
</FilesMatch>

File And Folder Permissions

Never, under any circumstances, set a file or folders' permissions to 0777. If a plugin, module or theme needs this, then you shouldn't use it.

There is absolutely no reason ever for a file or folder to need these permissions, and they are inherently unsecure.

Because your PHP scripts run as your group ID, and not as a seperate process, they only need user and group permissions, and never need world/other access.

The correct permissions to use on our hosting platform are:

folders         : 0771                
PHP files       : 0660                
Perl files      : 0755                
config files    : 0440                
all other files : 0664

We strongly recommend that you do not change these.

In addition, our new Apache will refuse to serve files and folders set to 0777. This is a security rule and will not be changed.

Housekeeping

There are a few general tips that all website users should follow, not just Joomla users:

• Remove all design templates, themes, modules, and plugins not needed by your site.
  This removes the risk of code not being updated because it's no longer active on your site
• Clean up after installs.
  The installation process will require you to delete the installation directory and all its contents. Do this; do not simply rename it.
  If you upload files to your site as compressed archives (xxxx.zip for example), don't forget to remove the compressed file.
  Check your Joomla /temp, /tmp and /cache directories, as temporary files may remain there after an installation
• Do not leave any unneeded files (compressed or otherwise) on a public server.
  Each unused (and perhaps long forgotten) file is a potential security hole
• Keep your website up-to-date
  Mke sure your website is full-patched and up-to-date by using the available tools in the admin panel

Add The Joomla! Security Announcements Feed

Joomla provide a security announcements feed, detailing latest vulnerabilities and patches. This is your number one source of security information for your Joomla website, and should be used

• Login to your Joomla! Administration panel
• From the menu, select Extensions -> Module Manager
• From within the Module Manager, select Administrator
• From the Icon Menu (top right), select New
• From the choices available, select Feeds Display
• At the Feed Module configuration page, enter the appropriate details (Title (EG: security Announcements) and Feed as a minimum)
• Enter http://feeds.joomla.org/JoomlaSecurityNews in the Feed URL
• Select cpanel as the position
• Optional Select Apply from the Icon Menu (top right) and place the feed in the order where you want to see it in the Admin Control Panel
• Select Save from the Icon Menu (top right)
• Go back to your Admin Site main page (Site -> Control Panel) and you should see your newly built Security Feed.

Choosing modules, plugins and themes

There are many resources for additional component for Joomla. You should consider only using those that have some form of support on the official Joomla forums.

These additional points should also be addressed:

• When was the last version released?
  If it has been over a year, consider the project abandoned and find something else. Do not install old components.
• What kind of release is it? (Stable, Release Candidate (RC), Beta, Alpha)
  For production sites you should be sticking to Stable releases as much as possible. If you cannot wait until a Stable release has been made available, Release Candidates are the only other option you should consider.
  We would not suggest anyone install any Beta or Alpha extensions on a production site. This means they still have bugs, they have not been tested enough, and could have any number of inconvenient bugs or security issues that have not been fixed or worse, found.
• Is there a support community for this extension?
  This is very important for usability and security awareness. If there is a support community for an extension there is a better chance of security issues being known and dealt with.
  A support community means that people would like to continue using the extension and that they care about the extension. This furthers the chance that security issues will be found, disclosed, and dealt with promptly.
• Is the extension generally bug free?
  While it is almost impossible for an extension to be completely bug free, the smaller the number of bugs, the better.
  If there are bugs in the software it means there are mistakes in the software. The more mistakes, the higher risk of usability issues and security issues. Security issues are often a result of not one bug, but several bugs or bad practices

Turn Your Joomla Error Reporting to Maximum

https://www.inmotionhosting.com/support/website/redirects/setting-up-a-301-permanent-redirect-via-htaccess
https://www.names.co.uk/support/1795-tips_for_maintaining_a_secure_joomla_website.html
http://aspirine.org/htpasswd_en.html
https://www.gavick.com/blog/speed-website-simple-htaccess-tricks
https://www.themexpert.com/blog/joomla-seo
https://www.getastra.com/blog/911/joomla-malicious-redirects/
https://expressmagazine.net/development/1915/huong-dan-rewrite-url-su-dung-htaccess

Read More