“JHtmlBehavior::polyfill not found” Fatal Error on Joomla

A new client called us this morning and told us that the was seeing the following error on his website when he was visiting it: An error has occurred. 500 JHtmlBehavior::polyfill not found So, we visited his website in order to check what is going on, and, to our surprise, we didn’t see the error. […]

Joomla Security Tip: Block Long URLs

At itoctopus, one of the things we are fascinated by is security – we are always researching new ways to improve the security of our managed websites. Our Joomla honeypot experiment, for example, was a huge success and we implemented it for our major clients. It also helped us better understand attack patterns, which, in […]

How to Remove the PHP End of Life Warning in Joomla 3

We are getting calls from Joomla administrators telling us that they are seeing a bizarre warning in the backend of their Joomla sites after updating their sites to 3.7.x. Here is a sample warning: Your PHP version, 5.6.30, is only receiving security fixes at this time from the PHP project. This means your PHP version […]

Joomla’s RSForm Pro PayPal Plugin Not Changing the Payment Status from “Pending” to “Accepted”

RSForm Pro is one of the most powerful extensions out there. You can create any type of form with it, and associate any action you can think of when the form is submitted, whether through plugins or through embedded PHP code. This makes RSForm ideal for integrating Joomla with payment gateways (such as Authorize, PayPal, […]

Saving Articles Timing Out After Updating to Joomla 3.7? Read This!

A client with a huge Arabic news website called us on April 26th (the day Joomla 3.7 was released) and told us that he’s not able to save articles after updating to Joomla 3.7. He told us that article saving was timing out, and urged us to take a look. As usual, we obliged. We […]

How to Remove the Article ID from SEF URLs in Joomla 3.7

Joomla 3.7 is a weird iteration of the famous CMS – it seems that quite a few important things were half baked or not completely tested. For example, the new routing functionality that was meant to be completely revamped in Joomla 3.7 was supposedly scratched from that version, to be later introduced in a future […]

The Joomla Honeypot Project Experiment

At itoctopus, we are paranoid about the security of our managed clients’ websites – as such, we always research revolutionary ways to better protect these websites against potential exploits. Last week, we conducted a honeypot project on one of the largest websites that we manage. For those of you who don’t know what a honeypot […]

Yes – The Frontend of a Joomla Website Can Work Without the Plugins Folder

Do you have time for a simple experiment? If yes, then try the following: Download Joomla. Install it on a local or a remote server. Once the website is working, rename the plugins folder to plugins_old. Visit the website, and you will notice that the website still works. Now rename the modules folder to modules_old, […]

“Save” and “Save and Close” Buttons when Editing Articles in Joomla’s Frontend

A common issue on Joomla websites with frontend editing is that the behavior of the “Save” button on the frontend is different from the behavior of the “Save” button in the backend. The “Save” button in the backend saves the item and redirects back to the item’s page while the “Save” button on the frontend […]

Performance Tip: Ensure that Missing Files Are Not Processed By Joomla

Let’s do a simple experiment together. Go to your Joomla website, type in something like: http://www.[yourjoomlawebsite].com/test.jpg (assuming you do not have a test.jpg file in the root directory of your Joomla website). You will notice that Joomla displays a 404 error. What’s wrong with that, you may be wondering? Well, what is wrong is that […]

5 Reasons Article Saving in Joomla Takes a Long Time

Each day, more and more clients are calling us to address the slow article saving problem that they are experiencing on their Joomla websites. We’re not 100% sure why this is becoming an increasingly common Joomla problem, but we think that it might be that more large sites are using Joomla (though we have no […]

7 Questions to Ask When Switching Your Joomla Site from HTTP to HTTPS

Earlier this week, we published a post on the importance of switching your Joomla website from HTTP to HTTPS, mainly because of a new setting in Chrome and Firefox labeling pages with sensitive forms (such as login forms) as insecure if they are not running in HTTPS mode. Most Joomla administrators think that switching from […]

How Ordering Slows the Saving of Articles on Large Joomla Sites

Note: The solution presented in this post is a core change. Proceed carefully and always backup your website before modifying core files. A few days ago, we received an email from someone managing a very large Joomla website (it was a Brazilian news website). She said that the saving of articles was taking an abnormal […]

Why It’s Important to Switch Your Joomla Website from HTTP to HTTPS

Back in 2013, we have debunked the myth that switching from HTTP to HTTPS will make a Joomla website more secure, and we have explicitly recommended against using it globally. Obviously, times are different now, and while we still haven’t changed our mind that such as switch will not make a Joomla website more secure, […]

Unable to Save/Create Joomla Modules – What to Do?

A client called us this morning and told us that he was unable to create new modules and save existing modules. So, we logged in to his website and checked the problem, and it was like he said: we opened a module, we modified it, and then we saved it, but it wasn’t saving the […]

A Very Weird Joomla Issue

Back in 2011 (yes – that’s 6 years ago!) we published an article titled: “My Joomla Changes Are Not Showing!“. In short, the article stated that when Joomla changes in the backend are not visible on the frontend, then it’s a caching issue. Of course, Joomla has changed substantially between then and now, but typically, […]

5 Reasons Why Saving Joomla Articles Is Timing Out (or Taking a Long Time)

One of the most annoying problems on Joomla websites is that saving articles can timeout (and display a 500 – Internal Server Error message) or can take an insane amount of time. This problem is not uncommon on large websites, and it typically gets worse every day. But why does this problem exist on a […]

Platform Specific Caching – A Hidden Gem Inside Joomla’s Global Configuration

Back in 2014, we presented a solution to a common Joomla problem then, where Joomla displays the mobile version of the template on the desktop (or vice versa). We stated that the problem was caused by the Joomla cache, which caches the mobile version of a page and displays it for both desktop and mobile […]

On Joomla’s Core Hacks

Note: In this post, by “core file” we mean a Joomla file that cannot be overridden at the template level. We have a somehow hawkish attitude when it comes to optimizing Joomla: we are not afraid of using core modifications (e.g. core hacks) to optimize/secure Joomla websites. For that, we are often criticized by some […]

Leveraging the Power of the “defines.php” File to Monitor POST Requests on Joomla Websites

As of version 1.6.0 (which was released 6 years ago in January of 2011), Joomla checks for the presence of a defines.php file at the main directory of the website. If it finds it, then it includes it. The defines.php file is not part of the Joomla core, it doesn’t even come packaged with Joomla. […]

Joomla Configuration Settings Not Saving? Read This!

A curious thing happened to us this morning while trying to update a supposedly small Joomla 2.5.28 website to 3.5.1. No – we didn’t suddenly develop xray vision, it was something even curiouser than that! Let us begin by explaining what we were doing… We were, as stated before, trying to update a small Joomla […]

How to Add a Joomla Super User from phpMyAdmin

Ever since the elevated permissions (or elevated privileges) exploit in Joomla versions less than 3.6.5 was made public, we are seeing weird things happening to the #__users table on hacked Joomla websites. These weird things can be any (or all) of the following: The usernames of all the users are changed to admin. All super […]

Module Title Is Not Showing on Joomla: How to Fix

A new client emailed us this morning and told us that the titles of modules assigned to a certain position are not showing. He told us he was using the latest version of Joomla, and that he ensured that “Show Title” was set to “Show” in the module’s settings. He told us that he’s confident […]

“To use reCAPTCHA you must get an API key” Error when Using reCAPTCHA on RSForm

A client of us told us that he didn’t like the default CAPTCHA (by the way, in case you really want to know, CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart) field that comes with RSForm. He said that the letters looked very small, and that it affected his […]

Registration Form Redirects to Login Form on Joomla 3.6.5

While processing what seemed to be a very simple request from one of our clients this morning, we encountered a very weird issue. The simple request was that the client wanted a simple registration form on his website, and the weird issue was that, for an unknown reason, we were redirected to the login form […]

All URLs Display Homepage Content on a Joomla Website Powered by NGINX

We had a weird case late last week: a new client contacted us and told us that all the links on his website were pointing to the homepage. He told us that he was using NGINX, and he told us that he thought that NGINX is the cause of the issue. So, we checked the […]

Out of Memory Error vs Allowed Memory Error on a Joomla Website

We know, it’s been a couple of weeks since we last wrote a post on this blog – we’re not getting lazy, it’s just that we had quite a few large projects in December. Still, we feel guilty, and so we decided to write a post right now, and if you want to know what […]

Disqus Account Hijacked – What to Do

Let us tell you a little story… A huge Joomla website that we fully manage uses Disqus for commenting. The website receives an insane amount of traffic and it is in the Alexa top 10K websites in the US. About 4 months ago, we noticed that the Disqus commenting section had irrelevant ads, but we […]

List of Website Types That We Are Unable to Work On

Frequently, we get calls from potential clients asking us to fix problems on their Joomla websites, only to find out afterwards that we are unable to do any work for them because of the nature of their websites. Clearly, this leads to disappointment on both ends: the clients need our work and they can’t have […]

A Script to Migrate Articles’ Meta Keywords to Joomla Tags

Note: Before you use our script, please backup your website (filesystem + database). While we have tested our script many times it’s always better to be on the safe side and backup your Joomla website first. Important note: The script is provided “as-is”, we can’t claim responsibility for it. We can’t even claim that it […]

Empty (Not Blank) Joomla Backend – Cause and Fix

Note: Any reference to ‘#__’ in this post must be replaced with the database alias of your website, which is defined in the configuration.php file. This noon, a client called us and told us that whenever he was trying to login to his Joomla website, he was seeing an empty page. He was quick to […]

Why Is It that Joomla Doesn’t Care About the Category Alias in Article URLs

There is a confusing “feature” in Joomla, and it is that the CMS, unintentionally, can have multiple links pointing to the same article. For example, if you go to the following URLs http://www.[your-joomla-website]/category-1/12-test-article.html and http://www.[your-joomla-website]/category-2/12-test-article.html then both URLs will work despite the fact that they point to the same article, and despite the fact that […]

A Very Scary VirtueMart Exploit, or Something Else?

A new client called us a couple of hours ago and told us that he had a problem on the VirtueMart store on his Joomla website. He said that early in the morning a client called him and asked him about the status of his one week old order which he paid for through PayPal. […]

Are You Unable to Edit Your Joomla Articles? Read This!

Note: This post is extremely advanced. Only try to implement the below if you’re a solid developer and after backing up the Joomla website (database + filesystem). We had a weird case this morning. A client called us and told us that her staff were able to edit certain articles only once every day – […]

“Application Instantiation Error: Table ‘db.#__session’ doesn’t exist” Error in Joomla: 5 Possible Reasons

Note: You must replace #__ in the post below with your database alias which is the value of the variable $dbprefix that is defined in the configuration.php file of your Joomla website. Another note: Always backup your Joomla database before making any modifications to it. A not so uncommon fatal error on Joomla websites is […]

Using Apache’s Substitute Module to Remove the Joomla Meta Generator Tag

At itoctopus, we love doing things in different ways, this helps us broaden our horizon and it also allows us to provide several alternative solutions for our readers, who may prefer one method over another. In a previous post, we have discussed, in details, 2 methods for hiding the Joomla version. The first one consisted […]

“Blocked loading mixed active content” when Using Joomla’s SEF in HTTPS Mode

Yesterday noon, a new client contacted us and told us that he was having problem when using HTTPS on his Joomla website (the website in question was using the latest Joomla version, which is 3.6.4). He said many images did not appear, and it seemed as if no CSS was applied to the website whatsoever. […]

“The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.” Error when Updating a Joomla Website

While trying to update the Joomla website of a regular client of ours, we were faced with the following error: “The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.” If you are an avid reader of our blog, then you will know that the […]

JCE Editor Crashing on a Specific Joomla Article

We think very highly of JCE and we have huge respect for its developers. We recommend it to our clients and we always install it on the Joomla websites that we fully manage. With the exception of very few quirks, our experience (and that of our clients) is very smooth with JCE. The very few […]

“Fatal error: Class ‘JFeedItem’ not found” When Overriding the Joomla Core

Note: This is an advanced post which mentions an unstable extension at the time of writing (November 2016). We suggest you avoid overriding the Joomla core if you’re not comfortable with your programming skills. If you need help with overriding the Joomla core, then you can always contact us! Until very recently, we used to […]

How to Create a Custom HTML Module in Joomla’s Backend

Sometimes, large companies have some text that they want to display somewhere on the backend of their website for their staff. The text might consist of editing instructions, a legal disclaimer, or a general announcement. Now, on the frontend, it is very easy to display such a text by using a Custom HTML module (nowadays, […]

“Unknown SSL protocol error” on Joomla’s VirtueMart Checkout

A client of ours emailed us yesterday and told us that clients weren’t able to checkout on his VirtueMart store. He told us that they were seeing the following error: Unknown SSL protocol error in connection to www.eprocessingnetwork.Com:443 We did a quick research on the issue and it looked like it was caused by an […]

A Downloadable List of the Top 500 User Agent Strings on a High Traffic Joomla Website

This morning, we thought we had a little time to do something fun, and so we created a command to generate a list of all user agent strings (or signatures) on a very high traffic Joomla website that we maintain. “Why is that?”, we hear you ask… Well, because 1) we were curious about which […]

How to Quickly Know the Version of any Joomla Website

Let’s say you want, for one reason or another (hopefully a good reason), to know the version of a Joomla website that you don’t own. You don’t have FTP/sFTP access to the site’s filesystem, you don’t have access to the backend, and you don’t know the owner. So, what do you do? Well, for the […]

500 HTTP Errors – Revealing Vulnerabilities on Your Joomla Website

One of the biggest mistakes that system administrators make when analyzing the Apache server logs, is that they ignore many of the “500” HTTP errors (also known as Internal Server Errors). They think that these fatal errors – if they are not happening on legitimate pages, then they are not worth investigating. Little do they […]

A High PHP Memory Limit in Joomla = An Invitation for DoS Attacks

Occasionally, Joomla administrators face the infamous allowed memory size error which forces them to increase the memory_limit value in the global php.ini or in a local .user.ini file by adding the following line: memory_limit=256M The above code will increase the memory limit to 256 megabytes, which is more than ample for any Joomla website out […]

The Dangers of Relying on Joomla’s Banners Extension for Advertising

We just got a call from a new client, telling us that she was perplexed about the fact that the number of banner impressions on her Joomla website is unrealistic. She said that her Joomla website is getting about 10K visitors/month according to Google Analytics, but the number of impressions counted on her Joomla website […]

SQL Injection in Joomla – Is It Still a Concern?

The last time we had a case of SQL injection on a Joomla website was a long time ago – and the affected Joomla website was a Joomla 1.5.10 website (which is highly exploitable – even by Joomla 1.5.26 standards). Since then (we are now in October of 2016), we have not seen a single […]

HubSpot Adding Weird Tracking Code to Links on a Joomla Website

Some time ago, while performing daily maintenance work for one of our large clients, we noticed that some of the external links that they had had some weird hash in them. What was interesting is that all these external links that had this problem were domains owned by the client. A little digging into the […]

Yet Another Login Loop in Joomla’s Backend

Login loops are probably the most complex problems to fix on a Joomla website. Here’s the scenario: you go to the login page of the backend of your Joomla website, you enter your username and password, you click on the blue Log In button, but, to your surprise, you are redirected back to the login […]