“Ajax Loading Error: Category not found” Error when Updating a Joomla Website

A new client, with a Joomla 3.6.0 website, called us yesterday evening and told us that every time he tries to update his Joomla website, he sees the following the following error: Ajax Loading Error: Category not found So, we went to his website, and tried to update Joomla, but, as expected, we saw the […]

Blank Page When Clicking on “Read Messages” in Joomla’s Backend

A client contacted us on Friday of last week and told us that he had the following weird problem: every time he clicked on Read Messages (which is located in the You have post-installation messages box) in the backend of his Joomla website, he saw a blank page. A blank page in Joomla, as you […]

Checkboxes Not Showing in the Backend of a Joomla 1.5 Website

Very early in the morning today, a new client sent us the following email: “Hi, We have a Joomla 1.5 website that has been working well for a long time. Yesterday, our host decided to upgrade PHP, which resulted in the following problem on our website: checkboxes are no longer visible anywhere in the backend […]

Alternative Layout Not Working for Your Custom Joomla Module? Read This!

While working on making a very large website responsive over the past few days, we were faced by a small blip. A small, but interesting (and annoying) blip… We wanted to show a different layout for a custom made module (we’re not talking here about Joomla’s Custom HTML module [which is now called just the […]

A Very Long Password in Joomla Does Not Mean Better Security

A new client of ours called us very early in the morning and told us that his website was hacked and he wanted our help to clean it. He told us over the phone that he had no idea how he got hacked despite the fact that he had a very long and complex password […]

White Screen when Trying to Edit a Joomla Article: How to Fix

It’s Friday – time for everyone to relax a bit and plan for the weekend! Everyone, of course, except for us! We work 24/7/365! In fact, last Sunday, a client emailed us and told us that they have a problem when editing articles in Joomla’s backend: whenever they click on an article to edit it, […]

“You are not permitted to use that link to directly access that page” Error when Trying to Edit a Joomla Article

An important client of ours emailed us yesterday and told us that they were having the following problem: whenever they edit an article, save it (or close it), and then try to re-open it, they are redirected back to the Articles Manager page (instead of being redirected to the edit page of the article). They […]

How Content-Security-Policy Can Help Protect Your Joomla Website

Have you ever heard of Content-Security-Policy? If not, then we’re sure that you will find this post extremely informative and interesting… In short, Content-Security-Policy is a policy set in the httpd.conf file, the .htaccess file, or as a meta tag (in the HTML code) that is typically used to prevent the website from running external […]

A Couple of Shell Commands to Find Hacked PHP Files on a Joomla Website

Note: This post assumes your website is running on a WHM environment. If your website is running on Plesk than the physical location of your Joomla website will be different. Another note: This post assumes you have some very basic Linux knowledge. If that’s not the case then you can ask some Joomla security experts […]

How to Completely Disable Session Activity for Visitors on Joomla Websites

Note: This post contains core modifications. If you’re not comfortable with doing core modifications, then please ask some Joomla experts to do it for you. Another note: This post assumes that your website doesn’t allow users to login to the frontend – if that’s not the case then please be aware that the modifications below […]

The Hidden Downside of Embedding Joomla Modules in Articles

One of the really nice features that Joomla has is loading modules within articles using loadmodule or loadposition (or using an 3rd party extension such as Modules Anywhere). It is an excellent functionality that permits Joomla administrators to leverage the power of modules within articles (or even within modules if using Modules Anywhere). That flexibility, […]

A Super Quick Guide to Deal with a Hacked Joomla Website

You wake up one morning, and you get that nasty email from Google telling you that your Joomla website is hacked. So what do you do? Well, first of all you relax knowing that this can happen to anyone in this galaxy, and then, you follow the below guide: Backup your Joomla website (filesystem and […]

Internal Server Error on Joomla’s Backend Login Page – How to Fix

A client emailed us very early in the morning and told us that whenever he tried to access the login page of the backend of his Joomla website (e.g. http://www.ourclientjoomlawebsite.com/administrator ), he was seeing a 500 Internal Server Error page. He told us that the frontend worked flawlessly, and the problem was only in the […]

Minimizing Brute Force Attacks on Joomla’s Backend Using .htaccess

If you’re running a Joomla website and you regularly check your Apache web server logs, you will notice that these logs are full of brute force attacks. These brute force attacks consist of continuous POST requests to your Joomla website, with dictionary based combinations of usernames and passwords, with the hope that one of these […]

MySQL’s “SELECT INTO OUTFILE” – Should Joomla Administrators Be Afraid?

Note: This post is very advanced and is targeted at system administrators and advanced programmers. Another note: The aim of this post is strictly to promote security on Joomla websites and to investigate potential threats. It is not aimed at teaching others how to exploit websites. After reading a post this morning on the dangers […]

MySQL InnoDB Optimization for Large Joomla Websites

One of the first things that we used to do to resolve a substantial part of load issues caused by a Joomla website was to switch the main content tables from MySQL InnoDB database engine to MySQL MyISAM. The results were always impressive. Nevertheless, we always had conflicting feelings after the switch: while we were […]

“The File Cache Storage is not supported on this platform.” Error After Updating to Joomla 3.6

A client called us very early this morning and told us that after he updated to Joomla 3.6 (from Joomla 3.5.1), he was seeing the following fatal error on the Joomla backend: The File Cache Storage is not supported on this platform. We immediately investigated the issue (it was around 5 AM), and we realized […]

Searching for the “*/$” Pattern on Your Joomla Website to Discover Hacked Files

Over the course of the last decade, we have unhacked and secured many Joomla websites ranging in size from very small to very large. In most cases, cleaning up a Joomla website consists of the following steps: Blocking all traffic to the website. Backing up the website. Overwriting the core files from a fresh Joomla […]

“Could not connect to MySQL.” Error on a Joomla Website

Yesterday (Friday) we explained how a full disk brought the Joomla website of a client of ours completely down. We also mentioned that we upgraded the VPS plan of that client to a more generous plan in terms of disk drive and memory – what we didn’t mention, however, was that the VPS upgrade did […]

“An error has occurred” When Trying to Login to the Backend of a Joomla Website

A regular client of ours called us a couple of hours ago and told us that her company’s website was down, and she was seeing a weird error when trying to login to the administrator section of her Joomla website. We immediately checked the website and we noticed that the website was complaining about too […]

An Awk Line to Generate a List of 404 Pages Sorted By Number of Hits

Note: This post assumes a WHM based environment. If you are using Plesk or anything else, then the log path may be different. Please take that into consideration. With time, most websites will have an increasing number of 404 pages. This is natural and it is caused by changes in the link structure, wrong incoming […]

No Save Button in Joomla’s Backend – How to Fix

A client emailed us this Saturday morning and told us that he’s not able to see the Save button when he opens any content item for editing (such as articles, categories, modules, etc…). So we logged in to the backend of his website and we noticed that not only the Save button was missing, but […]

A ModSecurity Rule to Block Brute Force Attacks on a Joomla Website

At itoctopus, we dedicate a lot of time to research, especially on enhancing Joomla’s security and performance. Today’s post is a fruit of that research, as we have managed to devise a concise ModSecurity rule to block brute force attacks on a Joomla website. In case you don’t know what ModSecurity is, it is a […]

The Mystery of the Joomla Login Timeout

Back in May (today is the 21st of June, the day that should have been the summer solstice, but instead it was yesterday, since this year is a leap year [you learn something new every day!]) we had a client who approached us with a very weird problem. The client’s problem, to put it simply, […]

On Wicked Joomla Developers

It is Friday afternoon, and we have a little present for you: a free real life suspense story about a wicked Joomla developer, how he crashed his client’s website, and how we knew who he was, Sherlock Holmes style. Coincidentally, this post comes after our bad Joomla developers post, which makes sense, as a wicked […]

Let’s Not Forget About Bad Joomla Programmers

Most people using Joomla are very quick to blame it (Joomla) for any hiccups/problems they see on their websites. In most cases, these people are wrong. In fact, the majority of the problems happening on Joomla websites are not technically caused by Joomla’s core, but they are caused by one of the following: A change […]

A Quick Method to Disable 2 Factor Authentication on Joomla’s Backend

It’s been a long while since you have last updated the content of your Joomla website, but you decided, on a Sunday afternoon, to do just that. So, you navigate to the login page of the backend of your Joomla website, and you see a curious “Secret Field” input field. You ignore it, and you […]

How to Resolve the “Call to undefined function mb_split()” Fatal Error on a Joomla Website

We were commissioned yesterday morning to move a website form GoDaddy’s shared hosting to a VPS (with another company). So, we zipped the files and we exported the database from the old server, and then we extracted the files and imported the database on the new server. We then proceeded with testing the website (after […]

GoDaddy Shared Hosting and Hacked Joomla Websites

We are having an increasing number of calls from clients asking us to fix their hacked GoDaddy shared hosted Joomla website. While many may see this as an indication that GoDaddy has many customers, we see the whole thing a bit differently. The thing is, a few months ago, we only had a few GoDaddy […]

Resolving the Dreaded “Call to a member function getDocument() on a non-object” Error on a Joomla Website

A client called us yesterday and told us that his website was displaying the following error after a manual upgrade of his Joomla 3.1.1 website to Joomla 3.5.1: Fatal error: Call to a member function getDocument() on a non-object in plugins/system/sef/sef.php on line 36 We then asked him, what do you mean exactly by a […]

“Error displaying the error page: Application Instantiation Error” Fatal Error on Joomla

Late this evening, a client called us and told us that, after moving his website to a new host, he was seeing the following (fatal) everywhere on his website: Error displaying the error page: Application Instantiation Error Typically, the above error is associated with wrong database credentials in the configuration.php file, so we tried the […]

Joomla Backend Login Redirects to “Sorry” Page on WHM/cPanel

Yesterday, we were commissioned to move a large website (for a US clinic) from one server to another: we moved the files, we installed the database, we modified the configuration.php file to reflect the new server’s settings, we modified our Windows hosts file (to force the domain to point to the new IP), and then […]

How to Use Joomla’s Ajax Interface Component (com_ajax)

Last week, we were commissioned to build a tool that displays a list of state representatives on the website of a company producing soda dispensers. The tool consisted of a simple dropdown, containing all the American states, and, based on the selected state from the dropdown, the tool displayed the representatives serving the selected state. […]

“Login denied! Your account has either been blocked or you have not activated it yet.” Error When Logging in to a Joomla Website

This evening, a new client from Florida approached us with what seemed to be a very easy issue: whenever he tried to login to the backend of his Joomla website with his super user (aka super administrator) account, he was seeing the following error: Login denied! Your account has either been blocked or you have […]

ImageMagick and the Onslaught of Joomla Hacks

As discussed in a previous post, we have been experiencing an onslaught of Joomla 3.5.1 hacks for a few weeks now, and although we were able to clean and protect the hacked websites that we were asked to fix, we were not able to get to the root cause of the problem. We did, however, […]

What’s with All Those Hacked Joomla 3.5.1 Websites?

As of late, we are getting an abnormal number of requests for malware cleanup on Joomla websites (a substantial number of these websites are infected with the Google hack). What’s even more interesting is not the sheer number of such requests, but the fact that the absolute majority of the affected Joomla websites were 3.5.1 […]

“The table ‘#__session’ is full” Error in Joomla

A client emailed us this Saturday morning and told us that he was seeing a blank page on every page on his website. Clearly that was the sign of a fatal error. Naturally, all we had to do was to search through the logs in order to find out what the problem is; it didn’t […]

Joomla 404 Pages Causing Load and Memory Issues – How to Fix

Note: The solution presented in this post consists of a core modification, since it addresses a Joomla bug. Proceed at your own risk and always backup your Joomla website before modifying core files. Oh, and don’t forget that future Joomla updates may wipe out your changes (so you may need to redo them after each […]

URL Rewriting Not Working on a Joomla Website: How to Fix

We had an interesting job today: a regular client called us in the morning and told us that he can’t get URL rewriting to work on his Joomla 3.5.1 website. He told us that when he set Use URL Rewriting to Yes in the Joomla’s Global Configuration, all the URLs, with the exception of the […]

How to Submit Data from a HubSpot Form to Your Joomla Website

A client of ours, who has been using HubSpot extensively for a couple of years now, asked us for something fun! He wanted to grab the contact data (when a new form was submitted in HubSpot) in order to create a Joomla user out of it. In other words, whenever someone fills out a specific […]

How We Analyze the Logs for Suspicious Logins on a Joomla Website

An important daily task that we perform on the large websites that we maintain is the checking of the IPs that successfully accessed the backend section of the website. We check where these IPs are coming from, and, if they are coming from an unusual location (such as a remote country), then we will look […]

The Curious Case of Multiple Webmaster Tools Verifications on a Joomla Website

Trivia: The title of this post is inspired by the movie “The Curious Case of Benjamin Button”, which is somehow unique (in our humble opinion), but please don’t unfriend us if you don’t like it. The notion of aging backwards is fascinating, original, and, to some extent, true. While examining the Joomla website of a […]

Joomla, Pagination, and Performance Issues: Again and Again

Warning: The code changes in this post are in the core. Proceed with caution (and at your own risk) and keep in mind that future Joomla updates may wipe out the below changes. In a previous post, we have explained how we resolved performance issues caused by pagination on a large Joomla website. The results […]

Is Joomla 3.5 Really 50% Faster than Joomla 3.4.8?

Rumors spread around quickly, and the latest rumor, besides the one that states that the world is not flat, is that Joomla 3.5 is 50% faster than Joomla 3.4.8. To be more specific, the rumor states that Joomla 3.5 is 50% faster because, unlike Joomla 3.4.8, it can run under PHP 7. So, the rumor […]

A Quick Shell Command to Check the List of Modified Files on a Joomla Website

One of the things that we do daily on the websites that we fully manage is check which files were changed in the past 48 hours. Doing this helps us catch files that were maliciously modified, it also helps us check whether the client’s employees have uploaded files that they shouldn’t have uploaded, or have […]

How to Resolve Performance Issues Caused by Pagination on Large Joomla Websites

Warning: The solution presented in this post consists of a core modification, which means a future Joomla update may wipe it out. You have been warned! If you check the MySQL slow query log of a large Joomla website, you will probably see something like the below query: SELECT a.id, a.title, a.alias, a.introtext, a.fulltext, a.checked_out, […]

Joomla’s Backend Displaying phpMyAdmin

We had an interesting case today – a client of ours told us that whenever he tries to login to the administrator section of his website, he was seeing phpMyAdmin‘s login page instead of Joomla’s regular administrator login page. At first, we thought we misunderstood what the client said, but it didn’t take us long […]

Joomla Website Crashing Constantly After Moving to a Larger Hard Disk

A regular client called us a week ago and told us that, after moving his Joomla website to a larger hard drive, it started crashing constantly. We checked the load on his server and it was super high (in the double digits) which explained the constant crashing, but didn’t really reveal the root cause. So, […]

Internal Server Error When You Use PHP 5.5 for Your Joomla 3.x Website

For the somewhat technically savvy, the title of this post may seem like an oxymoron: Joomla 3.x should run very well on any PHP version ranging from 5.3.10 through version 7! So why should it have a problem with PHP 5.5 (or higher versions of PHP)? To answer this question, let us tell you a […]

How to Disable Browser Caching in Joomla’s Backend

We received the following email from a client yesterday: “I’ve had a problem for about a year with my company website. It makes me attempt the login 3-5 times before getting into the backend, and then when I’m in, I have to save any change I make to the site either 2, 3, or 4 […]