4 Things any Joomla admin should know

Joomla is easy to use. No doubt about that. But maintaining a Joomla site is much more than just clicking around in the Joomla backend. It requires knowledge of hosting, of performance techniques, and even some bits of PHP programming. Here's a listing of things you should know when administratoring Joomla sites.

1. PHP error reporting

A lot of Joomla administrators stop listening when the word PHP comes out. After all, they're not PHP developers themselves. However, there are some fundamental things about PHP that any Joomla admin should know, and error reporting is one of them.

When PHP language is being written, mistakes can be made: Most spelling mistakes are deadly and they will generate PHP Fatal Errors. Whenever a PHP Fatal Error occurs, something goes wrong fundamentally and it should be fixed as soon as possible. A PHP Fatal Error indicates needs to be fixed right away.

There are more PHP messages that might be important to either you as a Joomla admin, or to PHP developers. For instance, a PHP Warning indicates that something might go wrong, so it is better to fix things in advance. A PHP Deprecated Warning tells you that the code is outdated and should be updated. A PHP Notice tells something about the cleanliness of the code.

When code is properly written, no PHP message should occur at all. This means zero PHP Notices, zero PHP Warnings, zero PHP Fatal Errors. If you encounter such a message, feel free to contact the developer of the code that generates this message, and ask for a fix.

Do not call a PHP Notice an error though. It is not an error, it is a notice.

2. Blank pages are pointless

Whenever you encounter a blank page, chances are big that there's actually a PHP Fatal Error causing this. However, reporting that blank page to somebody else (a third party developers) is pointless - the blank page gives no information at all and troubleshooting it will not lead to anything.

Instead of focussing on the blank page, focus on the actual PHP message instead. If there is a blank screen, the actual PHP error should be logged somewhere. You, as a site admin, have the responsibility to administer these logs and pass them to anyone who needs them. Locate the error log, and single out the actual PHP Fatal Error that is reported when the blank page is shown.

Alternatively, go into the Joomla Global Configuration and set the Error Reporting level to Maximum. This should display any PHP error right on the screen, instead of showing a blank page.

3. SSH is secure, FTP is not

Many site owners still use FTP. If you know about SSH, you must know as well that FTP sends out credentials over the network in plain text. If a hacker is on that same network and listens to all networking traffic, the credentials now also belong to the hacker. FTP is not secure, period. SSH should be used at all times. If shell commands are not your thing, use SFTP instead.

4. System Cache plugin is dangerous

The System - Cache plugin is disabled in Joomla by default, and there is a good reason for it. It will cache all pages in your frontend. This means that the first time that you access a page, it will be dynamically generated by Joomla. However, the second time (and all subsequent times) it will be loaded from cache instead. This principle is called page caching. It might be very useful for improving site performance ... if your site is static.

The page cache will serve the same cache to all your visitors. This poses a challenge for Joomla security mechanisms like the form token: For instance, with the contact form, a unique token is generated for each visitor, and if the token is no longer valid, an error is being generated. With page caching, the token is only generated the first time and then cached, so this actually causes invalidation for all subsequent requests. To fix this, the System - Cache plugin tries to dynamically replace any token in the cached page with a valid token. If this fails, your forms stop working. When enabling the plugin, you need to take up the responsibility to make sure it all still works. Check this from multiple IP addresses and multiple browsers.

The System - Cache plugin tries to fix the session token, but it will not be able to fix other dynamic parts of your site: If you are running an e-commerce site, you can not use the System - Cache plugin. Using it anyway, it would mean any guests (visitors who are not logged in) will share the same shopping cart.


If you have any suggestions, please tweet us at @yireo so we can add them to this listing.