I have a Joomla! 1.5 client asking to do an audit of their install's health, SEO and security.

Joomla! Tool Suite / HISA doesn't exist anymore; are there any comparable extensions I could use?

If not, what are the main issues one must generally address when evaluating a Joomla! site's health and security?

Thanks!

Accepted Answer

I do not know about any software that helps analyze this for Joomla.

I can spend hours going over this..., here is the brief version ;-)

Health:

  1. Make sure client is updated with the latest version of Joomla 1.5 that includes all the latest fixes like: xss, sql injection, etc...
  2. Make sure PHP settings are in order
  3. Make sure MySQL settings are in order
  4. Over time database becomes slower because of "quick deletes"... therefore it needs to be cleaned (optimized) to make it work faster. Analyze and Optimize entire database or a table at a time with ANALYZE TABLE and OPTIMIZE TABLE

SEO:

  1. Use Google Webmaster Tools to help you understand details.
  2. Use Google Analytics to understand what kind of traffic you are getting.
  3. Check pages for titles/description and content written for the users and not search engines
  4. Make sure Search Engine Friendly URLs are used. If sh404 is used, make sure it's updated to latest version.

Security:

This one can get super complex, depending of the level of security, installed components and environment.

  1. Make sure database is accessible only by the localhost or webserver is external db is used and specific IPs. Do not allow "wildcard access" to the database.
  2. Restrict administrative screen (www.site.com/administrator) to specific list of IPS (modify administrator/index.php file) or protected it with somekind of plug-in like "jSecure".
  3. If 3rd party extensions are used that use file upload... inspect them to make sure file types are restricted by the server-side validation. Do not rely on the JavaScript to perform the validation.
  4. Make sure username: "admin" is not used.
  5. Make sure permissions are correct. 644 for config file, etc...

Other:

  1. Make sure gzip compression is used to reduce transfer size
  2. Make sure site is not too heavy. Use YSlow to analyze. If it is consider using plug-in like jFinalizer to combine multiple external files into 1 and gzip them to reduce transfer size
  3. Check number of images for regular page... a lot of websites use dozens of tiny images in CSS for pretty styles. This generates more request to the server and slows it down. Consider creating sprites.
Written by Alex
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki