1guywebdesign rambles on about open source technologies like joomla and wordpress.

Or, keep the crackers guessing..

If you’ve got an active website online chances are you’re aware of the presence of those nefarious types who, for whatever unscrupulous reasons, attempt to breach the security measures of your website for their own personal gain or glory.

Sure, it’d be nice if everyone could just get along, respect each others stuff and enjoy their time online, both in publishing and browsing but.. “That ain’t happenin’ anytime soon” so…

I’ve taken the liberty of putting together a few articles on “hardening joomla! CMS “, “domain and website security measures 101″ and “10 effective tips for responsible website administration”.

All overly titled and official sounding but, even if you are the type who would rather skip the readme.txt and go straight to the install, you should find something of value that may perhaps, save you a day or three from rebuilding one or more of your projects which succumbed to a security breach.

While scanning the 1guy logs last night I noticed a significant increase in folks visiting the site using the full url http://www.1guywebdesign.com versus the quickie approach of just typing the url sans the www, e.g. http://1guywebdesign.com.

Same site, same content, same IP but… to certain search engines who shall remain nameless it appears to be two distinct blips on the radar.

Duality’s a bad thing.

Well, we can’t have folks doin a search for joomla templates or tutorials and getting duplicit results now can we? And, much as I’d like to pick up the phone and call Serge Brin and ask him to kindly email the google pigeons downstairs about resolving my duplicate content results well, I don’t think It’ll happen before my current batch-O-projects move out of sandbox.

PRoblems?

So I decided to take a minute or three and tune up my .htaccess file so that it tells anyone and everyone that visits that I’VE got a WWW in front of my 1guy.

Consistency rocks…

.htaccess, your domain doorman

My domain’s doorman file sits in the root folder/directory on my server somewhere in a large, non-nondescript building in eastern New Jersey. I don’t see him much because he’s usually hidden (invisible) by the .(dot) prefix, but… when I turn on “show invisible files” within my FTP app (Transmit/OSX) he appears.

301=Permanent Redirect

This morning I ftp over to my server, find my .htaccess file sitting there and quietly inform him there’s a few changes to be made and that he’s about to come to terms with his inconsistency and consolidate his domain mapping issues.

Simple, little more than 4 bitsy lines of code and we’ll make sure that from now on, anything or anybody coming in past .htaccess gets pointed -only- to either http://1guyweb or http://www.1guyweb but not both.


Options +FollowSymLinksRewriteEngine On
RewriteCond %{HTTP_Host} ^1guywebdesign\.com [NC]
RewriteRule ^(.*)$ http://www.1guywebdesign.com/$1 [L,R=301]


Line one tells the world we’re going be using symbolic links.
Line two toggles my host parameters allowing it to dynamically change/rewrite urls BEFORE they get passed back to folks (and search engines).
Line three says “look at every incoming http request” and IF it doesn’t have a WWW prefix goto the next line.
Line four says “take all http requests which don’t have a www prefix and make sure they get the pretty www prefix” and then return a HTTPD saying “hey, look, this request has been permanently redirected”.

Easy, peasy… Now we’ll see if google will ever grant me back my pagerank…