Joomla! installations are usually straightforward and offer little trouble. The problems you may encounter will likely plague all the CMSs examined here, and that includes permissions, ownership issues, incorrect database settings, and so forth.
After you download the compressed installation file, you must unzip (uncompress) it and upload it to your server's web root directory (typically public_html).
To commence the process, open a browser and visit the domain where Joomla! will be installed, such as http://www.YourDomain.com. This kicks off the installation routine.
Like the other CMSs, Joomla! has the capability to support multiple languages. In the first screen, you choose the language the site will default to, as shown in Figure 3.2.
Figure 3.2 Language choice
The installation script will check the environment where you are attempting to install. If an issue exists, you will see the problem displayed in the confirmation screen shown in Figure 3.3, the next screen in the installation process.
Figure 3.3 Pre-installation check
As you can see in Figure 3.3, the Display Errors setting is actually On, but the recommended setting is that it be turned off. You can remedy this situation in your php.ini file. After you review this page, write down anything that needs correction (such as the Display Errors setting in this example) for later remediation.
Click Next and the Joomla! license page appears. After you review the license terms, click Next to proceed to the Database Configuration screen shown in Figure 3.4.
Figure 3.4 Database Settings page
The settings here are categorized as Basic and Advanced. In the Basic settings, enter the database connectivity and other settings, using the following as a guide:
Database Type—In this example, this is set for MySQL, which, for most people, will be the right choice.
Host Name—Most of the time, this is localhost, but for some web hosts you will have a specific server name.
User Name—This is the user specified for the database.
Password—The password for the database.
Database Name—This will be the name of the database you gave when you created it.
Under the Advanced Settings, you see two radio buttons and a text box. Selecting the “Delete existing tables” option will wipe your database clean of any previous entries. If you are reinstalling and have not backed up your database, then select the second option, “Backup Old Tables.” This creates a database prefix of bak_.
The Table Prefix in your database defaults to jos_. You may want to change this for “security-by-obscurity” reasons. Changing the Table Prefix won't make you more secure, but it will lower the obvious profile. For now, leave it as the default of jos_ and click Next to continue.
The built-in FTP layer allows specific File Transfer Protocol (FTP) functions within your Joomla! site, as shown in the next screen, displayed in Figure 3.5. Although opinions are mixed, the recommendation is to leave this disabled. If you want to enable it, you must provide the FTP authentication information. Click Next to continue.
Figure 3.5 FTP Configuration page
The next screen you see enables you to enter information about your site, as shown in Figure 3.6. Here you fill in your site name, proper e-mail address, and choose a strong administrator password. Notice that the Your E-Mail option has the word admin in it. This is a default that appears in Joomla! 1.5. It does not change your actual superuser admin name.
Figure 3.6 Naming your site
In the lower portion of Figure 3.6, notice two other settings:
Install Sample Data—Selecting this option will populate your site with all types of menus, content, sections, and categories. This is a great way to learn how the system works, but might get in your way for a production site.
Load Migration Scripts—Select this option to migrate an old Joomla! 1.xx site to Joomla! 1.5.
Migrations of 1.0 to 1.5 are beyond the scope of this book. Do not load the migration script.
Click Next to continue.
The final screen, shown in Figure 3.7, directs you to remove or rename the directory named Installation. You'll need to FTP or SSH into your server or website to take care of removing this directory. You should simply delete the folder.
Figure 3.7 Joomla! Installation complete
From here, you can visit the site or log in as admin.
One detail that will improve your security is to get rid of the default admin user. Follow these steps:
1. Log in as admin. 2. Create a new user.
3. Escalate the privileges of the new user to super administrator.
4. Save the change and log out.
5. Log in again as the new super administrator you just created.
6. Lower the former admin user privileges to a registered user.
You've now removed the default admin user. What you have done is to remove the obvious admin as a target for a hacker. For example, changing it to K39F028 as the username would make an attacker's attempt at a brute-force attack much more difficult, because the intruder wouldn't know the username.