SSL Labs ScoreSecurityHeaders.io ScoreHSTS Preloaded

Password Strength 3.0.1

Overview

A fully customizable user password strength meter for your user registration, profile edit and admin user edit pages. This plugin effects forms created with JForm to add the strength meter. It doesn't get any easier than this - enable the plugin and the meter appears. Everything can be customized!

  • CSS Style
  • MooTools Transitions
  • Text
  • Weak/Medium/Strong tests
  • Can be extended to work with other forms (which use JForm)
  • Can be configured to enable the Joomla built-in password strength meter.

Installation

  1. Download Password Strength from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Password Strength".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Password Strength".

Configuration

Password Options

Minimum Length/Maximum Length: determine the minimum/maximum acceptable characters for the password. Below the minimum and the password will never pass as more than "poor", beyond the maximum and the password will always pass as "strong".

Use Default Tests: Enables the custom strength tests if "No" is selected.

Display Options

Use Text Meter: If enabled, text is displayed to indicate Poor, Weak, Medium or Strong

Use Transition Effects: Animate the transition between strength levels

Use Custom CSS: Style using the custom CSS configuration

Transition Effect

Method, Transition and Duration of the MooTools transition effect.

Custom Strength Tests

Configure the Weak, Medium and Strong Regex tests

Custom Style

CSS style of the meter

Custom Forms

Any com_user forms and the associated field name can be added to this list to display password strength. One form per line.

The format is: context:inputname

Example: com_users.profile:password1

2.5+ Options

Use Built-in Meter: Uses the built-in Joomla password strength meter.

Strong Threshold: Numerical value changes the strong threshold. Mouseover to see an explanation of the algorithm used to calculate strength.

HELP

Please report bugs!

Do Not Track 1.1

Overview

For those who don't know what Do Not Track is all about, please refer to this site:

http://donottrack.us/

This plugin detects the Do Not Track browser setting and adds or removes a Joomla Access Level based on that setting. Components, Modules and Plugins which set tracking cookies can then be added to that access level.

Implementing this successfully will take planning and configuration. THIS IS NOT A PLUG-AND-PLAY EXTENSION!

An administrator creates a Do Not Track - Opt-In group and access level, and assigns that level within the plugin configuration. When a user arrives with Do Not Track turned OFF - the access level is added to the user and any components, modules or plugins that are assigned to that access level are allowed to run. When the user turns Do Not Track ON - that access level is removed from the user and those components, modules and plugins are not allowed to run.

Installation

  1. Download Do Not Track from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Do Not Track".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Do Not Track".

Configuration

Implementing this extension isn't plug-and-play. It requires planning and extra steps to fully realize the potential. Here are the steps to successful implementation:

  1. Create a new User Group for users who did not turn on "Do Not Track". Leave the parent group "Public".
    • In my implementations, I name the group "Do Not Track - Opt-In" - because users who did not turn on the setting have implicitely opted into tracking cookies.
  2. Create a new Access Level. Choose the group you just created (and no others).
    • In my implementations, I name the access level "Do Not Track - Opt-In" for the same reason as before.
  3. Assign your menu items, modules, and plugins (which use or load services that set tracking cookies) to this new access level.
    • Users who have not opted out (turned Do Not Track on in their browser), these items will load.

HELP

Please report bugs!

Auth Log

Overview

This user plugin tracks successful and failed login attempts, the connecting IP address, the OS, Browser (and version) and of course - the time attempted. Available in /administrator and optionally in the user profile (only visible to the owning user), this plugin offers an AJAX powered IP lookup, providing some rudimentary details from a free lookup service.

Installation

  1. Download Auth Log from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Auth Log".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Auth Log".

Configuration

There are 3 configuration options:

Download ID requires the download ID number assigned to you when you purchased the extension. This number can be found on the extension page while you're logged into RicheyWeb.com

Visible to Users enables display in the user profile.

IP Lookup provides a link to the AJAX lookup service.

HELP

There are currently no outstanding help requests

Profile History

Overview

Profile History is what it sounds like - it tracks the historical values of profile fields.

Installation

  1. Download Profile History from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Profile History".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Profile History". You will find 5 plugins - enable all of them.

Configuration

There is not much to configure for basic operation. When the plugin is enabled, all changes to user profile fields are tracked. No facility is provided to delete the data because that would defeat the purpose of a data tracking plugin.

Sensitive data (passwords) is not recorded, although a record of its manipulation is tracked

The "Notify" feature can be enabled to reveal "Field Identifiers". When enabled, an administrator can identify specific fields which will trigger a notification email to the user being modified. The fields are identified by a "dot path", which is explained in this video:

https://youtu.be/sOtsDXdLhLA

HELP

Please contact me if you have any issues or if you need a custom data handler.

System - SCSS

Overview

System - SCSS is an automatic compilation plugin for templates that utilize SCSS markup for styling.

Rather than manually compile SCSS, this plugin allows changes to be uploaded to the website template/scss folder. When the plugin finds an SCSS file which is newer than the compiled CSS, it initiates a compilation operation.

If your template utilizes the Joomla Debug setting to switch between minified CSS and expanded CSS, this plugin can detect the presence of the minified version and automatically creates an unminified version to assist in debug.

Installation

  1. Download System - SCSS from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "SCSS".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "SCSS".

Configuration

Force Compile - enable this option when the file modified time may be in the past (extracting from an archive might cause this). Warning, this option should be enabled only for a short time. It will adversely affect your site performance if left on.

Compile Message - Enabling this option causes the plugin to display success/failure messages for the compilation operations. It will list every file that compiled successfully, and every file that failed to compile.

Compression Type - The compilation software offers 5 compression methods which range from no compression (Expanded and Nested) to high compression (Compressed) and some levels in-between. For best compression, use "Compressed"

HELP

Let me know what you need in the forums.

More Articles ...

  1. System - Article Hits
  2. Authentication - Session Limit
  3. System - Required Fields
  4. System - Software Log