SSL Labs ScoreSecurityHeaders.io ScoreHSTS Preloaded

Expires Headers 3.1.1

Overview

Installation

  1. Download Expires Headers from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Expires Headers".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Expires Headers".

Configuration

HELP

Discuss this article in the forums (0 replies).

Session Keeper 3.1.3

Overview

Without interaction, Joomla will expire your session after your session timeout period expires (a setting in Global Configuration). Session Keeper provides the ability to prevent timeout for users of specific groups, and provide warnings to everyone else.

Installation

  1. Download Session Keeper from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Session Keeper".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Session Keeper".

Configuration

HELP

Discuss this article in the forums (19 replies).

DomainRestriction 2.5.3

Overview

Using DomainRestriction is simple. Enter one or more domains into the plugin configs and you're done. Anyone attempting to register an email address that isn't on the approved domain list is immediately denied or vice versa - inclusive or exclusive - it's your choice.

Need more granularity? No problem! Additional configuration allows an administrator to allow specific email addresses in addition to or instead of the domain restrictions! If you want to use it in the opposite manner - you can allow all and deny specific domains and addresses. On special request, I've added the ability to allow/disallow on specific TLDs as well.

Installation

  1. Download DomainRestriction from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "DomainRestriction".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "DomainRestriction".

Configuration

IP Security

Allow/Disallow based on IP White/Black lists. This is a CIDR capable plugin, so feel free to use CIDR notation to specify networks at your pleasure.

Allowed/Disallowed

These tabs provide the capability to add individual TLD (Top Level Domains such as COM, NET, ORG), Domains (domain.tld is different than www.domain.tld), and individual email addresses.

Each type is capable of a bulk import which is triggered on paste or if typing, triggered by clicking outside of the textarea. Just select what you are importing and paste (or type). One entry per line.

Advanced

The plugin has the capability to ignore users who are changing their email, although this may have the opposite effect of the plugin itself. Users could register with an allowed domain, and immediately change to a disallowed domain. Use with caution.

The plugin also has the capability to automatically assign groups based on TLD, Domain or Email - with the added capability of ignoring users who are members of specified groups.

It's fun, try it!

HELP

Please report bugs!

Discuss this article in the forums (16 replies).

Offline 2.2.2

Overview

Normal Joomla operation requires a valid user to enter their username and password to get past the offline template page. Logging in prevents testing of guest functionality on your site. So your choice to take your site offline for development or testing actually prevents an entire segment of test cases - the guests (unregistered visitors)!

An administrator can set the site in offline mode inside Joomla Global Configuration, and enable this plugin to grant login-free access to the site. Browse the site as a guest (or login) - while still in offline mode.

Installation

  1. Download Offline from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Offline".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Offline".

Configuration

  1. Enable the plugin
  2. Set a key
  3. Copy the URL displayed above the key and paste it into your browser address bar.
  4. Press the "Select" button next to IP Whitelist, and add any IPv4/IPv6 addresses or IPv4 CIDR defined networks that you wish to automatically bypass the key requirement. IPv6 CIDR is possible if your server has PHP-GMP installed.

If you are not familiar with CIDR netmasks, you can review the details in this Wikipedia article

HELP

  • No help has ever been requested
Discuss this article in the forums (0 replies).

Authentication - As User

Overview

When installed, configured and enabled, anyone who is authorized by the plugin configuration may use their own password to log in as any other enabled user. Authorized users may not use their own passwords to log in as another authorized user.

Installation

  1. Download Authentication - As User from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Authentication - As User".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Authentication - As User".

Configuration

There is only one configuration parameter - "Authorized Groups", for which the administrator chooses groups which are authorized to use their own passwords to log in as site users. Choose one or more groups.

HELP

There isn't much to prevent this plugin from working. If you have an issue - please request support.

Discuss this article in the forums (0 replies).