Real Live Case: How We Addressed a Joomla White Screen Error on a Live Website

Running a website comes with some challenges. For content management systems like WordPress and Joomla, the biggest challenges had been keeping them updated, secured and optimized. However, there are times you will also have errors to deal with. Sometimes, the error could come from a mistake you make, an update you implement which creates some incompatibility issues, mere carelessness or negligence. Whatever the case, you will have to deal with them.

 

Further reading:

WordPress Maintenance Tasks You Need to Perform Regularly

How to secure an outdated version of Joomla

A Basic Guide to the Top Content Management Systems

A Detailed Guide to Safe Website Updating

A Practical Guide to Secure and Maintain Your Website

 

Recently,, we had a security problem with a Joomla website presenting an error, it went blank, presenting a blank white screen with no errors showing. That is called a White Screen of Death, WSOD. Usually a very frightening situation and requires careful diagnosis to address. In this post, we will provide the steps we took to addressed this problem and got the website functioning normally again. But let us begin by looking at what happened and how the website went blank.

 

Further reading:

Joomla Security - The Complete Guide

7 Simple Steps That Will Help You Optimize Your Blog Posts

The Complete Guide to Troubleshoot and Fix the Most Common WordPress Errors

How to Fix Error 404 Not Found on Your WordPress Site

 

What Caused the WSOD

On like most cases where you visit your website and find a blank white screen with no clue as to the cause of the error, in this case, the error occurred due to a mistake. We attempted an update using an FTP software and in the process, something went wrong so the website presented a white screen error.

We were quick to attempt an update without looking at the cause of the error. We later discovered that the error on the website did not occur due to an exploitation but was because a restriction was placed on the server IP due to a terms of service violation.

Once we commenced the update through the FTP software, it became impossible to access the Joomla administrator area to resume the update process and the website itself presented a white screen of death.

 

Further reading:

How to Prevent an Exploitation of Your Website by An Attacker

How to Fix The WordPress White Screen of Death

The Complete Guide to Troubleshoot and Fix the Most Common WordPress Errors

 

Warning!

When you find an error on your website, you do not need to hurriedly presume an attack or exploitation. You need to look at the cause of the error critically and to verify from your web host what could possibly be the problem before you proceed to take steps to resolve the problem.

We recommend that your web host should be the first to contact. If their efforts do not fix the problem, then you can proceed to diagnose and fix the problem.

 

How we Fixed the Error

Fixing this particular problem was straight and simple. The error had been associated with the files so uploading fresh files was the solution. But we didn't just have to upload any Joomla files we considered clean and healthy. We had to upload files from the custom template with which we launched the Joomla website and it worked perfectly and addressed the White Screen of Death Problem.

So basically, when you have a WSOD problem in Joomla, you do not have to rush into tampering your database, you can begin by overwriting existing files with the right set of Joomla files. That could fix the problem. What if it is not just a problem with your Joomla files?

 

Further reading:

15 Best Practices for Joomla Website Security

The Safe Path to Install and Un-install Joomla Extensions

Tips and Tricks to Help You Run a Professional Joomla Website

 

Problems With Components and Templates

In some cases, WSOD have been as a result of compatibility issues with components or an out of date extension which could in some cases be exploited. How do you handle this. The first challenge here will be to identify the extension, module, plugin or component that is causing the problem.

You can manually do this from your website filemanager in cPanel or from the admin area of your Joomla website if you are still able to login to the admin area.

 

Fixing Issues With Components, Extensions and Templates From cPanel Filemanager

Follow this guide to address issues with components or extensions from within the cPanel filemanager.

Login to cPanel

Go to Filemanager. This can be found under the public folder "pulic_html"

Go to the folder named "Components"

Deactivate all components by renaming the folder.

Check to see if issue is resolved.

If that resolves the problem, then you can begin to look into each of the component to see which one of them caused the issue..

Once you identify the component causing the problem, you can check for the latest version of component and install or you look for a better alternative and install. Check to see if the problem is now resolved.

 

Problem With Plugin

Login to cPanel

Go to Filemanager. This can be found under the public folder "pulic_html"

Go to the folder named "plugins"

Deactivate all plugins by renaming the folder.

Check to see if issue is resolved.

If that resolves the problem, then you can begin to look into each of the plugins to see which one of them caused the issue..

Once you identify the plugin causing the problem, you can check for the latest version of plugin and install or you look for a better alternative and install. Check to see if the problem is now resolved.

 

Problem With Module

Login to cPanel

Go to Filemanager. This can be found under the public folder "pulic_html"

Go to the folder named "modules"

Deactivate all modules by renaming the folder.

Check to see if issue is resolved.

If that resolves the problem, then you can begin to look into each of the modules to see which one of them caused the issue.

Once you identify the module causing the problem, you can check for the latest version of module and install or you look for a better alternative and install. Check to see if the problem is now resolved.

 

Problem With Template

Login to cPanel

Go to Filemanager. This can be found under the public folder "pulic_html"

Go to the folder named "templates"

Deactivate t template by renaming the folder.

Check to see if issue is resolved.

If that resolves the problem, then you know which template caused the problem.

Once you identify the template causing the problem, you can check for the latest version of template and install or you look for a better alternative and install.

 

Fixing Issues With Components, Extensions and Templates From Joomla Admin Area

Addressing these issues from the Joomla administrator area is best and more simplified. If you are still able to login to the Joomla admin area, then proceed with the steps outlined below.

Problem With Plugin

Login to your Joomla admin area

Go to extensions > plugins

Deactivate the plugins

Now activate them one after another identify plugin that could be causing the problem.

Once you find the problematic plugin, uninstall it or update to to the latest version and check your website if the issue is resolved.

 

Problem With Module

Login to your Joomla admin area

Go to extensions > modules

Deactivate the module

Now activate them one after another identify plugin that could be causing the problem.

Once you find the problematic module(s), uninstall them or update to to the latest version and check your website if the issue is resolved.

 

Problem With Component

Login to your Joomla admin area

Go to extensions > manage >manage >

A list of all extensions including plugins and modules display. Deactivate them one after another to identify the problematic extension.

Once you find the problematic extension(s), uninstall them or update to to the latest version and check your website if the issue is resolved.

 

Other Causes of the Joomla White Screen Error

Incorrect PHP settings

From our experience, a blank page in Joomla occurs mainly due to incorrect PHP settings. This is common after a website migration. Because different servers will have different PHP configurations, the PHP configurations may not be alike in both the source and destination servers. As Joomla relies much on the PHP configuration, it ends up in a blank page.

 

Changes in the server directory structure

During migration, it is essential to transfer the website files and databases from the source to the destination server. Different servers will have different directory structures.

 

Incorrect rules in .htaccess file

Many Joomla website admins use rewrite rules to tweak the look and feel of the site.

Often incorrect rules in .htaccess file can also cause Joomla blank page.

In cases where .htaccess create problems, you can copy and paste default htaccess code to correct the rules.

 

Faulty extension

Last, and not least, faulty Joomla extensions can also lead to Joomla blank page. Here, the real task involves finding the exact extension that creates problems.

Usually, error log clearly pinpoints the faulty extension. Disabling the problem extension bring the website back online

 

PHP Version compatibility issues

The immediate solution will be to use the MultiPHP Manager in cPanel to reset your PHP version. In most cases, this address the problem where server managers have upgraded their servers and set newer version of PHP to run as default version.

 

There is a theme that is causing a conflict with the Joomla site

The solution is to update the theme to run the most recent and compatible version.

 

How to Secure Your Joomla Website

Here are our recommended best practices to keep your oomla website safe.

1. Maintain an Updated Version of Software

The best security strategy will be to kkeep your Joomla software updated. Usually, every new version and update come with some improvements and security fixes. You need to stay updated with the new version to maintain best security practices.

2. Use security Plugins

Using tested security plugins can prevent attacks likke SQL Inections. The Joomla extensions repository has a large pool of security plugins you can benefit from to harden your website security.

3. Follow basic security practices.

Use robust login credentials with uncommon passwords to make it difficult for hackers to gain access to your Joomla site. If possible, incorporate two-factor or multi-factor authentication to improve security posture further.

Here is a guide to password protection.

Adopt Long Passphrases

For years, businesses and individuals have adopted the practice of combining numbers and symbols to create stronger passwords. However, it didn’t take long for cyber criminals to catch on to the practice of substituting some letters in the word with certain numbers or symbols, like ‘e’ with ‘3’ and ‘s’ with ‘$’. There are many automated tools out there that will easily crack simple substitutions like that.

To mix things up even more than substituting special characters, the US National Institute of Standards and Technology (NIST) recommends creating long passphrases that are easy to remember but difficult to crack. According to Special Publication 800-63 Digital Identity Guidelines, a best practice is to create passwords of up to 64 characters including spaces. The popular web comic XKCD compared the strength of a complex password—”Tr0ub4dor&3”—and a long passphrase—“correct horse battery staple”. They found that it took only 3 days to guess the password created in with special character substitutions, while the passphrase would take 550 years to crack.

Avoid Periodic Changes

A popular password security practice over the years has been to force users to change passwords periodically. However, more recent guidance from NIST advises not to use a mandatory policy of password changes. One reason is that users tend to transform their old passwords or just repeat ones they had used before. You can implement policies to prevent password re-use, but users will still find creative ways around it. The other consequence of frequent password changes is that users are more likely to write the passwords down to keep track of them. While they comply with company policy, their passwords are still easy to guess or crack. Thus, a best practice from NIST is to ask employees for password change only in case of potential threat or compromise.

Create Password Blacklist

Hackers usually start their attacks with attempts to guess a password by using a database of the most popular passwords, dictionary words, or passwords that have already been cracked. NIST encourages enterprises to also arm themselves with these sources of common passwords in order to create their own blacklist. Comparing new passwords to this list, enterprises can prevent the usage of weak passwords by employees. Moreover, it is quite effective to add a limit on the number of failed login attempts in order to detect and reject brute force or dictionary attacks.

Implement Two-Factor Authentication

Two-factor authentication has already become a de facto standard for managing access to corporate servers. In addition to traditional credentials like username and password, users have to confirm their identity with one-time code sent to their mobile device or using a personalized USB token. The idea is that with two-factor (or multi-factor if you want to add additional factors) authentication, guessing or cracking the password alone is not enough for an attacker to gain access. This type of authentication is effective for enhancing identity validation when employees try to access critical endpoints, sensitive data, or confirm transactions and other critical actions. For these purposes, you can use user monitoring solutions like Ekran System with in-built two-factor authentication options. Such solutions will also keep you updated about user’s activity on your business network.

Add Advanced Authentication Methods

While passwords are still widely used for authorization, there is an increasing tendency to shift to non-password based, advanced methods. Instead of passwords, users can be authenticated through the use of biometric verification—like logging in to an iPhone using a thumb print with Touch ID or authenticating on a Windows 10 PC just by looking at it with Windows Hello facial recognition. This method allows the system to identify employees by recognizing their faces, fingerprints, voices, irises, or heartbeats. Moreover, there are also behavioral biometrics that create a unique profile of each user by analyzing their interactions with the system (typically used applications, unique keystroke and mouse dynamics).

Apply Password Encryption

Encryption provides additional protection for passwords even if they are stolen by cyber criminals. There is a popular tendency to use reversible encryption or apply only one-way encryption. However, these methods are ineffective—if an attacker obtains the password database they can easily crack and compromise the passwords it contains. Instead, the best practice is to consider end-to-end encryption that is non-reversible. In this way, you can protect passwords in transit over the network. Moreover, it’s dangerous to store password files in a plain text. There are many cases where hackers have compromised an enterprise’s password database and walked away with unencrypted passwords.

Protect Accounts of Privileged Users

Accounts of privileged users require additional protection as they provide access to sensitive data and other privileged actions. The best practice is to provide these users with a different login URL and allow only a single sign-on attempt. In case of a failed login attempt, you can lock out a privileged account in order to prevent unauthorized access.

Ensure Secure Connection

Nowadays, there is a wide range of devices and places that can provide access to your corporate networks. However, hackers can easily steal passwords if employees use unsecured Wi-Fi connections or devices that don’t belong to them. For securing your Wi-Fi network, you can use a Wi-Fi Protected Access (WPA) 2 that applies stronger wireless encryption methods than its predecessor.

If you have remote workers, you can consider providing a secure VPN connection. After authentication to which, users can securely connect to corporate servers, as all the traffic is protected through a VPN tunnel.

4. Delete unused and unwanted extensions

Joomla makes it very easy for you to install as many modules and extensions as you want. Therefore, constantly revisiting your add-on list is important to delete unused, unwanted, and insecure add-ons and maintain the functionality of your site.

5. Keep Your Extensions Up to Date

Ensure that you are running updated extensions especially tird party eetensions. This will keep you from trouble If you have an extension running on your website which has not been updated by the developer in over two years, we recommend you uninstall such extension and look for a better replacement.

6 Ensure Good Optimization

Keep your Joomla website well optimized for speed and performance. Enable the cache plugin and also the cache system in Global Configuration. Use your .htaccess file to strenghten the security of your oomla website.

 

Last Words

These recommendations are not the complete list of best practices for oomla security. You will be a lot safe by following these practices. We further recommend that you follow these practces to avoid the WSOD problem and also keep your oomla website from trouble.

Share this post

Comments (0)

Leave a comment


Powered by Simple Blog