# mySites.guru > Manage, monitor, and secure all your WordPress and Joomla sites from one dashboard. Security audits, bulk updates, backups, uptime monitoring, and 60+ tools. Trusted by 75,000+ sites since 2012. ## About mySites.guru mySites.guru is a SaaS platform for agencies and freelancers who manage multiple WordPress and Joomla websites. It provides a single dashboard with 60+ tools including security audits, malware detection, bulk updates, automated backups, uptime monitoring, one-click admin login, and whitelabel client reports. Founded in 2012 as myJoomla.com (the original Joomla health checker), it expanded to support WordPress and rebranded to mySites.guru. Built and maintained by Phil Taylor. - Website: https://mysites.guru - Pricing: £19.99/month unlimited sites, £5/month single site, £199.99/year - Free audit: https://mysites.guru/free-audit/ - Features: https://mysites.guru/features/ - Expert help: https://fix.mysites.guru/ (£120 flat rate) ## Blog Posts ## The Hidden Files Lurking on Your Site That You Don't Know About URL: https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/ Date: 2026-03-02 Tags: Security, Audit Tools, Joomla, WordPress Category: Manage Multiple WordPress Sites Your web server probably has hidden dot-files you've never seen. Some are harmless, some were left by hackers years ago. Here's how to find them all in seconds. You know what's great about files that start with a period? They're invisible. Your FTP client hides them. Your cPanel file manager hides them. Even `ls` on the command line hides them unless you remember to add `-a`. Hackers know this too. ![A list of known PHP backdoor and web shell files with dot-prefixed names](../../assets/img/blog/hidden-files-list.webp) ## The Dot-File Blind Spot Every web server has files that start with a dot — `.htaccess`, `.htpasswd`, `.user.ini`. These are normal. They control how your server behaves, who can access what, and how PHP runs. **If a hacker drops a file called `.joomla.class.php` or `.wordpress.class.php` into a random subdirectory three levels deep, you'll probably never see it.** Not in your file manager, not during a casual browse through FTP, not ever. That file could sit there for years, quietly redirecting your visitors to a spam site or giving the attacker a backdoor to walk right back in whenever they feel like it. We've seen this on real sites. Hidden dot-folders too, like a `.cache` or `.tmp` directory planted by an attacker, full of phishing kits or mailer scripts. The dot prefix keeps them invisible on most hosting panels, so they survive cleanups and updates because nobody knows they're there. ## How mySites.guru Finds Them When you run a [security audit](https://mysites.guru/blog/security-audit-tools/) on any connected site, mySites.guru scans every file on your webspace and flags anything with a dot-prefixed name. The hidden files check looks through the full file index for any path containing `/.` — catching dot-files *and* dot-folders at every level of your site. The audit dashboard shows your hidden files count with a simple badge: - **Green** — zero hidden files found (uncommon, but possible on minimal installs) - **Yellow** — hidden files detected, review recommended It's a yellow warning, not a red alarm. The tool lists *every* file with a dot-prefix — legitimate or not. It doesn't try to decide what's safe and what isn't. That's your call. Some of these files will be perfectly normal (`.htaccess`, `.htpasswd`), some will be developer junk (`.gitkeep`), and some might be malware. The point is to make sure you actually *know* what's there, because you can't make that judgement on files you've never seen. If something looks suspicious, other mySites.guru tools can help — the [suspect content scanner](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) and [AI malware analysis](https://mysites.guru/blog/ai-powered-malware-analysis-now-available-in-mysites-guru/) will flag known backdoor patterns, so the same file might turn up across multiple tools. That overlap is deliberate. Different tools catch different things from different angles. ## Drilling Into the Results Click through from the audit result and you'll get the full list of every hidden file on the site, sorted by last modified date (newest first). For each file you can see: - The full file path - When it was last modified - File size (flagged if unusually large) - File permissions (flagged if they're not standard 644) This is where it gets useful. You'll probably see a handful of `.htaccess` files — one in the root, maybe one in `/administrator/` or `/wp-admin/`, and that's expected. But if you see a `.htaccess` in `/images/stories/` or a `.php` dot-file buried in `/wp-content/uploads/2019/03/`, that's worth a closer look. The [suspect content tool](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) can scan its contents for known malware patterns and confirm whether it's a known backdoor. The tool paginates results (100 at a time with "Load another 100" or "Show All"), and you can **export everything to CSV** if you need to share the findings with a client or keep a record. ## Hidden Folders Are Just as Bad The audit also counts **hidden folders** separately. A dot-prefixed folder like `/.bak` or `/.old` can contain an entire toolkit — file managers, mailer scripts, SEO spam pages — all completely invisible to anyone casually browsing the server. The scary part: these hidden folders can survive for *years*. Site owners clean up after a hack, reinstall core files, change passwords, and feel safe. But that `.tools` folder three directories deep? Still there. Still accessible. Still a way back in. If you find something that shouldn't be there, our [guide to fixing a hacked site](https://mysites.guru/blog/how-to-fix-a-hacked-joomla-or-wordpress-site-with-mysites-guru/) walks you through what to do without destroying the evidence. ## It's Not Always Hackers — Developers Do This Too Not every hidden file is malware. Some of the dot-files on your site were put there by legitimate extension developers who made questionable decisions. ![Hidden files from legitimate extensions found on a real Joomla site](../../assets/img/blog/hidden-files-dev-artifacts.webp) Take `.gitkeep` files. These are development artifacts — empty placeholder files that developers use to force Git to track otherwise-empty directories. They serve zero purpose on a production web server. Yet plenty of extensions ship with `.gitkeep` files scattered throughout their directory trees because nobody bothered to exclude them from the release package. They're harmless, but they're clutter, and they tell you the developer's build process needs work. Then there's the truly stupid stuff. We've seen extensions ship with `.api.key` files — actual API credentials stored in a dot-file on the assumption that the dot prefix somehow makes it secure. It doesn't. Anyone who knows the path can request it directly in a browser. The dot prefix only hides files from directory listings, not from direct access. Hiding secrets by putting a dot in front of the filename is like hiding your house key under the doormat and calling it a security system. `.htaccess` files inside third-party extensions are another common find. Some are legitimate (restricting direct PHP execution in upload directories), but others are leftover development config that the developer forgot to remove. An `.htaccess` inside a `.tmp` or `.trash` folder deep in an extension's vendor directory is a sign that the extension is shipping its entire development tree rather than a clean production build. The point is: even when these files aren't malicious, they're still worth knowing about. They reveal the quality of the code you're running, and occasionally they expose things that genuinely shouldn't be publicly accessible. ## The .well-known folder One dot-folder you'll almost certainly see is `/.well-known/`. This one is legitimate — it's an [IETF standard](https://datatracker.ietf.org/doc/html/rfc8615) that services use to discover things about your site. Let's Encrypt puts its domain validation challenges in `/.well-known/acme-challenge/`. Apple uses `/.well-known/apple-app-site-association` for universal links. Security researchers look for `/.well-known/security.txt`. So why mention it here? Because attackers know you expect this folder to exist, and they abuse that. We've seen sites where someone planted a PHP shell inside `/.well-known/acme-challenge/` because it's a directory that already has to be publicly accessible for SSL renewals to work. Nobody questions traffic to `/.well-known/` in their access logs. If you see files inside `/.well-known/` that aren't plain text challenge tokens or JSON config files, especially anything ending in `.php`, take a closer look. The folder is supposed to be boring. If it isn't, that's a problem. ## Why .htaccess deserves extra attention We deliberately flag `.htaccess` files — yes, we know they're usually fine. But `.htaccess` is one of the most powerful files on an Apache server. A malicious one can: - Redirect all your traffic to a spam or phishing site - Block search engine crawlers from indexing your real content - Serve different content to Googlebot than to real visitors (cloaking) - Password-protect directories the attacker has planted files in - Execute PHP in directories where it shouldn't run (like `/uploads/`) One `.htaccess` in the wrong place can undo every other security measure you've put in place. Reviewing all of them periodically is just good practice. ## What You Should Do With the Results 1. Review every dot-file that isn't `.htaccess`. If you don't recognize it, look at what's inside. If you're not confident reading PHP, the [AI malware analysis tool](https://mysites.guru/blog/ai-powered-malware-analysis-now-available-in-mysites-guru/) can tell you within seconds whether a file is malware or a false positive 2. Count your `.htaccess` files. Most sites have 1-3 legitimate ones. If you have 15, something is off 3. Check modification dates. A `.htaccess` modified last week that you didn't touch? Red flag. Better still, [set up real-time file modification alerts](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/) so you're notified the moment a file changes 4. Look for dot-folders. Legitimate ones are rare outside of development environments 5. Compare between audits. If your hidden file count suddenly jumps, dig in immediately Still not sure what you're looking at? [Drop Phil a message](https://manage.mysites.guru/contact) and he'll point you in the right direction. If you'd rather have someone go through the whole site for you, you can book a paid consultancy review at [fix.mySites.guru](https://fix.mysites.guru). ## Running This Across All Your Sites If you manage dozens or hundreds of sites, doing this manually on each one would take days. With mySites.guru, every scheduled audit automatically counts hidden files across all your connected sites. You can configure [how often those audits run](https://mysites.guru/blog/schedule-your-security-audits-updates-backups-for-your-site-with-mysites-guru/) — daily, weekly, or monthly — and spot anomalies at a glance from the dashboard without logging into a single server. You can also view the hidden files results for every site on a single page at [the all-sites hidden files tool](https://manage.mysites.guru/en/tools/allsites/Joomla/filesinformation/hiddenfiles). Each site shows its hidden file count with an Investigate button to drill into the details, and a Manage Site button to jump straight to that site's dashboard. Tabs let you switch between your Joomla, WordPress, and Generic PHP sites. ![The all-sites hidden files view showing hidden file counts across every connected site](../../assets/img/blog/hidden-files-allsites.webp) The hidden files tool works on Joomla, WordPress, and any PHP application connected to mySites.guru. Same scan regardless of platform. ## Get Started Already a mySites.guru subscriber? Run an audit on any site and look for the **Hidden Files** result in the Files Information section. Click through to review what's lurking on your server. Not using mySites.guru yet? [Start a free trial](https://manage.mysites.guru/en/register) and connect your first site in under two minutes. The first audit usually surfaces a few surprises. ## mySites.guru Raycast Extension for Mac URL: https://mysites.guru/blog/mysites-guru-raycast-extension-for-mac/ Date: 2026-02-27 Tags: raycast, mac, productivity, workflow, site management Category: Manage Multiple WordPress Sites Free Raycast extension for mySites.guru on macOS. Search and jump to any of your managed sites, open management pages, and copy URLs without leaving the keyboard. We've had an [Alfred workflow](https://mysites.guru/blog/integrate-mysites-guru-to-alfred-workflow-on-mac/) for this for a while, but a lot of Mac users have moved to [Raycast](https://www.raycast.com/) and kept asking for a native extension. So here it is. Type "mys" into Raycast and the mySites.guru Site Search command appears at the top: ![Raycast showing mySites.guru Site Search command](../../assets/img/blog/raycast-search.webp) Then press Enter to open the command and you will see a list of your sites. ![Your mySites.guru sites listed in Raycast with favicons](../../assets/img/blog/raycast-sites-list.webp) Hit Enter to load the Manage Site page for that site. Or use ⌘K in Raycast to view more options like opening the site in your browser or copying the URL. ## What does it do? Type a few characters in Raycast and you get a filtered list of every site connected to your mySites.guru account, with favicons. From there you can: - Open the management page for any site in one keystroke - Visit the live site in your browser - Copy the site URL or management URL to your clipboard - Refresh the site list on demand with ⌘R Results are cached for 5 minutes so it feels instant. If you manage dozens or hundreds of sites, this changes the workflow. Instead of logging into the mySites.guru dashboard, finding the site, and clicking through, you just type a few letters and you're there. Pair it with [one-click admin login](https://mysites.guru/blog/one-click-login-to-any-joomla-or-wordpress-admin-console-with-mysites-guru/) and you can go from "I need to check that site" to logged into its admin panel in about three seconds. We also have a [command palette](https://mysites.guru/blog/our-command-palette-navigation-with-cmdk/) inside the mySites.guru dashboard itself if you prefer to stay in the browser. ## What is Raycast? ![Raycast - Your shortcut to everything](../../assets/img/blog/raycast-tagline.webp) If you haven't come across it yet, [Raycast](https://www.raycast.com/) is a keyboard launcher for macOS that replaces Spotlight. You hit a hotkey, type what you want, and things happen. Apps open, files appear, calculations get done, windows snap into place. It responds in milliseconds. But the launcher is just the start. Raycast also ships with clipboard history, window management, snippet expansion, quick notes, a calculator, calendar, and emoji picker. All keyboard-driven, all fast. If you've ever had five separate utility apps running to cover all that, Raycast replaces the lot. ### The extension store The real reason we built for Raycast is the extension system. There's a store with thousands of extensions for tools you probably already use: GitHub, Notion, Linear, Slack, Figma, 1Password, VS Code, Todoist. Extensions are built with React and TypeScript, so any web developer can build one without learning anything new. Our mySites.guru extension is distributed from [GitHub](https://github.com/mySites-guru/raycast-extension) rather than the Raycast Store, but once installed it works exactly like any other Raycast command. ### Free where it matters The base Raycast app is free, and extensions work on the free tier. There's a paid Pro plan for AI features and cloud sync, but you don't need it for the mySites.guru extension or most of the store. Compare that to Alfred, where you need the paid PowerPack (£34+) before workflows do anything at all. If you're already on Raycast, our extension drops straight in. If you're still on Spotlight, this might be worth a look. ## Download The extension is hosted on GitHub. Grab the latest release here: **[Download mySites.guru Raycast Extension](https://github.com/mySites-guru/raycast-extension/releases/latest)** You'll get a `.zip` file containing the extension source. No Raycast Store install needed — you run it locally as a dev extension, which takes about 30 seconds. If you'd rather clone the repo directly: ```bash git clone https://github.com/mySites-guru/raycast-extension.git ``` ## How to install 1. Download the [latest release from GitHub](https://github.com/mySites-guru/raycast-extension/releases/latest) 2. Extract the archive and run: ```bash npm install && npm run dev ``` 3. Raycast will prompt you for your API token on first launch 4. Get the token from [manage.mysites.guru/en/sites/screenshots](https://manage.mysites.guru/en/sites/screenshots) (enable "Public Site Screenshots" first if you haven't already) That's it. Start typing a site name and your sites appear. On first launch, Raycast will show the welcome screen where you paste your token: ![mySites.guru Raycast extension welcome screen](../../assets/img/blog/raycast-welcome.webp) ## Same token as Alfred If you already set up the Alfred workflow, you already have a token. The Raycast extension uses the same one, same API, same endpoint. You can run both side by side if you want. ## Open source The extension is [open source on GitHub](https://github.com/mySites-guru/raycast-extension) under the MIT license. Pull requests welcome if you want to add something. ## Not on mySites.guru yet? If you're managing multiple WordPress or Joomla sites and don't have a mySites.guru account, you can [start with a free audit](https://mysites.guru/free-audit/) to see what it does. The Raycast extension works on all plans, including the free tier. Check the [full feature list](https://mysites.guru/features/) or go straight to [pricing](https://mysites.guru/pricing/) if you already know what you need. ## mySites.guru supports login with Passkeys URL: https://mysites.guru/blog/passkeys-for-secure-login-to-mysites/ Date: 2026-02-27 Category: Security mySites.guru supports login with passkeys — Face ID, Touch ID, Windows Hello, or any FIDO2 device. Faster than passwords, impossible to phish. Passwords are the worst part of logging in to anything. You know it. We know it. So we added passkey support to mySites.guru - mainly for security, but also to make logging in a lot easier - no more passwords to remember! ## What is a passkey? A passkey is a replacement for typed passwords. Instead of remembering (or more likely, forgetting) a string of characters, your device creates a pair of cryptographic keys when you register. One stays on your device, locked behind your fingerprint, face, or screen PIN. The other goes to the server. When you log in, the two keys do a handshake and you're authenticated. You never type anything. The important bit: the private key never leaves your device. It can't be copied, emailed, pasted into a phishing form, or found in a data breach. If someone steals the server's database, they get the public key, which is useless on its own. Passkeys are built on the FIDO2 and WebAuthn standards, developed by the [FIDO Alliance](https://fidoalliance.org/). The Alliance is an industry group formed in 2012 with one goal: kill passwords. Its members include Apple, Google, Microsoft, Amazon, and hundreds of other companies. They wrote the spec that makes passkeys work the same way across every browser and operating system. When you register a passkey on mySites.guru, you're using the same open protocol that Google, GitHub, and PayPal use for their logins. Nothing proprietary, nothing locked to a single vendor. ## What actually happens when you use a passkey at mySites.guru ![Sign in with Passkey on mySites.guru](../../assets/img/blog/passkey-login-screen.webp) You enter your username, and click the "Sign in with Passkey" button, your device asks for your fingerprint or face, and you're in. No typing. No paste-from-password-manager dance. No "was it the one with the capital letter and the exclamation mark?" If you are using 1Password, you can use the browser extension to register and sign in with passkeys. It works on Mac, Windows, Linux, iOS, and Android, so your passkeys follow you everywhere without being tied to a single platform's ecosystem. ![1Password passkey sign-in prompt for mySites.guru](../../assets/img/blog/passkey-1password-prompt.webp) Under the hood, your device holds a private cryptographic key that never leaves it. The server only sees the public half. There's nothing to intercept, nothing to leak in a database breach, and nothing that works on a phishing site pretending to be us. ## Why this matters if you manage client sites Although our service has a long session time, if you logout and are logging in to mySites.guru several times a day to check on client sites, the speed difference is noticeable. **But the real win is security.** If you have [team members on your account](https://mysites.guru/blog/manage-multiple-joomla-and-wordpress-sites-with-your-whole-team/), you no longer have to wonder whether Dave from accounting is reusing his Gmail password for your site management dashboard. His passkey is tied to his device and the mysites.guru domain. Can't be reused, shared, or phished. ## What's supported Anything that speaks WebAuthn/FIDO2: - Face ID and Touch ID on Apple devices (syncs via iCloud Keychain) - Fingerprint or face unlock on Android (syncs via Google Password Manager) - Windows Hello — fingerprint, face, or PIN - Hardware security keys like YubiKey 5 or Google Titan ## Setting it up Go to your [Account page](https://manage.mysites.guru/en/account/tools) and look for the WebAuthn Authentication section. Click **Register new WebAuthn device or Passkeys**, authenticate with your device, and you're done. ![Passkey registration in mySites.guru](../../assets/img/blog/passkey-registration-screen.webp) You can register multiple passkeys if you use several devices. Next time you log in, you'll see the "Sign in with Passkey" button on the login screen. Your password still works as a fallback — passkeys are an additional login method, not a replacement. ## How passkeys compare to 2FA Two Factor Authentication adds a second step after your password (usually a 6-digit code). Passkeys skip the password step entirely and authenticate you in one action. Both are better than a password alone, but passkeys are faster and resistant to phishing in a way that SMS and TOTP codes aren't. If an attacker tricks you into entering your password and 2FA code on a fake site, they can replay both within seconds. A passkey won't authenticate against a fake domain at all — the cryptography simply doesn't work unless the domain matches. ## Listed on the passkey directories mySites.guru is listed on [passkeys.directory](https://passkeys.directory/) and [passkeys.com](https://www.passkeys.com/) as a service that supports passkey login. If you're checking whether a tool you use supports passkeys, those two sites maintain up-to-date lists. We're on both. ## We recommend 1Password [![1Password](../../assets/img/blog/1password-logo.webp)](https://1password.com/) If you're not already using [1Password](https://1password.com/), you should be. We use it ourselves and it's the best way to manage passkeys across devices. 1Password stores your passkeys alongside your passwords, credit cards, and secure notes in one encrypted vault. Their browser extension handles passkey registration and login automatically — when mySites.guru prompts for a passkey, 1Password picks it up. It works on Mac, Windows, Linux, iOS, and Android, so your passkeys follow you everywhere without being tied to a single platform's ecosystem. Where 1Password really pays off for agencies is sharing. You can create shared vaults for your team, so if someone needs access to a shared account (not mySites.guru — use team accounts for that — but the dozens of other services your agency depends on), you don't end up with passwords in Slack DMs or shared Google Docs. Everything stays encrypted and auditable. It also generates strong unique passwords for the sites that don't support passkeys yet, which in 2026 is still most of them. If you're managing 50+ client sites and their associated hosting accounts, DNS providers, CDNs, and email services, a password manager isn't optional. 1Password is the one we'd pick. ## Every plan, every account Passkeys are available on all plans, including team member accounts. There's nothing extra to pay for. Combined with [one-click admin login](https://mysites.guru/blog/one-click-login-to-any-joomla-or-wordpress-admin-console-with-mysites-guru/) to your connected sites and [real-time login alerts](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/), you've got a pretty solid security setup. [Set Up Your Passkey Now](https://manage.mysites.guru/en/account/tools) --- FIDO® and the stylized FIDO logo are trademarks (registered in numerous countries) of FIDO Alliance, Inc. The passkey icon is a trademark of FIDO Alliance, Inc. ## AI-Powered Malware Analysis Now Available in mySites.guru URL: https://mysites.guru/blog/ai-powered-malware-analysis-now-available-in-mysites-guru/ Date: 2026-01-15 Category: Manage Multiple WordPress Sites mySites.guru now lets you send flagged suspect files to Claude or GPT for instant malware analysis, with crowdsourced cached results shared across all subscribers. You run a security audit on your Joomla site. Result? **47 files flagged as "Suspect Content."** OH NO!!!!! Which are actual malware? Which are false positives? Do you spend hours reviewing PHP code or wait days for expert analysis? ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2026-01-15-at-08.13.12@2x-1024x191.webp) **Not anymore.** Introducing **AI-Powered Malware Analysis** – when our audit tools flag suspicious files, you can now send any file to AI for expert analysis with one click. **The AI tells you:** - "This is a false positive – safe to ignore" - "This is suspicious – review line 42" - "This is malware – remove immediately" **The game-changer CROWDSOURCE CACHED RESULTS**: When you or anyone else analyzes a file with our AI integration and gets a definitive result (SAFE or MALWARE), that result is stored globally by file hash. If someone else already analyzed that file, with the same hash (meaning the same file contents) you get instant results at no cost. **Your analyses help others. Their analyses help you.** The entire community benefits from shared intelligence. *(No details on your domains, your site, or personal information is shared, the hash of the file contents and the result is all that we store)* **Example Malware Extracts from the AI analysis:** ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2026-01-15-at-08.17.09@2x-1024x669.webp) ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2026-01-15-at-08.19.18@2x-1024x531.webp) ## Why We Waited **We watched the AI hype train and intentionally stayed off it.** Every company rushed to add "AI-powered" to their product. Chatbots that frustrate users. Features solving problems nobody had. Buzzwords without substance. **We waited.** For over a decade, we've secured Joomla and WordPress sites. We knew our audit system worked brilliantly at finding threats. But it casts a wide net, meaning false positives. Users had to review code themselves or wait for us to review files manually. **We asked**: Can AI genuinely solve this problem? Not "is AI trendy," but "does AI add real value?" We tested for months. Analyzed thousands of files. Compared AI results against expert reviews. Measured accuracy and cost-effectiveness. Built safeguards. **The answer: Yes.** AI excels at what users struggle with—reading PHP code, identifying suspicious patterns, separating legitimate code from malware. This isn't AI for AI's sake. This solves a real problem we've watched users struggle with for a decade. ## How It Works **Our Proven Foundation** For 10+ years, our security audit system has scanned filesystems using pattern-matching built from real-world hacks. It catches backdoors and malware most users would never find. By design, it flags suspicious files broadly—better to review a safe file than miss malware. Before you can spot the abnormal, it helps to know what's normal — our guide to [hidden files lurking on your site](https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/) explains the dot-files most site owners don't even know exist in their webspace. **AI Analysis Layer** When audits flag files, you see a colored AI icon: ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2026-01-15-at-08.13.48@2x-1024x283.webp) - 🟣 Purple = Not analyzed - 🟢 Green = Safe - 🟡 Yellow = Suspicious - 🔴 Red = Malicious Click to send the file to AI (Claude Sonnet 4.5 or GPT-4). Within seconds, get expert analysis with: - Risk level and confidence score - Exact line numbers of issues - Code snippets and explanations - Actionable recommendations ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2026-01-15-at-08.18.13@2x-1024x430.webp) **Crowdsourced Intelligence** Definitive results (SAFE/MALWARE) are stored globally by MD5 hash. Same file on 100 sites = 1 analysis, not 100. Popular WordPress plugins? Likely already analyzed by the community. Your discoveries protect everyone else. Over time, this crowdsourced data refines our audit patterns, creating a feedback loop: better detection → better AI data → better detection. ## Key Benefits **1. Expert Analysis Without the Expert** What took hours or days now takes seconds. No more waiting for manual reviews from Phil or trying to understand complex PHP code, or worse, ignoring or guessing! Although Phil receives every analysis and can overrule the AI decision: ![mySites.guru now comes with built in AI analysis for suspect content matches from our pattern based audit results - bring your own API key and analyze your hacked files, filter false positives and benefit from crowdsourced cached results.](../../assets/img/blog/CleanShot-2026-01-15-at-08.34.06@2x-1024x417.webp) **2. Massive Cost Savings** You install a security plugin across 50 Joomla sites. First analysis costs a few cents. Other 49 sites? Instant cached results, zero cost. Managing 100 WordPress sites with WooCommerce? Most files already analyzed by the community—you might only need 2-3 new analyses. **3. Accurate and Trustworthy** Every analysis includes confidence scores (0-100%). 95% confidence "malicious" is very different from 60% "suspicious." The AI shows you exactly which lines are problematic and why. Admins can mark false positives, correcting the global cache for everyone. ## When to Use It **Suspected Breach**: Site sending spam? Run Suspect Content audit, use AI to triage 47 flagged files in minutes instead of hours. **Post-Update Verification**: Updated a plugin? AI confirms the modified files are legitimate, not tampered with. **Quarterly Reviews**: Audit 100 sites. Common files already cached = instant results. Focus your time on new threats. **Pre-Deployment**: Verify custom code is secure before going live. **Inherited Sites**: 200 flagged files overwhelming you? AI prioritizes the 5 high-risk files, not 195 false positives. ## When NOT to Use It **Not 100% Accurate**: Sophisticated malware might slip through. Legitimate code might be flagged. Use findings as a guide, verify critical decisions. Phil receives a written report for each AI lookup and will manually override bad AI decisions to prevent mistakes and poisoning the crowdsourced database. **Not for Binary Files**: Only works on text-based code (PHP, JS, etc.). No images, PDFs, or compiled binaries. **Large File Limits**: Files over 200KB are sampled (first/middle/last sections), potentially missing threats in unsampled sections. **Not a Replacement**: Still need regular updates, strong passwords, backups, and security best practices. This is one layer, not the entire solution. ## How to Enable **Step 1**: Get API keys from [Anthropic](https://console.anthropic.com/) (for Claude) or [OpenAI](https://platform.openai.com/) (for GPT) **Step 2**: Navigate to Account → AI Integration in mySites.guru - Toggle "Enable AI Features" - Add your API key(s) - Choose your preferred provider **Step 3**: Start analyzing—AI icons appear throughout File Manager, Suspect Content, and Modified Files tools ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2026-01-15-at-08.23.23@2x-826x1024.webp) ## Pricing We do not charge you for this integration - like everything in mySites.guru, you pay your monthly subscription and I invest DAILY into the best platform available today - just like I have done since launching in 2012, **without a single price increase since we launched!** Name me another service that does that? To use AI analysis, you provide your own API keys from Anthropic (Claude) or OpenAI (GPT). Your data goes directly to your chosen provider using your own account—mySites.guru never charges for AI usage and your API keys are encrypted for your security. **Typical costs**: $0.01-0.05 per file analysis, paid directly to Anthropic or OpenAI. **The advantage**: Global caching means you rarely pay twice. Same file content across all your sites = one analysis, infinite reuse. Someone else already analyzed that WordPress plugin? You get cached results at zero cost. For most users managing typical site portfolios, monthly AI costs are minimal—often less than one security audit consultation. ## Get Started AI-Powered Malware Analysis is available now for all mySites.guru users. 1. Log in to your account 2. Enable AI Features in Account → AI Integration 3. Start analyzing files **Questions?** Email phil@phil-taylor.com ## Joomla 6 Technical Requirements — PHP, MySQL & MariaDB Versions You Need (2026) URL: https://mysites.guru/blog/joomla-6-technical-requirements/ Date: 2025-10-15 Category: Manage Multiple Joomla Sites mySites.guru's Joomla 6 compatibility checker identifies which of your connected sites meet the PHP 8.3, MySQL 8 and MariaDB 10.4 requirements for Joomla 6. Updated 2 March 2026 with new information including corrected MariaDB minimum version and latest PHP details. Joomla 6.0.0 was released on 14th October 2025, and it introduced a new strict [joomla technical requirements](https://manual.joomla.org/docs/next/get-started/technical-requirements/) minimum of **MySQL 8.0.13, MariaDB 10.4.0 and PHP 8.3.0** The mySites.guru tool for [Joomla 6 Technical Requirements - Hosting Check](https://manage.mysites.guru/en/tools/joomla6/compatibility) is a feature of the [subscription at mySites.guru](https://mysites.guru/pricing/) ## What does the Joomla project say? Not much [other than this page](https://manual.joomla.org/docs/next/get-started/technical-requirements/) (which ironically still states this is for an unreleased upcoming version when infact Joomla 6 has now been released) This page is also confusing as it has a "Required" version of MariaDB and PostgreSQL that is less than the "Minimum"... strange. [edit:] Note that even the Joomla Project don't seem to understand or believe these versions are correct, but hey ho, [https://github.com/joomla/Manual/pull/540](https://github.com/joomla/Manual/pull/540#issuecomment-3412511119) [edit:] It seems the "Minimum Versions" are guaranteed to work and are required for upgrades and the "Required Versions" "May work for new new installs" [edit:] After release, the Joomla project lowered the minimum MariaDB version from 10.6 to 10.4 in the official documentation. [edit:] **Clear as mud**. However we will keep this page, and the tools in mySites.guru, up to date with the published, documented, versions from the official Joomla project which can be found here: [https://manual.joomla.org/docs/next/get-started/technical-requirements/](https://manual.joomla.org/docs/next/get-started/technical-requirements/) (Which also currently states Joomla 6.0 is the upcoming version and not yet released - go figure...) ## Joomla 6 Technical Requirements - Hosting Check All your PHP, MySQL, Update Information at a glance! The mySites.guru tool for [Joomla 6 Technical Requirements - Hosting Check](https://manage.mysites.guru/en/tools/joomla6/compatibility) is a feature of the [subscription at mySites.guru](https://mysites.guru/pricing/) - no additional charge was made and this new feature added for free into all account. Here is a preview of the dashboard for the the Joomla 6.0.0 Technical Requirements - Hosting Check in mySites.guru ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2025-10-15-at-13.45.04@2x-1024x660.webp) ## Where to find the Joomla 6 Technical Requirements tool in mySites.guru? You can get to the tool quickest by [invoking the command palette](https://mysites.guru/blog/our-command-palette-navigation-with-cmdk/) with [cmd k](https://mysites.guru/blog/our-command-palette-navigation-with-cmdk/) (or ctrl k on windows/linux) and typing "Joomla 6" or "compat" to filter the commands and then enter. This will take you direct to the [Joomla 6 Technical Requirements tool](https://manage.mysites.guru/en/tools/joomla6/compatibility) ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2025-10-15-at-16.46.38@2x-1024x701.webp)*The mySites.guru command palette - filtered * An even quicker way is to just press c 6 on the keyboard (that is lowercase c and then the number 6) - that is the [keyboard shortcut](https://manage.mysites.guru/en/help/keyboardshortcuts) to the page in mySites.guru!! The direct url is: [https://manage.mysites.guru/en/tools/joomla6/compatibility](https://manage.mysites.guru/en/tools/joomla6/compatibility) (Obviously you need to be logged in for that to work) As you can see the tool clearly lists all your Joomla 4, Joomla 5 and Joomla 6 sites, along with the currently installed Joomla version, the web server hostname, the update channel enabled, and the server hosting PHP version and Database type (MySQL or MariaDB) and version number. If your PHP or Database Server meets the MINIMUM this will be highlighted with Yellow The MINIMUM Joomla 6 Technical Requirements are: **PHP 8.3.0, MySQL 8.0.13 or MariaDB 10.4.0.** If your PHP or Database Server meets the RECOMMENDED this will be highlighted with Green The RECOMMENDED Joomla 6 Technical Requirements are: **PHP 8.4+, MySQL 8.4+ or MariaDB 12.0+** If your PHP or Database Server doesn't meet the MINIMUM technical requirements this will be highlighted with Red ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2025-10-15-at-16.49.10@2x.webp) ## What is the update channel? **[Joomla has 3 main update channels](https://docs.joomla.org/Help310:Components_Joomla_Update_Configuration)** - the **Default**, **Joomla Next **and **Testing**. It is **highly recommended that you leave your production websites on the default setting** - this will prevent you accidentally applying major updates to Joomla core. Joomla "Next" channel allows to switch between major releases. From 4 to 5 to 6 for example. Testing is as its name suggests. For use in testing releases prior to release by experienced developers. ## Joomla 6 Minimum Technical Requirements The [absolute minimum versions that can be installed](https://manual.joomla.org/docs/next/get-started/technical-requirements/) on a server to run Joomla 6 are: - PHP 8.3.0 (also standard modules like json, simplexml, dom, gd, mysqlnd needed) - MySQL 8.0.13 or MariaDB 10.4.0 - This article (and most of the Joomla Community!) ignore the Postgres compatibility as not many people use that database server - but the minimum for PostgreSQL is 12.0 ## Joomla 6 Recommended Technical Requirements. The [RECOMMENDED versions to be installed to run Joomla 6](https://manual.joomla.org/docs/next/get-started/technical-requirements/) are "the latest PHP version and the latest MySQL/MariaDB" version - haha - but no seriously, there is no reason to be not running the latest versions of PHP in 2026! The ["official" recommended is PHP 8.4 and MySQL 8.4/MariaDB 12](https://manual.joomla.org/docs/next/get-started/technical-requirements/) - but of course over time these will probably increase - for example at the time of writing PHP 8.5 is the latest stable PHP version available, [https://www.php.net/supported-versions](https://www.php.net/supported-versions) for full PHP details. ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2025-10-15-at-16.51.39@2x-1024x585.webp) ## What if my web host doesn't meet the minimum standards? If your webhost doesn't have the minimum standards for Joomla 6 hosting then you should really consider moving - the MySQL 8 and PHP 8.4 requirements are pretty normal and not groundbreaking. MySQL 8.0.13 was released in October 2018 - so that's over 7 years ago - if your web host has not upgraded their MySQL server in the last 5 years then maybe they are not the most secure and reliable partner for your web site... #justsaying ## What is the supported version of MySQL by Oracle? [https://endoflife.date/mysql](https://endoflife.date/mysql) mysql 5.6 extended support ended in 2021 and mysql 5.7 extended support ended.... 31st October 2023. Only MySQL 8.4 (LTS) and 9.4.* series are actually supported by Oracle now. ![Screenshot of mySites.guru feature](../../assets/img/blog/CleanShot-2025-10-15-at-16.52.59@2x-1-645x1024.webp) ## What if my site is stuck on Joomla 3 - how do I secure Joomla 3? You can look at the new tool which [Fixes all Joomla 3 security issues](https://mysites.guru/blog/how-to-fix-joomla-3-security-issues-with-a-single-click/) with a single click, in the mySites.guru snapshot. ## Questions? Im happy to answer questions if you have any, use the contact form Or you can ask the Joomla project direct. ## What Users Really Think of mySites.guru URL: https://mysites.guru/blog/mysites-guru-reviews/ Date: 2024-11-17 Tags: Reviews Category: Manage Multiple Joomla Sites What agencies and site owners actually say about managing their Joomla and WordPress sites with mySites.guru. Named reviewers only, no anonymous testimonials. Every review on our [reviews page](https://mysites.guru/reviews/) is from a real person with a real name. No anonymous testimonials, no paid placements. I wanted to pull out some of the recurring themes. ## People stop thinking of it as a subscription This is the thing I hear most. Alexander I. runs an agency and told us mySites.guru feels more like infrastructure than a subscription at this point. Stephen Dillon at Invisible Stuff has been paying for it for over 10 years and says it's the best value tool they have. Ten years is a long time to keep paying for something. Nobody does that out of inertia. ## The time savings are big Anne Notarthomas at eKamria uses it daily for [one-click logins](https://mysites.guru/blog/one-click-login-to-any-joomla-or-wordpress-admin-console-with-mysites-guru/), [backup scheduling](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/), uptime monitoring, and general maintenance. She says it saves her untold hours every month. Daniel Östgård manages about 200 Joomla and WordPress sites and describes it as saving "oceans of time." At that scale, running updates manually would take days. Through mySites.guru it takes minutes. ## You don't need to be technical Nick Lucas is a CEO with 7 sites. He's self-taught, not a developer. He told us mySites.guru showed him security problems he had no idea existed. The [audit tools](https://mysites.guru/blog/security-audit-tools/) flag issues in plain language, so you don't need to know what a CVE number means to act on them. That said, developers get plenty out of it too. Adam Haworth moved his agency from WP Umbrella because he wanted more control over security, specifically. He got it. ## Joomla and WordPress, equally Most management tools are WordPress-only, or they bolt Joomla on as an afterthought. mySites.guru treats both equally, which matters if you have a mixed portfolio. Emanuel manages about 50 Joomla sites and says the tools cover almost any use case he's thrown at them. Krisztina, a freelance Joomla developer, has been using it since 2015. She originally signed up to clean malware off a server full of hacked sites, then kept using it for day-to-day management. Andrés Restrepo works primarily with Joomla 5.x and says it changed how he works. ## WPMayor gave it 4.6/5 [WPMayor.com](https://wpmayor.com) did an independent review and gave mySites.guru 4.6 out of 5 stars. Worth reading if you want an outside perspective. ## All the reviews These are just a few. The [reviews page](https://mysites.guru/reviews/) has them all, or you can [leave your own](https://manage.mysites.guru) if you're already a user. [![Review by Ben Yates](../../assets/img/blog/review-by-ben-yates-1-768x1024.webp)](https://mysites.guru/reviews/) ## WordPress Plugin Vulnerability Alerting URL: https://mysites.guru/blog/wordpress-plugin-vulnerability-alerting/ Date: 2024-04-01 Category: Manage Multiple WordPress Sites mySites.guru cross-references every WordPress plugin version on your connected sites against Wordfence, CVE and custom threat databases, flagging vulnerable plugins instantly. We are pleased to announce the latest feature added to mySites.guru, WordPress Plugin Vulnerability alerting to show you which plugins installed on your connected WordPress sites, have known security vulnerabilities and issues. Keep reading to see how we determine these, and how they are displayed in a mySites.guru account. ## How we determine plugin vulnerabilities? The mySites.guru [snapshot of your WordPress sites](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) runs twice a day, getting basic information from your connected site. This includes a list of all the installed plugins on each site. We then compare that list of plugin version numbers, **against several threat intelligence databases, custom vulnerability lists, and our own threat data**. These include the popular [WordFence vulnerability data](https://www.wordfence.com/threat-intel/vulnerabilities), [CVE and Mitre datasets](https://cve.mitre.org/) in a license compatible way. We will then show which sites are vulnerable on the main sites page: ![ScreenShot 10.10.11](../../assets/img/blog/ScreenShot-2024-04-01-10.10.11-1024x446.webp) And when you click to manage an individual site, you can then view specific details on the vulnerable plugins installed on that site. We will highlight plugins that are installed and found to have a version affected by a known security vulnerability. We will provide a link to the relevant documentation ![ScreenShot 10.11.18](../../assets/img/blog/ScreenShot-2024-04-01-10.11.18-1024x631.webp) ## How can I fix my insecure plugins? We provide a link to information on the source of the vulnerability, which explains exactly what the underlying problem is. The correct way to secure your site is to [follow best practice](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) and keep your plugins up to date. It is rare that a plugin that is up to date will have an un-fixed security vulnerability (except 0-days which we are not checking for currently) So to fix your insecure WordPress plugin vulnerabilities - just apply the updates available to your plugins! Simple ## How can I mass update a plugin across multiple WordPress sites? With the mySites.guru [mass plugin updater](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) of course! We have many tools in the mySites.guru toolset that allow you to select and apply updates across many WordPress sites in one go. ![ScreenShot 10.09.35](../../assets/img/blog/ScreenShot-2024-04-01-10.09.35-1024x645.webp)*mySites.guru mass update plugins* ## 69,000 WordPress, and Joomla Sites In One Place URL: https://mysites.guru/blog/69000-wordpress-and-joomla-sites-in-one-place/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru hits 69,000 active sites, letting subscribers manage Joomla, WordPress and any PHP site from a single dashboard at one flat monthly price. That's right we finally added the 69,000th website to the mySites.guru service, allowing customer to manage their security, best practice, backups and audits all in one place. Joomla or WordPress or ANY PHP based website! *#NoChickensHere* It was only a few months ago that [we were celebrating 68,000 sites](https://mysites.guru/blog/70000-wordpress-joomla-and-php-sites-in-a-single-secure-dashboard/), but yet another 1000 sites have been added. At the time of writing the live counter on the [home page of mySites.guru](https://mysites.guru/), which reads in realtime the number of sites from our service, is at 69,171 ! 🎉 [mySites.guru](https://mysites.guru/) has been going for over a decade, but the increase in sites being added has started to increase recently - as we add more and more features, **and yet have kept the same [low subscription prices](https://mysites.guru/pricing/) since 2012 !** ## Don't take our word for it - we know we are great! Please, don't take our word for how great our service is, ask any of our subscribers - many of which are on twitter and [have given us praise from their own accounts](https://mysites.guru/reviews/), so you can verify their authenticity - we dont have old, fake review statements on our site - **[no hot air here](https://mysites.guru/)**, just loyal customers, in public, telling it how it is on their own tweet timelines. We collate those on the [/reviews/](https://mysites.guru/reviews/) page but you can click each to authenticate their authenticity. ## Why use other "WordPress Only" services? We know there are LOTS of "[Manage Multiple Sites](https://mysites.guru/)" services - we are not alone, but there are very few where you can manage Joomla, WordPress and literally any PHP based webspace all in the same control panel, with the same full features including [best practice recommendations](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/), security reviews, [hacked files checker](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/), [performance metrics,](https://mysites.guru/blog/how-to-test-your-site-performance-with-lighthouse-audits-in-mysites-guru/) [uptime monitoring](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/), [Auditing of the complete webspace, file by file, line by line](https://mysites.guru/blog/security-audit-tools/), and much more... like complete integration with the multi-award winning Akeeba Backup, All-In-One-Backup, Blue Flame Backup... along with a [powerful backup scheduler](https://mysites.guru/blog/unlimited-backup-schedules/) allowing you complete control over the [schedule of your backups](https://mysites.guru/blog/unlimited-backup-schedules/), unlimited times! Want to know [what's going on under the hood of your sites in REALTIME](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/) - we have that too! And what about REALLY old versions? Got a Joomla 1.5.26 site? NO PROBLEM for mySites.guru - we are compatible all the way to Joomla 1.5.0! ## Not convinced? Use our service for FREE for a whole MONTH! That's right - we are so convinced that you cannot live without our service that we will give you a whole first month for free! [![First Month Free](../../assets/img/blog/first-month-free.webp)](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) Just sign up for a subscription and cancel before the end of your month and you will be charged absolutely nothing! Find out [how to get mySites.guru for free](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) at [/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) ## Need Extra Help? Or support for your sites connected to mySites.guru ? Sort use a ticket system or first line support! Here at [mySites.guru](https://mysites.guru/blog/manage-your-joomla-4-sites-with-mysites-guru/), you get direct line of contact to [Phil Taylor](https://www.phil-taylor.com/) - even use his personal email if you like at [phil@phil-taylor.com](mailto:phil@phil-taylor.com) - Phil is one of the longest running contributors to Joomla, since the mambo core development team days, and in [2020 in the top two code contributors](https://issues.joomla.org/activity/user/joomla-cms) to Joomla 4. When you have a problem with your site, or need support for mySites.guru features there are no queues, no ticket systems - you get full and direct access to the developer who wrote the service, who knows each line of code of the service intimately. You get fixes fast. ## Is your site hacked? No problem - I can fix that too for a SET fee! - no per hour quotes and estimates needed! See the full details at [https://fix.mySites.guru/](https://fix.mySites.guru/) [![Fix](../../assets/img/blog/fix-1024x576.webp)](https://fix.mySites.guru/) > mySites.guru - is the dashboard that allows you to manage all these - WordPress, Joomla, PrestaShop, Magento - any PHP based webspace... all from one location! > > #NoChickensHere ## 74,000+ Sites Managed in One Dashboard URL: https://mysites.guru/blog/70000-wordpress-joomla-and-php-sites-in-a-single-secure-dashboard/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites 70,000 WordPress, Joomla and PHP sites in a single secure dashboard. Manage, secure, monitor and improve your WordPress & Joomla sites with full integration with major backup plugins and uptime monitoing and apply best practice. Finally, after over a decade of providing our Award Winning Service, we are pleased to announce that we now manage 70,000 active WordPress, Joomla and Generic PHP sites with mySites.guru **Note: There have been over 100,000 sites connected to mySites.guru over the years, but customers come and go without any long term contracts, the 70,000 figure is the **actual number of actively connected websites in our database today!*** *There are #NoChickens #NoMonkeys and #NoHotAir running our service. Promise!* [mySites.guru](https://mysites.guru/) has been going for over a decade, but the increase in sites being added has started to increase recently – as we add more and more features, **and yet have kept the same [low subscription prices](https://mysites.guru/pricing/) since 2012 !** ## Don’t take our word for it – we know we are great! Please, don’t take our word for how great our service is, ask any of our subscribers – many of which are on twitter and [have given us praise from their own accounts](https://mysites.guru/reviews/), so you can verify their authenticity – we dont have old, fake review statements on our site – **[no hot air here](https://mysites.guru/)**, just loyal customers, in public, telling it how it is on their own tweet timelines. We collate those on the [/reviews/](https://mysites.guru/reviews/) page but you can click each to authenticate their authenticity. ## Why use other “WordPress Only” services? We know there are LOTS of “[Manage Multiple Sites](https://mysites.guru/)” services – we are not alone, but there are very few where you can manage Joomla, WordPress and literally any PHP based webspace all in the same control panel, with the same full features including [best practice recommendations](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/), security reviews, [hacked files checker](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/), [performance metrics,](https://mysites.guru/blog/how-to-test-your-site-performance-with-lighthouse-audits-in-mysites-guru/) [uptime monitoring](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/), [Auditing of the complete webspace, file by file, line by line](https://mysites.guru/blog/security-audit-tools/), and much more… like [complete integration](https://mysites.guru/blog/backup-all-your-joomla-wp-sites-easily-with-one-button-in-mysites-guru/) with the multi-award winning Akeeba Backup, All-In-One-Backup, Blue Flame Backup… along with a [powerful backup scheduler](https://mysites.guru/blog/unlimited-backup-schedules/) allowing you complete control over the [schedule of your backups](https://mysites.guru/blog/unlimited-backup-schedules/), unlimited times! We don't need to feed our monkeys or waffle about with Hot Air, we simply provide award winning solutions to manage your sites. Want to know [what’s going on under the hood of your sites in REALTIME](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/) – we have that too! And what about REALLY old versions? Got a Joomla 1.5.26 site? NO PROBLEM for mySites.guru – we are compatible all the way to Joomla 1.5.0! ## Moving from Joomla to WordPress? That's cool - we provide services for BOTH CMS's - just remove your Joomla Site, and add your WordPress site - **[NO EXTRA CHARGE](https://mysites.guru/pricing/)** with our fully inclusive service, [we don't charge per site](https://mysites.guru/pricing/), your subscription is for **UNLIMITED** sites. There has been no price increases since we launched in 2012! Our [simple pricing ](https://mysites.guru/pricing/)is: > GBP 19.99 Per month > > Unlimited sites ## Not convinced? Use our service for FREE for a whole MONTH! That’s right – we are so convinced that you cannot live without our service that we will give you a whole first month for free! Just sign up for a subscription and cancel before the end of your month and you will be charged absolutely nothing! Find out [how to get mySites.guru for free](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) at [/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/ ## Need Extra Help? Or support for your sites connected to mySites.guru ? Sort use a ticket system or first line support! Here at [mySites.guru](https://mysites.guru/blog/manage-your-joomla-4-sites-with-mysites-guru/), you get direct line of contact to [Phil Taylor](https://www.phil-taylor.com/) – even use his personal email if you like at [phil@phil-taylor.com](mailto:phil@phil-taylor.com) – Phil is one of the longest running contributors to Joomla, since the mambo core development team days, and in [2020 in the top two code contributors](https://issues.joomla.org/activity/user/joomla-cms) to Joomla 4. When you have a problem with your site, or need support for mySites.guru features there are no queues, no ticket systems – you get full and direct access to the developer who wrote the service, who knows each line of code of the service intimately. You get fixes fast. ## Is your site hacked? No problem – I can fix that too for a SET fee! – no per hour quotes and estimates needed! See the full details at [https://fix.mySites.guru/](https://fix.mySites.guru/) [![Fix](../../assets/img/blog/fix-1024x576.webp)](https://fix.mySites.guru/) > ## 67,000+ Sites Trust Us for Updates URL: https://mysites.guru/blog/67000-joomla-and-wordpress-sites-trust-mysites-guru-for-their-update-management/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Celebrating 67,000 active Joomla and WordPress sites managed in mySites.guru, growing by 500 new sites every month. Just two short months ago we were celebrating 66,000 sites, today **we are pleased to celebrate 67,000!** On average, [our amazing subscribers](https://mysites.guru/reviews/) are adding 500 new Joomla or WordPress sites a month to our service, that’s 6000 sites a year! *mySites.guru is a unique service to assist you in ensuring [all your Joomla and WordPress sites](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/) are [following the best practice](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/), have [backups](https://mysites.guru/blog/backup-all-your-joomla-wp-sites-easily-with-one-button-in-mysites-guru/), are [monitored](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/), and gives you a [suite of unique tools](https://mysites.guru/blog/security-audit-tools/) to investigate under the hood of your site, [checking each and every line of code](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) in your webspace for hacks are much much more… * Sign up today at [https://manage.mysites.guru/](https://manage.mysites.guru/en/register) ## Thank you. > *“I just want to say a personal thank you to all those that are subscribers and have been since we launched in 2012, you know who you are – your energy, suggestions and feature requests keep me on my toes daily striving to be the best service that we can possibly be.*“ > > > ~Phil Taylor – Founder of mySites.guru ## Add unlimited Joomla and WordPress sites to mySites.guru URL: https://mysites.guru/blog/add-unlimited-joomla-and-wordpress-sites-to-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Step-by-step guide to connecting your first Joomla or WordPress site to mySites.guru — supports unlimited sites for one flat monthly fee. The screenshots below are from an older version of the interface. We've since redesigned the dashboard, but the process works the same way. One of the founding principles of mySites.guru is that we offer an **unlimited service** for **unlimited sites** in your account at **[one set price per month (or year)](https://mysites.guru/pricing/)** And here's something we're proud of — we haven't raised our prices once since we launched in 2012. Over fourteen years later and you still pay the same low flat fee. No sneaky annual increases, no "new tier" upsells. The same honest pricing from day one. Once you have [created your account](https://manage.mysites.guru/en/register) at mySites.guru, you can then add your first site! ### Welcome - we are glad to have you on board! Adding your first site is as easy as selecting which platform you want to connect, we currently support all [Joomla 1.5 and above versions](https://mysites.guru/blog/end-of-life-supported-versions/) and WordPress versions going back a long time. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-17.35.02-1024x570.webp)*Make a selection of platform to add * You will then be presented with the connection wizard. ## Adding a Joomla Site to mySites.guru ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-17.35.39-1024x738.webp) After clicking the Joomla logo you will see the connection wizard, take a look, read, and then you can proceed to the next page. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-17.36.36-1024x742.webp) On the "Get Plugin" page you are given two different ways to install our plugin into your Joomla Site. The most simple is to just copy the url in the green box by pressing the copy button next to it, and paste that into the [Joomla Extension](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/) Installer in your sites admin console. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-17.38.04-1024x455.webp) After clicking check and install and seeing a green success message, return to mySites.guru where you will see a connected screen - and your site will be connected! or you will see this screen: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-17.38.40-1024x746.webp) Dont panic if you see this, it just means your site did not call home to us - we can try to shout at your site and see if our connector is listening, to do this click the "click here" on this screen to provide your domain name ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-17.39.49-1024x744.webp) Add your domain name and attempt the manual connection - fingers crossed the next screen you will see is the manage site page and your site will be connected to mySites.guru ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-17.40.17-1024x742.webp) > **Error messages? Forbidden? .htaccess Restrictions etc??** > > > > > > JUST [ASK FOR HELP](https://manage.mysites.guru/contact) - We investigate all connection issues FOR FREE for you, just use the contact links on our site to [ask for help](https://manage.mysites.guru/contact), we will get you connected so you can enjoy mySites.guru ## Connecting a WordPress site to mySites.guru The process for WordPress sites is slightly different. In the wizard you will be prompted to download our plugin zip. **Read the important notes.** ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-17.42.19-1024x745.webp) You can then install this WordPress plugin the same way you would upload any WordPress plugin to your site. You will then be asked to provide us with your WordPress Site URL ending in a trailing slash ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-17.43.31-1024x740.webp) Once you click attempt connection, we will shout over to your WordPress site and see if our connector replies, and then redirect you to the WordPress Manage site page. ## Can I really connect unlimited sites for one set fee? YES! - Currently the maximum number of sites in a single customer account is **750**! If you get near 750, let me know, I'll buy you a cake! We have not increased [our prices for subscription](https://mysites.guru/pricing/)s from the GBP19.99 per month since we launched in 2012. ### Got Questions? Need Help? Im online most of the time - look for the live chat at the bottom right corner of the page or locate the [contact](https://manage.mysites.guru/contact)/feedback links. **Every Single Page that we publish has a contact means on it and I answer all emails personally within moments if I'm online and within 12 hours normally! ** ## Backup 1000s of Sites from One Dashboard URL: https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/ Date: 2024-03-11 Tags: backups, akeeba, joomla, wordpress, scheduling Category: Manage Multiple Joomla Sites Schedule and manage Akeeba Backup across thousands of Joomla and WordPress sites from a single mySites.guru dashboard. With [mySites.guru](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/) you can set and forget your backup [schedule](https://mysites.guru/blog/schedule-your-security-audits-updates-backups-for-your-site-with-mysites-guru/) and let it handle running your backups and notifying you if there's a problem. ## Rock solid backups There is only one kind of backup worth having: **rock solid backups.** mySites.guru uses [Akeeba Backup](https://www.akeeba.com) under the hood, the [best backup solution](https://www.akeeba.com) available for Joomla and WordPress, inside a [centralised dashboard](https://mysites.guru/features/). Akeeba has been [around since 2006](https://www.akeeba.com/our-team.html). Millions of downloads, [high praise in the Joomla Extensions Directory](https://www.akeeba.com/our-team.html), [three J.O.S.C.A.R. awards](https://www.akeeba.com/our-team.html). One goal: backup, restore and transfer your site in a snap. It supports WordPress too. ## Use mySites.guru as a backup scheduler Scheduling backups across many sites has always been the annoying part of managing Akeeba. mySites.guru handles that as a [centralised scheduler](https://mysites.guru/blog/schedule-your-security-audits-updates-backups-for-your-site-with-mysites-guru/) for all your connected sites. If you have [thousands of Joomla and WordPress sites in your dashboard](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/), managing their Akeeba connections from one place just makes sense. ![mySites.guru backup dashboard showing recent backups, schedules and Akeeba connection status for multiple sites](../../assets/img/blog/ScreenShot-2024-01-29-20.19.57-1024x837.webp) Connecting Akeeba to mySites.guru takes a single click. From there, pick the backup profile to run and set a schedule: daily, weekly, or monthly. The [backup overview dashboard](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/) shows each site's last backup date and status at a glance. ![mySites.guru backup overview showing last backup dates and statuses across all connected sites](../../assets/img/blog/ScreenShot-2024-01-29-20.18.12-1024x904.webp) Think of mySites.guru as a big cron job for Akeeba. You can disable schedules, adjust them, or start backups across all your sites with one click. ## Backup 1000 sites with one click mySites.guru queues all the sites and processes the backups as fast as your servers can handle. ![Running a backup across multiple sites in mySites.guru with a single click](https://mysites.guru/img/blog/Screen-Recording-2024-01-29-at-20.28.26.gif) ## Where are your backups stored? Wherever you tell Akeeba to store them. With [Akeeba Backup](https://mysites.guru/blog/unlimited-backup-schedules/) profiles, you set the destination: Amazon S3, Dropbox, Azure, BackBlaze, Box.com, Rackspace, FTP, or your own server (though we don't recommend keeping them only on the server). ## Are backups stored in mySites.guru? No. Never. mySites.guru triggers and monitors your backups, but the files themselves live wherever you tell Akeeba to put them. ## Notifications The [scheduler](https://mysites.guru/blog/schedule-your-security-audits-updates-backups-for-your-site-with-mysites-guru/) notifies you based on your preferences: when a backup starts, when it finishes, and always when something goes wrong. ![mySites.guru backup scheduler notification settings showing options for backup start, completion, and failure alerts](../../assets/img/blog/ScreenShot-2024-01-29-20.10.42-1024x576.webp) ### WordPress users: All-In-One Migration Plugin support WordPress users aren't limited to Akeeba. You can also use the All-In-One Migration Plugin for your backups. The same scheduling interface and [features](https://mysites.guru/features/) are available in mySites.guru for that plugin too. [Start your free trial](https://manage.mysites.guru/en/register) or [run a free audit](https://mysites.guru/free-audit/) to see how mySites.guru handles backups across all your sites. ## Backup All Your Sites With One Click URL: https://mysites.guru/blog/backup-all-your-joomla-wp-sites-easily-with-one-button-in-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites The one-click Backup All Sites button is back in mySites.guru, now with a per-site default backup profile to power the bulk backup queue. **Ok, I screwed up. I admit it and Im sorry. ** We recently introduced [Unlimited Backup Schedules per site](https://mysites.guru/blog/unlimited-backup-schedules/) and in doing so introduced a logic bug that caused us to remove the "Backup All Sites" in one go feature. Lets talk about that - tl;dr; **The Backup All Sites button has returned!!!** :-) One of the unique qualities our service has always had, is the way we develop in a very agile way - responding to emerging hack threats, security incidents - and requests from our loyal customers! This means we can **quickly and seamlessly **implement and deploy new features at the drop of a hat's notice. With Zero Downtime. Same Day, sometimes many times a day! **This is one of those times. ** ## The problem/cause On implementing Unlimited Backup Schedules per site, we introduced a logic bug. This is caused because before that change, we stored a single Backup Profile per site. This meant that when you clicked the "Backup all sites" we knew which of the unlimited backup profiles to run on each site. When we introduced multiple schedules, you were then able to select a different backup profile per schedule, we no longer had a default profile per site, only a profile per schedule. This meant that we could not provide a "backup all sites" feature, as we did not know which profile to run for each site! ## The solution The solution was pretty simple really, we reverted some code to allow us to re-implement the "Backup All" button on the Schedules tab of the "Scheduled Backups" page We then added new features to allow you to select a default backup profile per site. You can do this on the schedules page, or on the Settings Tab of Manage Site page. ![ScreenShot 21.21.27](../../assets/img/blog/ScreenShot-2024-02-27-21.21.27-1024x754.webp) You can still filter your sites before pressing the new **"Start Backup Of All Sites Visible Below"** button. Once you click the button you get a chance to back out ;-) ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-10-06-at-20.12.44-1024x679.webp) one click of that blue button and we usher your request into our backup queue and process the backups as fast as we can - we will redirect you to see a list of your running backups where you can sit and watch them, or you can close your browser/browser elsewhere because the backups will continue regardless of your actions. Thanks to all those that told us how valuable this feature was, and tested the new implementation. We ♥️ you! ## Check your websites security headers with mySites.guru URL: https://mysites.guru/blog/check-your-websites-security-headers-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru now checks eight HTTP security headers — including CSP, HSTS and X-Frame-Options — on every site snapshot to help you harden against XSS and clickjacking. There are a set of nifty HTTP Headers that you can emit from your site on every response which will harden your site against spoofing, XSS and more **Here at mySites.guru, we have just launched 8 new checks in the [snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/)** **that is taken of your sites over twice a day!** The eight headers we now look for on responses from your site are: - Content Security Policy - Expect CT - Feature Policy (We check you DONT have this deprecated header) - Permissions Policy (We check you DO have this new header!) - Referrer Policy - Strict Transport Security - X-Content-Type-Options - X-Frame-Options **None of these headers alone will protect your site from compromise** - do not be lured into a false sense of security. However it is best practice to [LEARN](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) about them, and [APPLY](https://mysites.guru/blog/security-audit-tools/) them to your site wherever possible to best [defend against compromise](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/), clickjacking and XSS. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-10-05-at-20.53.03-1024x373.webp) ## Not a mySites.guru subscriber? We know not everyone reading this blog is a subscriber, although we [surpassed 64,000 sites connected](https://mysites.guru/blog/mysites-guru-surpasses-64000-connected-joomla-and-wordpress-sites/) (and [heading for 65000](https://mysites.guru/) quickly!) - we hope you will take our service for a test - grab yourself [FIRST MONTH FREE](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) while you are there! If you really don't want to [subscribe](https://mysites.guru/pricing/), The best place you can get a quick overview of your sites security headers is over at [https://securityheaders.com](https://securityheaders.com) - we heavily promote and link to their site throughout the mySites.guru snapshot checks. [![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-10-05-at-21.10.42-1024x963.webp)](https://securityheaders.com) HTTP Response headers are a great thing to have set right, but also be sure that your site follows all kinds of other [best practice](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) - [mySites.guru](https://mysites.guru/) has all that best practice wrapped up in one unique service, to [manage multiple Joomla sites](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/), or [manage multiple WordPress sites](https://mysites.guru/blog/mysites-guru-surpasses-64000-connected-joomla-and-wordpress-sites/) all in one place. ## Automatic Updates for all Joomla Extensions URL: https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Enable automatic updates for any Joomla extension that uses a Joomla update site — set per-site or across all connected sites with two clicks. That's right. **Joomla Auto Updates is a thin**g. Any Joomla Extension that has an update site, thus implements the Joomla API for Updates, can now be set to automatically update when there is an update available. WordPress has had this for years but now harnessing the power of the [Ultimate Toolset at mySites.guru](https://hom) you can now [automatically upgrade any Joomla extension](https://mysites.guru/) or plugin! *Automatic plugin upgrades for Joomla at mySites.guru - No chickens allowed* Building on the foundation that has been running in mySites.guru for years, that has automatically upgraded over 3 million [JCE Editor](https://www.joomlacontenteditor.net/), [Akeeba](https://www.akeeba.com/products/akeeba-backup.html), [AdminTools](https://www.akeeba.com/products/admin-tools.html) and[ RegularLabs extensions](https://regularlabs.com/), you can now select **ANY update site stream** and mark it for auto updates. > This is just continuing our [amazing month](https://mysites.guru/blog/) of new features added at **NO ADDITIONAL COST** to your [subscription](https://mysites.guru/pricing/). Increasing the value we provide with **still no [price increase](https://mysites.guru/pricing/) since we launched in 2012... ** > > > Prices have not been raised EVER! Still, only GBP5.00 for 1 site or GBP19.99 for unlimited Back when we first announced auto updates for Joomla extensions, (4 years ago according to our [changelog](https://manage.mysites.guru/en/changelog)), the quality of some Joomla extensions was shocking, and we decided to limit our feature to just a handful of extension developers who we had met personally, or had shown consistent approach to quality of their work. Its now almost 2020, and times have changed. Some extensions are still shocking quality, but most seem to be stable enough. We also want to put the decision in our customers hands as feedback has shown that a lot of customers have developed their own extensions and would like to select those for auto-upgrade on their customer sites too. This is now possible! ### How does this work? Just select the update site stream on the Updates Tab of Manage Site pages. ![ScreenShot 18.08.40](../../assets/img/blog/ScreenShot-2024-02-02-18.08.40-1024x468.webp) This information is gathered from your site when we run a snapshot of your site. You can see the exact URL provided by the developers that your Joomla site will use, this allows you to check the authenticity of your update sites, something very few Joomla site owners actually check. Any that are marked Auto Update Enabled will then be checked once a day for updates, if that update site has an update for an extension you have installed, then we will instruct your Joomla site to conduct the update, you will of course receive a [notification](https://manage.mysites.guru/en/notifications/) according to your [preferences](https://manage.mysites.guru/en/notifications/) by email on successful and failed updates. You can even use the split button to enable an update site stream on all your connected sites in your account. For example, you can use this to enable auto-updates for Akeeba Backup, on all sites, with 2 clicks! You can also use this feature to keep your Joomla Accredited Translations, [Joomla WebInstaller](https://docs.joomla.org/Install_from_Web), [Joomla Weblinks Component](https://downloads.joomla.org/extensions/weblinks) and Joomla Update Component (J3) up to date automatically. #### I dont want auto upgrades! Thats cool. I'm with you. By default, nothing is enabled for auto-update. You have to make a conscious decision and enable the feature to opt in. #### What about my old preferences for JCE, Akeeba and RegularLabs? Your old preferences have been migrated. If you had previously opted in to auto-updates of JCE/Akeeba/RegularLabs, then these preferences have been migrated to the new update streams and you should see those update sites marked as Auto Update Enabled already. You can disable/toggle this at any time. Up to you. #### What about backups? What if it goes wrong? You can [schedule daily backups](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) in your mySites.guru account using [Akeeba Backup](https://www.akeeba.com/), either the free or professional version. We only update extensions you request, and we notify you immediately if an update fails or is successful so you can click the link in our email and see if your site is online and working correctly. We provide a link to the developers update new/documentation/announcement in that email. You can also set up [Uptime](https://mysites.guru/blog/monitor-your-sites-uptime-with-mysites-guru/) Monitors in your site that check your site every 5 mins, 24 hours a day, 7 days a week. If your site is offline then you will be alerted. ## Web Server disk space monitoring URL: https://mysites.guru/blog/about-the-disk-space-warnings-in-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru snapshots your server's real disk usage twice daily and alerts you before your web host's physical disk fills up. The mySites.guru snapshot gives advance warning and alerts when your disk space (not virtual quota) is nearing full. Some web hosts hide this information. Yesterday, at the request of a few users, we reinstated the mySites.guru disk space alerting into your mySites.guru accounts. We have always retrieved the values from your sites for years, following our last attempt to display these values in your account failed several years ago, and it seems again the back lash on this feature is intense. The thing is - we are just reporting the facts. Whether you like them or not, whether your web host likes the visibility of their physical service or not - they are facts. We are not making up the details. When mySites.guru does a [snapshot of your sites](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) - twice a day - we use 2 well known and very old PHP functions to get 2 numbers. Both PHP functions have been a part of PHP since PHP 4.1.0! The two PHP functions are here, (linked to the documentation) > [disk_free_space](https://www.php.net/disk_free_space) > > > (PHP 4 >= 4.1.0, PHP 5, PHP 7, PHP 8) > disk_free_space — Returns available space on filesystem or disk partition > [disk_total_space](https://www.php.net/disk_total_space) > > > (PHP 4 >= 4.1.0, PHP 5, PHP 7, PHP 8) > disk_total_space — Returns the total size of a filesystem or disk partition Using these two numbers we calculate the amount of space in use, and the percentage used using the code: ``` private function getDiskSpace() { if (! function_exists('disk_free_space') || ! function_exists('disk_total_space')) { return json_encode(array()); } $data = array( 'free' => disk_free_space(JPATH_BASE), 'total' => disk_total_space(JPATH_BASE), ); $data['used'] = $data['total'] - $data['free']; $data['percentUsed'] = sprintf('%.2f', ($data['used'] / $data['total']) * 100); $data['free'] = $this->formatSize($data['free']); $data['total'] = $this->formatSize($data['total']); $data['used'] = $this->formatSize($data['used']); return json_encode($data); } ``` We don't make up the values, apart from the USED and PERCENT USED - which we calculate using maths a teenager could do. The two PHP functions above obtain information from the WEB HOST SERVER corresponding filesystem or disk partition which your site is on. We store this data as a JSON string like: ``` {"free":"1.18 TB","total":"6 TB","used":"4.82 TB","percentUsed":"80.31"} ``` In mySites.guru this is then displayed as a WARNING if over 85% of the corresponding filesystem or disk partition is used (I.e the hard drive is filling up!) or a CRITICAL alert if 95% or more of the corresponding filesystem or disk partition is full. Now a lot of users are getting warnings and critical alerts and moaning that mySites.guru is showing them the facts - then they contact their webhost who tell them that their ACCOUNT QUOTA (A totally different statistic - we cannot know or measure) is not at a warning/critical level - and then the mySites.guru subscriber is emailing me telling me mySites.guru is wrong. We are not reporting the percentage of your ACCOUNT QUOTA - we are reporting the corresponding filesystem or disk partition of your web hosting account - the hard disk partition your files are on and which you SHARE with other sites on the same server. if that hits 100% then your server will be unstable, you will not be able to take backups, the hard disk partition will be full!!! EVEN IF YOU ARE ONLY AT 20% ACCOUNT QUOTA - and account quota is nothing more than a soft software limit - not a hard limit like the amount of data that will physically fit on a hard drive. Its the latter we are reporting on. Believe whoever you trust more I guess. The PHP functions that the PHP project wrote and which have been part of the PHP project since PHP 4 - or your webhost. ## My Webhost says there is 1.18TB free, so Im ok at 80% er.. ok. Using the JSON string above as an example. So ALL THE SITES on the server using the above example total 4.82TB of space consumed - all the sites are using the same partition/drive... so there must be 1000s of sites on this server all waiting for the hard drive, taking their turn to access the data, to read, to write to it, to load data from mysql... thats a lot of sites, but that could be ok on some web hosts. So lets say another customer, with an unlimited quota now does a backup and takes 1.18Tb to back his backup, despite him being within his account quota - the hard disk is now full at 100% ... and your site goes offline - possibly with a mysql errcode 28 (no free space) - or worse. This is an extreme case, but we have seen a LOT of web hosts with over 95% utilisation of their corresponding filesystem or disk partition. **I've seen some where there is only 1.02Gb of free disk space left!!! and thats on a major webhost!!** Here is a brief look at some of the worse data we have - would you be happy hosting on a webhost that only has 1.02Gb of free space left - what if your backup of your site needed more than that? or some other client on that server uploaded a movie or large backup?? ![disk space warnings!](../../assets/img/blog/ScreenShot-2024-01-29-21.32.19-961x1024.webp) ## I hate this warning - I don't want this feature. Remove it! Ok - Just turn off the reporting in your account. In the left menu go to [Notifications & Preferences](https://manage.mysites.guru/en/account/notifications/#tab-settings), and then the [Settings & Preferences Tab](https://manage.mysites.guru/en/account/notifications/#tab-settings) and toggle the "**Show webhost disk space warnings**" so its blue, and then stand up and walk around the office like an Ostrich... ![mySites.guru account alerting preferences](../../assets/img/blog/ScreenShot-2024-01-29-21.32.51-1024x926.webp) ## Im a web host and I dont want you telling my customers about the free space not available on my server! Tuff Titty. All we are doing is calling standard PHP functions and telling our subscribers the values those functions give. You could be pathetic and block those PHP functions, like you do other `disable_function` functions, but that is no way to run a professional webhost in 2023 is it? ## My account quota is at 20% but you are telling me its 97%?! We are not telling you anything - we are reporting the factual information about the corresponding filesystem or disk partition your website is running from - this is a physical limit of the corresponding filesystem or disk partition and not the soft limit called an account quota Your account quota could be 1 trillion or 1 hundred - it makes no difference to this because we are not reporting your account quota - we are reporting the physical size of the corresponding filesystem or disk partition and its use. Your account quota could even be very low in use but the server hard disk be nearly full, so if you were to attempt to upload files to max out your quota, you could find that was impossible because the physical limit of the corresponding filesystem or disk partition is exceeded first! ## So why are the percentage use so high? is 90% normal? Well we all know why they are so high - mass market web hosts make money by putting as many websites on the same hardware as possible to make the most profit possible for the hardware they have available. Its not uncommon - it seems - for mass market web hosts to run the corresponding filesystem or disk partition well above 80 or 90% **mySites.guru considers anything over 85% as a warning and anything over 95% as critical** - but of course it's relative. If you have a small 20Gb partition then 95% full would only leave you a few Gb left, but on a 10Tb partition, 95% would give you 0.5Tb (500Gb) free. ## So what's the bottom line here? It's up to you. Like [everything in mySites.guru](https://mysites.guru/features/) we just report the facts and give you amazing tools to investigate what we discover under the hood of your website. Use the information however you want, or don't, disable the feature or don't - its cool. But don't believe the lies of your web host. And don't tell me mySites.guru is wrong, making things up or lying. I take personal offence. ## White-Label Client Reports for Your Sites URL: https://mysites.guru/blog/create-custom-client-white-label-reports-for-your-joomla-and-wordpress-sites/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites The mySites.guru Custom Report Designer lets you build unlimited branded report templates, assign them to scheduled reports, and send white-label updates directly to clients. Following on from our release of the [Whitelabeled reporting tool for Joomla and WordPress sites](https://mysites.guru/blog/whitelabeled-client-activity-reports-for-joomla-and-wordpress-sites/) in mySites.guru, we are pleased to announce that we have just launched the **Custom Report Designer** for the Whitelabeled report tool. This feature allows you to create **UNLIMITED** (unlimited, as is everything in mySites.guru) custom templates for your reports, which can then be assigned to your scheduled (and manually run) report configurations. You can use this feature to: - Create a custom layout, with your own logo, fonts, styles, colours - Move around the sections in the reports - Remove or add sections - Create one layout and reuse it on multiple reports - Centrally manage all your custom templates for reports Our reports are all HTML. You know HTML. The world knows HTML. [There are good reasons](https://mysites.guru/blog/whitelabeled-client-activity-reports-for-joomla-and-wordpress-sites/) we chose HTML over PDF, doing so gives you COMPLETE CONTROL, using tools you know, over the look and feel! This gives you the ability to brand the reports to your own brand. ## What if I already had customised templates? Dont panic! We migrated your custom templates into the new Custom Report Designer, and reassigned those back to your report configs. You can find them your customised templates on the [Custom Report Designer](https://manage.mysites.guru/en/reports/designer/) page in your account. ### BONUS: You can even send the emails from YOUR email address, so when they arrive at your clients, there is no mention of mySites.guru (or phil@phil-taylor.com!) Thats right, just set your DNS correctly to ensure deliverability (we walk you through that) and then you are all set! ## End-of-Life Version Support in mySites.guru URL: https://mysites.guru/blog/end-of-life-supported-versions/ Date: 2024-03-11 Tags: joomla, wordpress, end-of-life, security, site management Category: Manage Multiple Joomla Sites mySites.guru monitors end-of-life Joomla and WordPress versions from 1.5 to 6, alerting you when sites run unsupported software that puts them at risk. In a perfect world, every site would run the latest version of Joomla or WordPress. In practice, plenty of sites are stuck on old releases. Sometimes very old ones. mySites.guru was built with that in mind. ## Support going all the way back to Joomla 1.5 Most management services only work with recent Joomla releases. mySites.guru connects to every version from Joomla 1.5.0 onwards. The full 1.5, 2.x, [3.x](https://mysites.guru/blog/the-joomla-3-10-999-project/), 4, 5, and 6 series, all with a single plugin. Joomla 1.5.0 was released in January 2008. The final 1.5.x release (1.5.26) came out in 2012. To support versions that old, our plugin has to stay compatible with PHP 5.3.9+. That took real work to get right. ⚠️ Running old versions is a risk We support old Joomla versions so you can manage and migrate them, not so you can leave them sitting there. PHP 5.3 is long past end-of-life and has known security vulnerabilities. You need to see what you're dealing with before you can fix it. ![mySites.guru end-of-life version detection animated walkthrough](https://mysites.guru/img/blog/Screen-Recording-2020-04-02-at-08.51-pm.gif) If you still have Joomla 3 sites, mySites.guru has a tool to [fix known Joomla 3 security issues with a single click](https://mysites.guru/blog/how-to-fix-joomla-3-security-issues-with-a-single-click/). Worth running on anything that hasn't been migrated to Joomla 4+ yet. ## WordPress version tracking mySites.guru tracks WordPress version support too and flags sites that fall behind. WordPress has had automatic updates for years, so there are fewer ancient installations compared to Joomla. But outdated WordPress sites absolutely still exist, and they get targeted. ![mySites.guru showing a Joomla 2.5.28 end-of-life warning](../../assets/img/blog/Screenshot-2020-04-02-at-20.53.52-1024x234.webp) ## Why you should upgrade immediately after a release Every Joomla or WordPress release includes notes about the security issues it fixes. Once that information is public, attackers start probing sites that haven't updated yet. The common advice to "wait a few days to see if anything breaks" is exactly backwards. Those first few days after a release are when your site is most exposed. [Keep everything up to date](https://mysites.guru/blog/how-to-mass-upgrade-joomla-and-wordpress-sites-from-one-dashboard/) across all your sites, run regular [security audits](https://mysites.guru/free-audit/), and let mySites.guru tell you when something falls behind. ## Find hacks and backdoors in Joomla and WordPress sites URL: https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites The mySites.guru suspect content tool - One of the many unique tools within the mySites.guru audit and Ultimate Toolset for WordPress/Joomla, is the Suspect Content Tool. This is our most popular unique tool, let's discuss it today. The [mySites.guru](https://mysites.guru/) **suspect content tool** - One of the many [unique tools](https://mysites.guru/features/) within the mySites.guru [audit](https://mysites.guru/blog/security-audit-tools/) and [Ultimate Toolset for WordPress](https://mysites.guru/blog/security-audit-tools/)/Joomla, is the Suspect Content Tool. This is our most popular unique tool, let's discuss it today. The average number of files in the[ 75,000+ sites connected to mySites.guru](https://mysites.guru/blog/over-66000-joomla-and-wordpress-sites-trust-mysites-guru-service/) is **just under 20,000 files**. 😲 ## Overview The mySites.guru suspect content tool is a cool feature in the mySites.guru service's audit suite. This tool helps you find and check files that might be problematic or follow our rules for different reasons. It's like finding important stuff in a big pile of files on your website. Instead of going through a million files by hand, we give you a short list to look at. ## Data Gathering - the mySites.guru audit The start of the process is to run a mySites.guru audit. This gathers information on every file in your webspace - with no exceptions. The audit process takes a short while but you can walk away from the screen and come back later. For subscribers you can [schedule audits](https://mysites.guru/blog/schedule-your-security-audits-updates-backups-for-your-site-with-mysites-guru/) to happen as often as you like or on demand At the start of every audit we also run our [snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) tools, [capturing over 100 quick checks of your site](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/). Added to the audit that’s even more checks! The audit first compiles a list of all the folders in your webspace – without exceptions – and then grabs a list of the files in those folders. We then run an exhaustive process which includes: - Determine if the file belongs to the core of Joomla or WordPress. - If it's a core file, check if it has been altered since its release. - If the core file is modified, compare it with the original file. - Save the md5 hash of the file for future comparisons. - Go through every line of code in each file. - Scan each line for nearly 2000 known patterns of previous hacks; if found, label the file as "suspect." - Verify the md5 hash of the file against a database of over 14,000 confirmed "hacked" file hashes—no false positives, as each hash has been manually validated. - Examine file metadata, including creation and modification dates, and explore EXIF data on images where hacks are commonly found. - Identify encrypted files, PHP error logs, archive files, files larger than 2MB, zero-byte files, and other file classifications. Once the audit is over we notify you so you can login to mySites.guru and review the results. The screenshot below shows the first three sections of the audit tab. ![The mySites.guru audit screen](../../assets/img/blog/ScreenShot-2024-02-04-17.51.52-960x1024.webp) ## Check every line in every file During the audit, every line in each file within your webspace is thoroughly examined, with no exceptions except for our internal list of exclusions and whitelisted files/hashes/patterns. What sets us apart from other "scanners" is our audit looks at the content of every file in your webspace. We inspect all files in your webspace, not just the rendered output of your site. We even analyze files not actively used for rendering your site, often referred to as backdoors. These hidden vulnerabilities may linger in your webspace unnoticed for years before being discovered and exploited by hackers. Hackers also use dot-prefixed filenames specifically because most file managers hide them — [hidden files are a blind spot that deserves its own audit](https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/). ## Suspect Content Match The mySites.guru audit has several ways to identify suspect content. The main two are: - Over 2000 regex patterns based on historic hacks seen on real Joomla/WordPress sites over the years, including emerging hacks and mutated hacks seen in the last few weeks. These files are just suspect - there will be false positives by design - and not everything from this list will be bad, or hacks, or backdoors. - Whole file hashes, that match the whole file, instantly marking these files as hacked, with a red [Hacked] label in the file tool results. These are normally backdoors and match hashes of files we have seen in the past. ## Complete file match - md5 hash When we discover a backdoor file (like c99, r57 or any file that is hacked) we calculate the md5 hash of the entire file and store that. On the next audit of any site connected to mySites.guru, we distribute these new hashes and look for files in YOUR webspace that might match these. If a file on your site matches any of our hashes then we will mark that with a red [HACKED FILE] flag in the audit results. **There are no false positives here. If the hash matches it IS a hacked file. Fact. ** ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-03-31-at-00.17.53-1024x378.webp) ## Single pattern match - Over 2000 regex patterns The second level of detection is suspect content based on regex. "regex" is a pattern based match based on over 2000 patterns we have curated over the last decade, and improve daily. These find the normal things like use of `eval()` functions, `base64_decode` and `gzinflate` on the same line and the other cool tricks that hackers use. Our regex patterns find PARTS of hacks also, in this way a hacked file can be inspected on a line by line basis to find smaller snippets of hacks, where a file has been injected with a hack as opposed to the whole file being a whole hack/backdoor. Not every match with our patterns necessarily signifies a hack; this is intentional. The challenge stems from PHP being the shared language for both your authentic code and the hacks (primarily). Think of it like both parties conversing in English. If we search for a common word like "The," matches will emerge in both hacks and genuine code. Yet, we diligently work to keep legitimate matches to a minimum. This means you won't have to comb through 20,000 files to find a hack; the mySites.guru audit pinpoints and allows you to review only a handful of identified files. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-04-at-13.33.02.webp)*Just a small number of regex patterns we match on* ## Reduce your time looking for hacks The average site based on the 63,000 sites mySites.guru is connected to, has 19,882 files! That is a lot of files to manually sort through looking for hacks. The results of the mySites.guru audit give you a handful of files to look through - what's more, we give you an easy interface to view the exact lines of the exact files that we list - no need to fire up your FTP application or look through your file system manually. If your file is a known backdoor for a hacker – we mark it as such! ![finding hacks with mySites.guru](../../assets/img/blog/ScreenShot-2024-02-04-17.54.04-1024x470.webp) By clicking any of the file names, you can see a preview of the section of the file we think is suspect. You can also see when it was modified, its size, and its permissions. You can use our tools to edit the file directly in mySites.guru and then save the changes, and we will upload them to your site – no need to find your FTP Client! You can also delete the whole file with a single click. ## Crowd Sourced Data Model After every audit, the mySites.guru detection improves. Anonymous data on the suspect content found is submitted to our internal queue and after manual review is added to future iterations of our data model. In plain language, this means if a new hack is found on a Joomla Site, then on the next audit of YOUR Joomla sites, we will look for that hack - this means by being connected to mySites.guru you benefit from all the knowledge gained in fixing and identifying hacks on all other sites. This also allows us to track trends and waves of infections and improve the detection of new and mutated hacks and backdoors. This data model improvement alone makes mySites.guru unique and sets us apart! ## Detection Improves Daily Across the mySites.guru service we run over 3000 audits of Joomla and WordPress sites per day (at the time or writing) - this means we always have up to date information on the very latest hacks and waves of backdoors seen across the world. We find over 200 hacked sites a week. ## What about false positives? **Not everything that match our patterns will be a hack! ** **This is by design!** The problem is, PHP is the language that your genuine code is written in and PHP is the language used by the hacks (mainly) and therefore you are both using the same language - for example, if you both spoke English, and we searched for the word "The" then there would be matches in both hacks and genuine code. However, we work very hard to reduce the number of genuine matches to a minimum - thus instead of you having to look at 20,000 files for a hack, you can identify and review a handful fo files that the mySites.guru audit identifies. ## Can I whitelist files or folders? No. To allow exceptions would defeat the inclusiveness of the tool and water down its effectiveness. I expect you WILL get false positives, and that is fine, annoying but fine. You get these because we have chosen to show you rather than hide these files, just in case. Sometimes pattern matching is not enough and a human with experience in code needs to make a judgement call on a file ([Feel free to ask me for a quick peek!](https://manage.mysites.guru/contact)) — or you can try the [AI malware analysis tool](https://mysites.guru/blog/ai-powered-malware-analysis-now-available-in-mysites-guru/) which can triage suspect files for you in seconds You see, hackers use the same code that good developers use (Like curl, file_get_contents, $_GET etc...) - so sometimes it's hard to tell if some code is evil, without context, and you cannot get context with a dumb tool that pattern matches. **We do not allow users to whitelist anything anymore** We used to, then it soon became clear that some users don’t have a clue what’s a hack and what’s not - and a user whitelisted everything and then sued us for not telling him his site was hacked. After legal fees we were £14,000 out of pocket. Plus as mySites.guru uses crowdsourced data and machine learning, too many “fake” whitelists has a huge knock on effect to our integrity. I personally am the only one that whitelists, and I do it rarely The whole point of the tool, as it clearly explains, is to generate false positives as well as 100% exact matches - this way we also capture emerging hacks and extremely bad practice by extension developers. ## Comparison to external "scanners" Other services **claim** to have an “audit” tool. Most of the time they mean they have implemented the [Sucuri SiteCheck API](https://sitecheck.sucuri.net/), which only “scans” your site as a visiting browser would, **it doesn’t check the files in your webspace**, and doesn’t find anything that is hidden under the surface of your rendered webpages. Be warned. Not all “Audits” are in-depth and comprehensive!Make sure you compare apples with apples. Not everyone claiming to be an “apple” is. ## Current Limitations We currently (at the time or writing) do not scan database tables for malware - meaning that we will sometimes miss WordPress SQL injected posts. We are actively working on a solution for this. ### BONUS: Out of your depth? Need help? If the mySites.guru audit finds your Joomla or WordPress site is hacked, and you are unsure how to fix it with our tools, or just want us to take care of everything for you, you can escalate this to us using the service at **[https://fix.mysites.guru/](https://fix.mysites.guru/)** for **SET FEE priced hack fixes.** ## Quick Snapshot of All Your Sites URL: https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites The mySites.guru snapshot runs over 100 quick checks — PHP version, CMS version, security headers, SSL and more — twice a day on every connected site. In this article we are going to describe the amazing and** unique snapshot **that is performed by mySites.guru twice a day, or on demand on your sites. The snapshot currently has over 140 data points collected within seconds! While its not a photo of your site, it is a quick overview of hundreds of the best practice and security checks implemented - or not - on your site. ## What exactly is the mySites.guru snapshot? Within mySites.guru, where you can add **UNLIMITED** Joomla and WordPress sites to your account, you can see two main areas of "checks" These are the Snapshot and the Audit tabs on the Manage Site Page. The difference between the Snapshot and the Audit checks, is that the snapshot checks can be **completed within milliseconds**, whereas the audit has checks that require us to look at every single line of code in every single file in your webspace, this obviously takes more time. Both features provide a huge list of best practice that is checked by the service, and highlights those areas you should concentrate on. The Snapshot checks your platform (Joomla/WordPress) configuration, Writing Settings, Discussion Settings, User Accounts and Access, Plugins and Extensions, File Information, Database Integrity and Hosting Environment. Each of the tools is displayed, showing the current status on your site, the trend (if its changed, increased or decreased) a [Learn More](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) button and either a quick toggle or link to the investigate page where you can investigate the reported issue and fix it. ## Resolve problems with a single click! Here is an example of just some of the Discussion Settings checks for WordPress: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-03-28-at-15.00.40-1024x205.webp)*Screenshot is old - sorry. Same features just a different look and feel in 2024 onwards* On the right you can see that these checks can be **quickly resolved with the toggle switch** - a single click and your site will then be following the best practice again! ![Toggles](https://mysites.guru/img/toggles.gif)*Screenshot is old - sorry. Same features just a different look and feel in 2024 onwards* ## Automated. Twice Daily. And On Demand Once a site is connected to mySites.guru, we will automatically refresh the snapshot data twice a day, and when you click "*Take a new snapshot*" button, this means you also have the very latest information at your fingertips in your mySites.guru account. Huge number of checks, leading you to follow best practice! The snapshot has a huge number of checks, that we consider to be the best practice for secure and optimized websites. You might not agree with some recommendations and that's fine with us, Here is just one small section of the Joomla Snapshot: ![mySites.guru snapshot wordpress configuration](../../assets/img/blog/ScreenShot-2024-02-14-20.03.49-1024x604.webp) Of the whole page if you are interested (and have good eyesight!) ![Manage.mysites.guru en sites manage p0MpGb anon1](../../assets/img/blog/manage.mysites.guru_en_sites_manage_p0MpGb_anon1-425x1024.webp) And thats just SOME of the snapshot checks! ## The snapshot powers other features too... At the end of the snapshot, we gather a list of your Extensions/Plugins/Templates/Themes and we check each one of them for updates that might be available. Depending on your settings you can ask that we do an Auto Upgrade these things, but more on that in another blog post ... We also use this opportunity to capture your Site version, PHP version etc. ## Identifying hacks The snapshots job is not to identify hacks - that is done in the audit - however there are checks in the snapshot that will uncover things to do with hacks - for example, mySites.guru features are pushed very very often, and when we see emerging trends we will add a new mySites.guru check for that. An example of this is in 2016, when there was a specific hack that created usernames with a pattern like `Joomla.user.helper.XXXX` Now, you would probably not notice if one of your 1000s of users was called "`Joomla.user.helper.XXXX` but the mySites.guru snapshot would, and would show you this as a check for you to resolve manually We have got your back on this! ### Want to know more about the snapshot? Create your free account today! ## BONUS - Screen Shots! Some English speakers see the word snapshot and the camera icon and might think of photos rather than what we describe above. As an added bonus, mySites.guru creates a snapshot (picture) of your home page for every site you add to mySites.guru! You can view these on a public URL (Disabled by default, [here is our example](https://links.mysites.guru/hkhlviz75bz7c2whxj6sbvzcxiocqomh)), or within your account. ![6dqj44](../../assets/img/blog/6dqj44.webp)*Example Screenshot of mySites.guru rendered by the mySites.guru service* ## Get Expert Help for Your Sites Instantly URL: https://mysites.guru/blog/get-expert-help-for-your-joomla-and-wordpress-problems-immediately/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites mySites.guru subscribers get direct access to Phil Taylor, Joomla core contributor, for fast expert help with any Joomla or WordPress problem — no ticket queues. Got a WordPress or Joomla Problem and need expert help today? Phil Taylor is available for hire with set fees over at [https://fix.mySites.guru/](https://fix.mySites.guru/) Phil Taylor is the developer of mySites.guru and long term contributor to many projects such as WordPress, Joomla and Symfony - among the biggest open source projects. ## Is your site broken? Hacked? Get immediate help to fix your **#Joomla** or **#WordPress** site today. Your expert, [Phil Taylor](https://www.phil-taylor.com/), founder of [mySites.guru](https://mysites.guru/) charges SET FEES to fix sites. ### An incident normally includes one or more of the following: - ✅ **Fix of your hacked site** - ✅ An upgrade to the latest version if needed - ✅ Debug and fix **PHP error messages** - ✅ Debug and fix **White Screen Of Death** - ✅ Debug and fix **a specific issue** - ✅ Investigation of a web hosting issue, with report - ✅ Fixing of PHP configuration and settings - ✅ Debugging error messages and site crashes - ✅ Advice and consultancy on the issue - ✅ SET FEE CHARGED - NOT PER HOUR FEE - ✅ FREE month subscription to [mySites.guru](https://mysites.guru/)* - ✅ Simple form to complete, then sit back and relax - ✅ **Same day resolution on average!** - ✅ All results fully explained in english - ✅ All major credit cards accepted securely - ✅ Your credentials will be encrypted and timeboxed #### Sorry but we dont do these things: - ❎ Ongoing Project Work - ❎ Website building from scratch - ❎ Plugin & Extension Development - ❎ Template Design (Contact [Lee Tempest](https://www.stormcreativedesign.co.uk/) for template work) ### @myPhilTaylor - Your Expert Today. The person behind this service is [Phil E. Taylor](https://www.phil-taylor.com/), founder of [mySites.guru](https://mysites.guru/) and long term contributor to the [Joomla project](https://joomla.org/), as well as core code contributor to [WordPress](https://wordpress.org/) and [Symfony projects](https://symfony.com/). Phil's best skill is his debugging, getting to the root of a problem. Once the root issue is identified, the fix is normally very simple (with experience) and with these years of experience, Phil is happy to offer a set fee and not a per hour or open-ended fee. When your agency team have reached the limit of their experience, this is when to contact Phil. Most of the work we do comes after several days of head scratching or when people are out of their depth. Just let us know, and we can get started to help your team move forward! ### Other services available The items above are two of our most popular services, however, **I can provide consultancy on any Joomla, WordPress, PHP and Server issue.** Most will be a **set fee of GBP120.00 ** for smaller, quicker issues. You can select the service, and the set fee in the first question in the [secure work request form](https://manage.mysites.guru/contact) or [contact Phil directly](https://manage.mysites.guru/contact) ## How to audit your Local Sites with mySites.guru, or behind firewalls! URL: https://mysites.guru/blog/how-to-audit-your-local-sites-with-mysites-guru-or-behind-firewalls/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites How to connect and audit local development sites or sites behind firewalls to mySites.guru using the built-in tunnel and proxy support. Until now, you could only add live production websites to your mySites.guru account, this blog post will introduce a new way you can now test a Joomla or WordPress site installed on your local computer, or behind a corporate firewall and inaccessible normally to the internet. ## Introducing Ngrok - a small utility to give your local sites a public address In order to connect your local sites, or sites behind a firewall, we are going to introduce [Ngrok](https://ngrok.com) - you can read all about its powerful options on their website [https://ngrok.com](https://ngrok.com) It does way more than we are going to cover here, and has free and paid for options depending on the features you want. You can use the **free level** ([or any paid level](https://ngrok.com/pricing)) of Ngrok to connect your sites to mySites.guru, however if you are using the free level then, for the time you have the tunnel open, your "private" local/firewalled sites will be publicly accessible on a random url. If you have a [Business Plan](https://ngrok.com/pricing) at ngrok you can limit access to your site by [our IP addresses](https://manage.mysites.guru/public/ips). ## Why would you want to do this? Several examples: - During development you might want to audit your site on your local computer quickly - During fixing a hack, you might want to audit the security of the content of the files on a hacked site, hosted locally, before you are sure the hack has been removed - Auditing and connecting an intranet or server behind a corporate firewall or NAT not normally accessible to the internet. ## What is ngrok? From their website: > ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels. > > > [https://ngrok.com/product](https://ngrok.com/product) ## Alternatives to ngrok There are some other ngrok-like tools, which we will not cover here, but some are gaining much attention recently, even though they are less mature and less feature-rich than Ngrok. The one I like most is [Expose](https://expose.dev/docs/introduction), as its written in PHP. The concept is the same. ## The Concept The concept with Ngrok, is that you download and install ngrok, and you run a command line, this creates a tunnel to your local computer and sets up a reverse proxy to a public URL that ngrok will give you. The ngrok application will even give you a fully validated SSL url so that your local non-ssl site can now be accessed on a SSL based Url! > In simple terms, you will provide mySites.guru with this disposable url from ngrok, and when we access it, we will see your local website on your local computer as if it were a real live website on the internet. Simple! **Note: The principle is making something not normally available on the internet, something secured away from the internet, now publicly accessible to anyone with the known url. Be sure you are comfortable with that fact. Anyone with the ngrok random url can access your site while the tunnel is up and running. No one will be able to access your site once the tunnel is stopped. ** ## Lets get started! Ok first you need to signup (for free, or paid account) [download and install](https://ngrok.com/download) ngrok - this varies depending on your operating system but is all [documented on their site](https://ngrok.com/download). Once you have installed ngrok, you can authenticate ngrok using the command ``` ngrok authtoken ``` You can find your auth token in your ngrok account. Its actually displayed and can be copy and pasted from this page https://dashboard.ngrok.com/get-started/setup after [login](https://dashboard.ngrok.com/login). The next (and last step here) is to start a tunnel pointing at your local web server. Lets assume than right now you access your local site on https://mysites.guru/ then the ngrok command would be: ``` ngrok http 80 ``` If your local website was on a special port, like 8080 then just change the 80 to 8080. If your local website uses a name like https://myhackedsite.localmachine:8081/ then the ngrok command would be: ``` ngrok http https://myhackedsite.localmachine:8081 ``` if you have done everything right you should see something like this: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-06-22-at-10.47.43-1024x347.webp) You can now open a browser to the ngrok.io urls provided and see your website live on the internet! In the example screenshot above **https://c8b94007b63b.ngrok.io** is the url I would use. ## Connecting the site to mySites.guru The rest is pretty simple. Just take that secure https url provided by ngrok and connect your site to mySites.guru the same way you would any other site using the "Add another site" button on the sites page in your mySites.guru account. **Note: You need an unlimited sites subscription to connect ngrok urls to mySites.guru - we do not allow free trial accounts, disposable accounts, or one-site-only accounts to use ngrok urls to prevent fraud and abuse.** To terminate the tunnel after you have finished you can press CTRL and C when the terminal is active. Note that each time you start a tunnel the random url WILL CHANGE, if you want to prevent this you can [upgrade to a paid plan at ngrok](https://ngrok.com/pricing) and have a [custom reserved domain](https://ngrok.com/docs#http-subdomain). If using WordPress and having problems, you can see [this gotcha](https://ngrok.com/docs#wordpress) in the docs. ## Conclusion Ngrok (or expose) are great tools for any professional web developer or agency to have at their fingertips to solve problems. Ngrok exposes your otherwise inaccessible services to the internet using tunnels that allow us to connect to your site as if it were a live website. Ngrok is much more powerful than this blog post explains - be sure to find out more on their site, upgrade to a paid plan, and enjoy (We are not being paid to say this, we use ngrok ourselves and are happy to recommend it). ## Real-Time Alerts for File Changes & Logins URL: https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru sends real-time email alerts when files are modified, an admin logs in, or any other security event occurs on your Joomla or WordPress sites. mySites.guru is not just a suite of tools for [managing multiple WordPress sites](https://mysites.guru/), its used by over[ [TOTALSITES] Joomla and WordPress sites](https://mysites.guru/blog/) - its also a great alerting tool that will let you know when things are happening (good? bad?) on your site! ## Realtime Alerting Triggers Your website will promptly notify us based on your chosen preferences, whether it's someone logging into the admin console, the saving of Global Configuration, or various other triggers. We want to increase the number of triggers - so if you have ideas [let me know](https://manage.mysites.guru/en/help/contact)! ![set your alerting preferences in mySites.guru](../../assets/img/blog/ScreenShot-2024-02-12-13.32.23-1024x785.webp)*The available realtime triggers for Joomla and WordPress sites* ## Near Realtime File Checks You can opt in to have a set of files monitored on your site, which, when modified, your site will inform us and we will alert you. This is "near realtime" as the actual trigger is a load of any page on your site - so for example, if a file is modified, the very next time any page on your site is loaded, we will be alerted (Same concept as the web-cron in WordPress). We call this "near realtime" but in practice it is actually realtime for a normal website as the action of modifying a file through a web interface will trigger the alert. Its only delayed to "near realtime" if the file was modified over FTP and then there was some time before a page was loaded. Each files md5 hash is calculated and stored on your server, on every page load we recalculate the md5 of the current file and compare that to the hash that is cached. If the md5 has changed then we send you an alert. You can add unlimited files in this list, although in practice a short list of important files, including your configuration and template files (the places hackers like to hack) will suffice. Not sure what files deserve monitoring? Start by understanding [what hidden files are already in your webspace](https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/) — some of them may surprise you. ![ScreenShot 13.32.39](../../assets/img/blog/ScreenShot-2024-02-12-13.32.39-1024x394.webp) ## Whitelist your own IP You can also whitelist certain IP Addresses so that they do not cause false alarms when you yourself are making changes. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-05-01-at-09.40.15-1024x451.webp) ### BONUS: SSL Expiration Alerting We know other services have recently been shouting that they do this, but we have been doing this since 2012 ;-) If your [SSL certificate is getting close to expiration](https://mysites.guru/blog/keep-an-eye-on-your-joomla-and-wordpress-ssl-certificate-expirations-with-mysites-guru/), we will alert you, according again to your preference, you can also set the number of grace days you would like before being alerted to the expiration. ![ScreenShot 13.34.09](../../assets/img/blog/ScreenShot-2024-02-12-13.34.09-1024x339.webp) ## Bonus: Want alerts to go to multiple please? Use Team Members! If you want your alerts to go to more than one person, you can set up more people as [team members](https://mysites.guru/blog/manage-multiple-joomla-and-wordpress-sites-with-your-whole-team/), and then they can set their own notification preferences for each site. You can even [impersonate team members](https://mysites.guru/blog/how-to-impersonate-your-mysites-guru-team-members/) and set their preferences for them. ![ScreenShot 14.08.53](../../assets/img/blog/ScreenShot-2024-02-12-14.08.53-1024x585.webp) ## Remove Fluff Files After Joomla Updates URL: https://mysites.guru/blog/how-to-automatically-remove-fluff-files-after-joomla-updates/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites mySites.guru can automatically delete leftover installation folders, readme files and other fluff left behind after Joomla core updates. > What is fluff??? – *Unneeded files that Joomla distributes that you can safely remove from your site.* *Remove the joomla fluff after each update* Lots of people asked us to remove “Fluff files” automatically on upgrading Joomla – well, you can now opt in for this on the **Settings Tab** of your **Manage Site** pages in your account at [https://mysites.guru](https://mysites.guru) ![ScreenShot 18.40.41](../../assets/img/blog/ScreenShot-2024-02-02-18.40.41-1024x312.webp) Removing these files will not damage your website at all, it will just tidy up your webspace. Although there is no danger in leaving these files in place we highly recommend you remove them, as we all know fluff just gets in the way. You can check the status of these files at any time on the Snapshot Tab. After a snapshot is taken in mySites.guru, we display the number of files that are found in the snapshot results page ![ScreenShot 18.41.11](../../assets/img/blog/ScreenShot-2024-02-02-18.41.11-1024x254.webp) You can then use the "Learn More" button to learn more about this check, why its important, the technical details etc, and you can use the "Investigate" button to resolve the problem, which in this tools case, deletes the files from your site that are considered "fluff" and not needed. ![Fluff](../../assets/img/blog/fluff.webp) The files which we will remove are: ``` /.appveyor.yml /.drone.yml /.editorconfig /.git-blame-ignore-revs /.gitignore /.php-cs-fixer.dist.php /.travis.yml /build.xml /CHANGELOG.php /CODE_OF_CONDUCT.md /configuration.php-dist /CONTRIBUTING.md /COPYRIGHT.php /CREDITS.php /cypress.config.dist.js /htaccess.txt /INSTALL.php /joomla.xml /LICENSE.php /LICENSE.txt /LICENSES.php /package.json /package-lock.json /phpunit.xml.dist /phpunit-pgsql.xml.dist /README.md /README.txt /renovate.json /robots.txt.dist /ruleset.xml /travisci-phpunit.xml /web.config.txt /images/banners/osmbanner1.png /images/banners/osmbanner2.png /images/banners/shop-ad-books.jpg /images/banners/shop-ad.jpg /images/banners/white.png /images/headers/blue-flower.jpg /images/headers/maple.jpg /images/headers/raindrops.jpg /images/headers/walden-pond.jpg /images/headers/windows.jpg /images/joomla_black.gif /images/joomla_black.png /images/joomla_green.gif /images/joomla_logo_black.jpg /images/powered_by.png /images/sampledata/fruitshop/apple.jpg /images/sampledata/fruitshop/bananas_2.jpg /images/sampledata/fruitshop/fruits.gif /images/sampledata/fruitshop/tamarind.jpg /images/sampledata/parks/animals/180px_koala_ag1.jpg /images/sampledata/parks/animals/180px_wobbegong.jpg /images/sampledata/parks/animals/200px_phyllopteryx_taeniolatus1.jpg /images/sampledata/parks/animals/220px_spottedquoll_2005_seanmcclean.jpg /images/sampledata/parks/animals/789px_spottedquoll_2005_seanmcclean.jpg /images/sampledata/parks/animals/800px_koala_ag1.jpg /images/sampledata/parks/animals/800px_phyllopteryx_taeniolatus1.jpg /images/sampledata/parks/animals/800px_wobbegong.jpg /images/sampledata/parks/banner_cradle.jpg /images/sampledata/parks/landscape/120px_pinnacles_western_australia.jpg /images/sampledata/parks/landscape/120px_rainforest_bluemountainsnsw.jpg /images/sampledata/parks/landscape/180px_ormiston_pound.jpg /images/sampledata/parks/landscape/250px_cradle_mountain_seen_from_barn_bluff.jpg /images/sampledata/parks/landscape/727px_rainforest_bluemountainsnsw.jpg /images/sampledata/parks/landscape/800px_cradle_mountain_seen_from_barn_bluff.jpg /images/sampledata/parks/landscape/800px_ormiston_pound.jpg /images/sampledata/parks/landscape/800px_pinnacles_western_australia.jpg /images/sampledata/parks/parks.gif ``` > Please note, just because we call the License file fluff, doesnt mean we believe the license Joomla is distributed under is fluff – just to be clear 🙂 The GPL recommends that the text of the license is distributed with the Open Source of the product, but you don’t need it there cluttering up your webspace. We did try to get the Joomla project to see sense, but failed 😉 ## Bonus: View the status across ALL Joomla sites The Ultimate Toolset at mySites.guru allows you to view how many fluff files are on each Joomla site at a glance also. like this: ![View the fluff files in joomla across many sites](../../assets/img/blog/ScreenShot-2024-02-02-18.41.45-1024x803.webp)*View the fluff files in Joomla across many sites* ## Bonus: Technical requirements check tools Planning an upgrade? mySites.guru can check whether your sites meet the technical requirements for [Joomla 5](https://mysites.guru/blog/joomla-5-technical-requirements-check/) and [Joomla 6](https://mysites.guru/blog/joomla-6-technical-requirements/) before you hit the update button — across all your connected sites at once. ## Bonus: Hidden files audit Speaking of tidying up your webspace — fluff files aren't the only things hiding in plain sight. Hackers plant [dot-prefixed hidden files and folders](https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/) that most file managers never show you. The mySites.guru audit surfaces them all in seconds. ## Disable "Send Copy to Submitter" in Joomla URL: https://mysites.guru/blog/how-to-disable-send-copy-to-submitter-in-joomla-to-prevent-spam-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Use mySites.guru to bulk-disable the Joomla Send Copy to Submitter contact form setting across all your sites to stop it being abused for spam. We have all been there. The customer calls and says people are telling him that his **Joomla Site is spamming them**, and on investigation the spammer has misused the `Send Copy To Submitter` feature of Joomla. **Well now mySites.guru identifies this setting and alerts you if its not disabled.** One of the long standing core features of Joomla is the Contact Form. However, the contact form has been much abused by spammers over the years. One of the ways spammers abuse the contact form is to use the `Send Copy To Submitter` feature. This is a simple checkbox on the contact form that, when ticked, and the form submitted, will send the contact form as normal to the Site Admin (or whoever its configured to send to) as well as to the email address provided by the person filling in the form. That "person" might be a bot, a spammer, and the email address they provide in the "Email" input is the email address destination of their spam target. Once they put the email of their target in, and check the `Send Copy To Submitter`box they submit the form and Joomla simply honours what they have asked. It sends a copy to the email address provided. The "victim" then receives spam with a subject line starting "Copy of:" The "victim" then accuses your site of spamming them. ## Disable send to submitter in Joomla https://www.youtube.com/watch?v=oCXcv8CVFz8 ## The mySites.guru snapshot now shows this setting Every day the [mySites.guru snapshot takes tens of thousands of new snapshots of Joomla and WordPress sites](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) (the `Send Copy To Submitter` issue is a Joomla thing though!) ![ScreenShot 19.06.41](../../assets/img/blog/ScreenShot-2024-02-05-19.06.41-946x1024.webp) We now report in the snapshot if your site has the `Send Copy To Submitter`setting enabled. ![ScreenShot 19.06.26](../../assets/img/blog/ScreenShot-2024-02-05-19.06.26-1024x182.webp) Note that in later versions this setting is disabled by default when you install Joomla, and that earlier versions had it enabled by default. Note also that although we check the Global value of this setting, you can still override the Global setting on a per form basis. We don't check this because that is a deliberate action you would need to take, and we hope you know why you did it. We are just recommending sane Global defaults. You can also use the pivot button to view this settings current status on ALL your connected sites to mySites.guru (remember that [mySites.guru is an UNLIMITED SITES service for only GBP19.99 a month](https://mysites.guru/pricing/)!) ![ScreenShot 19.07.33](../../assets/img/blog/ScreenShot-2024-02-05-19.07.33-1024x781.webp) ![ScreenShot 19.08.10](../../assets/img/blog/ScreenShot-2024-02-05-19.08.10-1024x687.webp) ## Fix Joomla 3 Security Issues in One Click URL: https://mysites.guru/blog/how-to-fix-joomla-3-security-issues-with-a-single-click/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Patch every known Joomla 3 security vulnerability across all your sites with a single toggle in mySites.guru — no manual file edits, no eLTS subscription. Joomla 3 is end of life. The official project stopped releasing public updates at 3.10.12, but new vulnerabilities keep turning up. In January 2025 alone, three more were disclosed via the [eLTS programme](https://elts.joomla.org/). Manually patching 55 files per site is tedious enough when you have five sites. When you have five hundred, forget it. **mySites.guru fixes every known Joomla 3 security issue with a single click.** > We include all Joomla 3 security fixes in the service. No eLTS subscription needed. ## How it works The patch tool is in the Site Snapshot for each Joomla 3.10.12 site in your mySites.guru account. One toggle. That's it. Under the hood, the mySites.guru connector tracks the MD5 hash of each file that needs patching. Flip the toggle on and it compares hashes against the expected patched versions, replacing anything that doesn't match. Flip it off and the files revert to stock 3.10.12. The tool only runs on Joomla 3.10.12, the last publicly released version of the Joomla 3 series. It ignores the commercial eLTS programme entirely. ![One-click Joomla 3 security patch toggle](../../assets/img/blog/ScreenShot-2024-02-21-16.43.45-1024x246.webp) ## Finding the tool Two ways to get there: 1. [Cmd+K](https://mysites.guru/blog/our-command-palette-navigation-with-cmdk/) and search for "Fix All Known Joomla 3" 2. Open your site's [Snapshot](https://mysites.guru/blog/snapshot-all-your-sites-with-one-click-at-mysites-guru-the-joomla-and-wordpress-control-panel/) and scroll to the Joomla Configuration section ![Command palette search for "Fix All Known Joomla 3 End Of Life Security Issues"](../../assets/img/blog/ScreenShot-2024-02-21-15.01.04-1024x325.webp) Both paths lead to a tool overview page listing every Joomla 3.10.12 site you manage, along with each site's current patch status. ![Fix All Known Joomla 3 End Of Life Security Issues overview screen](../../assets/img/blog/ScreenShot-2024-02-21-17.01.34-1024x910.webp) ## Patching multiple sites at once Got dozens or hundreds of Joomla 3 sites? Click the grid icon next to the toggle to open the bulk view. It shows every Joomla 3.10.12 site with individual toggles. ![View Joomla 3 security patch status across all sites](../../assets/img/blog/ScreenShot-2024-02-21-16.59.06-1.webp) Direct link: [manage.mysites.guru/en/tools/allsites/Joomla/joomlaconfiguration/joomla3eol](https://manage.mysites.guru/en/tools/allsites/Joomla/joomlaconfiguration/joomla3eol) ## What vulnerabilities does it fix? Individually, none of these will get your site hacked while you sleep. But stacked together across an unpatched site, they add up. The patch covers 55 files and addresses every known vulnerability disclosed since 3.10.12: ### XSS vulnerabilities - [CVE-2024-21724](https://www.cve.org/CVERecord?id=CVE-2024-21724) — [XSS in media selection fields](https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html) - [CVE-2024-21725](https://www.cve.org/CVERecord?id=CVE-2024-21725) — [XSS in mail address outputs](https://developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html) - [CVE-2024-21726](https://www.cve.org/CVERecord?id=CVE-2024-21726) — [Inadequate content filtering within the filter code](https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html) - [CVE-2024-21731](https://www.cve.org/CVERecord?id=CVE-2024-21731) — [XSS in StringHelper::truncate method](https://developer.joomla.org/security-centre/937-20240703-core-xss-in-stringhelper-truncate-method.html) - [CVE-2024-26278](https://www.cve.org/CVERecord?id=CVE-2024-26278) — [XSS in com_fields default field value](https://developer.joomla.org/security-centre/939-20240705-core-xss-in-com-fields-default-field-value.html) - [CVE-2024-26279](https://www.cve.org/CVERecord?id=CVE-2024-26279) — [XSS in Wrapper extensions](https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html) - [CVE-2024-40743](https://www.cve.org/CVERecord?id=CVE-2024-40743) — [XSS vectors in Outputfilter::strip* methods](https://developer.joomla.org/security-centre/946-20240805-core-xss-vectors-in-outputfilter-strip-methods.html) - [CVE-2024-40747](https://www.cve.org/CVERecord?id=CVE-2024-40747) — [XSS vectors in module chromes](https://developer.joomla.org/security-centre/954-20250101-core-xss-vectors-in-module-chromes.html) - [CVE-2024-40748](https://www.cve.org/CVERecord?id=CVE-2024-40748) — [XSS vector in the id attribute of menu lists](https://developer.joomla.org/security-centre/955-20250102-core-xss-vector-in-the-id-attribute-of-menu-lists.html) ### Other vulnerabilities - [CVE-2024-27184](https://www.cve.org/CVERecord?id=CVE-2024-27184) — [Inadequate validation of internal URLs](https://developer.joomla.org/security-centre/941-20240801-core-inadequate-validation-of-internal-urls.html) - [CVE-2024-27185](https://www.cve.org/CVERecord?id=CVE-2024-27185) — [Cache poisoning in pagination](https://developer.joomla.org/security-centre/942-20240802-core-cache-poisoning-in-pagination.html) - [CVE-2024-21723](https://www.cve.org/CVERecord?id=CVE-2024-21723) — [Open redirect in installation application](https://developer.joomla.org/security-centre/926-20240202-core-open-redirect-in-installation-application.html) - [CVE-2024-21722](https://www.cve.org/CVERecord?id=CVE-2024-21722) — [Insufficient session expiration in MFA management views](https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html) - [CVE-2023-40626](https://www.cve.org/CVERecord?id=CVE-2023-40626) — [Exposure of environment variables](https://developer.joomla.org/security-centre/919-20231101-core-exposure-of-environment-variables.html) - [CVE-2024-40749](https://www.cve.org/CVERecord?id=CVE-2024-40749) — [Read ACL violation in multiple core views](https://developer.joomla.org/security-centre/956-20250103-core-read-acl-violation-in-multiple-core-views.html) ### eLTS bug-fix-for-bug-fix patches - Fixes in 3.10.19-elts that [repair broken code shipped in 3.10.18-elts](https://github.com/PhilETaylor/Joomla3.10.999/pull/12/files) - Fixes in 3.10.18-elts that [repair broken code shipped in 3.10.17-elts](https://github.com/PhilETaylor/Joomla3.10.999/pull/11/files) ## How patched files show up in audits After patching, your mySites.guru audit will flag the modified files as Core File Changes, because they *are* changes to the original 3.10.12 distribution. You can inspect every diff directly in the audit tool. ![File diff in mySites.guru](../../assets/img/blog/ScreenShot-2024-02-21-17.09.58-1024x700.webp) ![File diff detail](../../assets/img/blog/ScreenShot-2024-02-21-17.10.33-1024x323.webp) ## Files modified by the patch The tool patches 55 files: a mix of PHP files (the actual security fixes) and XML form definitions (tighter input validation). You need both. Changing the XML alone isn't enough. Full list of patched files (55 files) - administrator/components/com_config/model/form/application.xml - administrator/language/en-GB/en-GB.com_config.ini - components/com_content/views/archive/view.html.php - components/com_finder/views/search/view.html.php - components/com_search/views/search/view.html.php - libraries/src/Cache/Cache.php - libraries/src/Pagination/Pagination.php - administrator/components/com_banners/models/forms/banner.xml - administrator/components/com_categories/models/forms/category.xml - administrator/components/com_contact/config.xml - administrator/components/com_contact/models/forms/contact.xml - administrator/components/com_content/models/forms/article.xml - administrator/components/com_fields/models/forms/field.xml - administrator/components/com_menus/models/forms/item_alias.xml - administrator/components/com_menus/models/forms/item_component.xml - administrator/components/com_menus/models/forms/item_heading.xml - administrator/components/com_menus/models/forms/item_separator.xml - administrator/components/com_menus/models/forms/item_url.xml - administrator/components/com_menus/models/forms/itemadmin_alias.xml - administrator/components/com_menus/models/forms/itemadmin_component.xml - administrator/components/com_menus/models/forms/itemadmin_container.xml - administrator/components/com_menus/models/forms/itemadmin_heading.xml - administrator/components/com_menus/models/forms/itemadmin_url.xml - administrator/components/com_newsfeeds/models/forms/newsfeed.xml - administrator/components/com_tags/models/forms/tag.xml - administrator/components/com_users/models/user.php - administrator/language/en-GB/en-GB.lib_joomla.ini - administrator/templates/hathor/templateDetails.xml - administrator/templates/isis/templateDetails.xml - components/com_content/models/forms/article.xml - components/com_tags/views/tag/tmpl/default.xml - components/com_tags/views/tag/tmpl/list.xml - components/com_tags/views/tags/tmpl/default.xml - components/com_users/models/profile.php - components/com_users/views/login/tmpl/default.xml - components/com_wrapper/views/wrapper/tmpl/default.xml - includes/framework.php - libraries/cms/html/string.php - libraries/fof/download/adapter/cacert.pem - libraries/src/Form/Rule/UrlRule.php - libraries/src/Http/Transport/cacert.pem - libraries/src/Language/LanguageHelper.php - libraries/src/Uri/Uri.php - libraries/vendor/joomla/filter/src/InputFilter.php - libraries/vendor/joomla/filter/src/OutputFilter.php - modules/mod_custom/mod_custom.xml - modules/mod_wrapper/mod_wrapper.xml - plugins/user/profile/profile.php - templates/beez3/templateDetails.xml - templates/protostar/templateDetails.xml - components/com_privacy/controller.php - components/com_privacy/privacy.php - components/com_users/controller.php - components/com_users/users.php - modules/mod_menu/tmpl/default.php ## Why Joomla 3 still matters Joomla 3 is still everywhere. [W3Techs](https://w3techs.com/technologies/details/cm-joomla/3) shows version 3 running on the majority of Joomla installations, and Joomla's own [usage statistics](https://developer.joomla.org/about/stats.html) put 3.10.x at over 35% of reporting sites. ![Joomla version usage statistics](../../assets/img/blog/ScreenShot-2024-02-21-15.57.13.webp) ![Joomla usage statistics breakdown](../../assets/img/blog/ScreenShot-2024-02-21-16.02.58.webp) If you run a [digital agency](https://mysites.guru/), you already know: migrating clients from Joomla 3 to 4 or 5 takes budget, developer time, and client sign-off. That doesn't happen overnight, and the sites still need protecting in the meantime. ## The Joomla 3.10.999 Project The patches in mySites.guru come from the open-source [Joomla 3.10.999 project](https://github.com/PhilETaylor/Joomla3.10.999). That repo has every Joomla 3.10 version from 3.10.12 onwards, plus diffs for all patches released under the commercial eLTS programme. Same approach as the earlier [Joomla 1.5.999](https://github.com/PhilETaylor/Joomla1.5.999) and [Joomla 2.5.999](https://github.com/PhilETaylor/Joomla2.5.999) repos. It'll be maintained for as long as Joomla 3 sites exist. ## Stop patching files by hand If you're still running Joomla 3, stop tracking CVEs by hand. Add your sites to mySites.guru, flip the toggle, and get on with your day. [Start your free trial →](https://mysites.guru/pricing/) ## How to Hide Joomla Post Installation Messages URL: https://mysites.guru/blog/how-to-hide-joomla-post-installation-messages-on-1000-sites-with-one-click-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Dismiss Joomla post-installation messages on every connected site at once using the mySites.guru bulk action — no need to log into each site individually. One of the great features about Joomla is the **[Post Installation Message](https://docs.joomla.org/Help39:Components_Post_installation_Messages)**. However when you are [managing 1000s of Joomla sites](https://mysites.guru/blog/mysites-guru-surpasses-64000-connected-joomla-and-wordpress-sites/), it can be tiresome to silence these message and remove the notification in your Joomla admin console - **This is no longer a problem for [mySites.guru](https://mysites.guru/) subscribers! ** Lets start with some background on what we are talking about ## What is a Joomla Post Installation Message? Along with Joomla 3.2, a new feature called "[Post Installation Messages](https://docs.joomla.org/Help39:Components_Post_installation_Messages)" was added to Joomla. Post Installation Messages are used by the Joomla Project - and some extension developers - to convey important information to you after upgrading your Joomla Site or installing a Joomla extension. In the past they have been used to bring your attention to backward incompatible security changes, changes you need to manually make to your .htaccess, advice to enabled Two factor authentication etc... The messages are often dynamic and can make checks before showing. For example the Two Factor Authentication Post Installation Message will check to see if you have the plugins enabled before being shown. The idea is that you are meant to read, consume, understand and apply any suggestions in the Post Installation Messages - and then click to hide them forever (they remain in the database and can be "reverted" to show them again. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-10-09-at-22.23.07-1024x771.webp) ## So what is the problem mySites.guru solves? Well the above is great when you have one site or a few sites. However when you have [1000 Joomla sites to manage](https://mysites.guru/blog/mysites-guru-surpasses-64000-connected-joomla-and-wordpress-sites/) it can become tiresome to visit each site, review the messages and clear them after a Joomla update. [mySites.guru](https://mysites.guru/) already has tools to allow you to [manage 1000s of Joomla sites in one place](https://mysites.guru/blog/add-unlimited-joomla-and-wordpress-sites-to-mysites-guru/), to [backup](https://mysites.guru/blog/backup-all-your-joomla-wp-sites-easily-with-one-button-in-mysites-guru/), to [snapshot](https://mysites.guru/blog/snapshot-all-your-sites-with-one-click-at-mysites-guru-the-joomla-and-wordpress-control-panel/) and to [audit](https://mysites.guru/blog/security-audit-tools/) for [hacks](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) and [best practice](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) - and one of those tools will show you how many Post Installation Messages are unread. One of our tools will list your sites by this metric: ![ScreenShot 20.59.16](../../assets/img/blog/ScreenShot-2024-02-27-20.59.16-1024x808.webp) As you can see this account has loads of unread Post Installation Messages across many sites. ## One click - done! Lets click the green button.... ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-10-09-at-22.13.14-1024x674.webp) Twiddle my thumbs for a few seconds... ## The result - OK A nice clean list again - all Post Installation Messages have been hidden on all sites as requested! ![ScreenShot 21.01.20](../../assets/img/blog/ScreenShot-2024-02-27-21.01.20-1024x730.webp) ## Where do I find this? First you need to be a mySites.guru subscriber and join our [1000s of happy customers](https://mysites.guru/reviews/) already using mySites.guru on a daily basis to manage their Joomla and WordPress sites. [Our prices](https://mysites.guru/pricing/) are rock bottom and have not increased since 2012! You can even get your [First Month Free](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/)! https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/ *mySites.guru discount!* Once you are a subscriber you can then [add all your Joomla sites to your central dashboard](https://mysites.guru/blog/add-unlimited-joomla-and-wordpress-sites-to-mysites-guru/) - mySites.guru! Then, from the Manage Site page, find the Joomla Post Installation Messages tool: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-10-09-at-22.29.16-1024x108.webp) and then click on the Pivot Button that looks like this: ![ScreenShot 16.59.06](../../assets/img/blog/ScreenShot-2024-02-21-16.59.06-1.webp) ## Conclusion This was one of our most requested features soon after we started displaying this metric in the mySites.guru snapshot. The thing is, Joomla Post Installation Messages are a great feature, but once you have read them on one site, they are pretty much the same on all sites and people just ignore them after a while. With Joomla 4, there is even an alert in the admin console on **every page**! ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-10-09-at-22.21.28.webp) Now you can use mySites.guru to clear the flag on **all sites quickly and easily!** ## How to impersonate your mySites.guru team members URL: https://mysites.guru/blog/how-to-impersonate-your-mysites-guru-team-members/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Account owners can impersonate any team member inside mySites.guru to review their view and permissions without needing to share passwords. We recently announced [How To Manage Multiple Joomla And WordPress Sites With Your Whole Team](https://mysites.guru/blog/manage-multiple-joomla-and-wordpress-sites-with-your-whole-team/) and we have been amazed how you are using Team Management for your mySites.guru accounts. Today we gave Tim Davis, over at [Basic Joomla](https://www.basicjoomla.com/) Tutorials [YouTube channel](https://www.youtube.com/user/basicjoomla) an exclusive reveal of our next major feature in our Teams Management. > As the Team Captain (the person paying!) **You can now Impersonate your Team Members**, logging in as them, without their credentials, to access their account and see what they are seeing, then **Exit Impersonation** back to your own account without any login/logout! Awesome! Find out more by watching this introduction video by [Tim](https://twitter.com/basicjoomla) on his [Basic Joomla Tutorials Channel](https://www.youtube.com/channel/UCjdzrGX4xpJ_9PAfUuNDC4A) https://www.youtube.com/watch?v=3z1xGCJyDjI For even more indepth look at the Teams Management features you can watch this other video by Tim: https://www.youtube.com/watch?v=gKDoH63uJFo ## How to get mySites.guru for free - for a whole month! URL: https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Sign up for any mySites.guru subscription and cancel before the end of your first month to use the full service completely free for 30 days. mySites.guru costs [£19.99/month](https://mysites.guru/pricing/), the same price since 2012, with no per-site fees. But I'd rather you try it properly before paying anything. The free trial only covers a single audit of one site. A few of you have asked for a way to test the rest of it: bulk updates, security scans, uptime monitoring, backups. So here it is. Use this plan code when you subscribe and you won't be charged until next month. Full access, unlimited sites, everything included. ✂️ FIRSTMONTHFREE You are starting an auto-renewing subscription though. You'll need to enter payment details. No risk: Cancel before your renewal date and you won't be charged a penny. If you don't cancel, your subscription renews at the standard rate of £19.99/month. Here's how to get started: 1. Log in to [mySites.guru](https://manage.mysites.guru) 2. Go to the Subscribe page 3. Enter the plan code FIRSTMONTHFREE and click **Apply Code** 4. Review the proposed plan 5. Click [Subscribe now](https://manage.mysites.guru/en/subscribe?plancode=FIRSTMONTHFREE) 6. Enter your payment card details 7. Done — welcome on board! Questions? Drop me a line at [phil@phil-taylor.com](mailto:phil@phil-taylor.com) and I'll get back to you quickly. ## How to fix a hacked Joomla or WordPress site URL: https://mysites.guru/blog/how-to-fix-a-hacked-joomla-or-wordpress-site-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Step-by-step guide to identifying and cleaning hacked files on Joomla or WordPress using the mySites.guru suspect content audit and Phil Taylor's professional fix service. So it happened. Your site was finally hacked. Dont panic. #### BACKUP! (Dont Restore)! Do it now. [Backup your site](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/). Even if its hacked. Backup right now. Done? ok. Next, you will read some "Experts" talk about restoring your site from the last clean backup - **this should only ever be done as a last ditch attempt**! By restoring you are wiping away crucial evidence, details that someone like me with experience can use to understand how you were hacked in the first place. By restoring you wipe the slate clean, but** re-introduce the same** security hole that allowed you to be hacked in the first place! #### Out of your depth? Out of time? Just want an expert fix? > *tl:dr; - If you are looking for an expert to "just fix" your site for you, for a small one time set fee (and non-subscribers get a month of mySites.guru for FREE), then please visit [https://fix.mysites.guru/](https://fix.mysites.guru/) and submit a request. For as little as GBP88.00 set fee Phil will fix your site and give it all the love it needs, handing it back to you cleaned, upgraded, locked down and secure.* Here are mySites.guru we have a unique set of tools to help you manage and maintain, backup and secure your site. You can discover what is really happening under the bonnet of your homepage, as we check each and every line of code in your webspace. Continue reading to see some of these tools highlighted. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-10-11-at-12.50.39-1024x129.webp) Ok back to the unique tools at mySites.guru, the first we want to mention is our most popular tool,** the suspect content tool.** ### Discover suspect content in your files After your site has been audited by our platform, you can find the suspect content tool in the "Hacked?" section of your "Audit" Tab for the site. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-10-11-at-12.22.38-1024x210.webp)*Manage Site -> Audit Tab -> Hacked Section, first tool in that section* Clicking on the **"Investigate"** button will take us to the unique tool for this check, it will load the list of files in realtime from your website and display: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-10-11-at-12.26.09-1024x141.webp) The tool will show you the *file path, file name, the last modified date, size, permissions* and provide a **tool to edit the file**, another to **view the suspect content matches**, and a **tool to delete the whole file**. If you click on the filename, then the platform will go to your site and retrieve the file, and then match the suspect content found against our pattern matching, and display the lines in the file that look suspect to us: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-10-11-at-12.29.15-1024x222.webp)*An example hacked file* ### Revert core Joomla/WP Files As you can see above, the index.php file in this example has 2 lines of suspect content in it. You can now edit those lines out, but wait... this brings us to another tool... if we go back to the Audit tab, the very first tool is the **Changes To Core Joomla Files Should Be Avoided** check, clicking investigate next to that gives us a list of the core (Joomla in this instance) files that have been modified since they were released... If we find the index.php and click it in that tool, we get an amazing diff of all the changes, in line, with the original file on the left and your modified files on the right ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-10-11-at-12.34.45-1024x415.webp) Using the blue arrow, we can, with a single click, restore the ORIGINAL file that would have been distributed with Joomla, thus overwriting the hacked file and reverting all changes back to original - simple. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-10-11-at-12.35.52.webp) ### Other file based tools So far we have only used two of the tools in the audit, there are many more! For example. Here are a few more of the tools: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-10-11-at-12.38.48-1024x931.webp) As you can see, each one of these tools helps you investigate the changes on your site and gives clarity to the state of your webspace. Not all suspicious files are hacked files — some are simply [hidden dot-files you didn't know were there](https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/), left behind by tools, installers, or your hosting provider. If you work though all the tools, you can start to bring your site back from being hacked to being clean and secure again. These are **just two tools** out of the huge list of unique tools we have at mySites.guru for fixing your hacked Joomla and hacked WordPress sites. ### Add all your sites and get alerts You can add **unlimited sites **to your account and run **unlimited backups, snapshots and audits **anytime you like - this way you can watch for changes and be alerted when things change, automatically. We also monitor a list of files (you can configure this list further) where we [monitor in realtime](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/) (on every page load) if the files have been modified, and if they are we will inform you by email. Realtime change notifications is yet another excellent feature of mySites.guru that Im not going into here :-) > A little technical ability is needed to fix a hacked site, but without great tools such as these, the task would be impossible! > > BE SURE TO BACKUP YOUR SITE BEFORE MAKING CHANGES ## How to manage any PHP Application with mySites.guru URL: https://mysites.guru/blog/how-to-manage-and-monitor-any-php-application-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites mySites.guru works with any PHP-based web application, not just Joomla and WordPress — connect generic PHP sites to get audits, snapshots and alerts. You read that right, you can now **add, manage, audit, backup and monitor any webspace that can run PHP! ** [mySites.guru](https://mysites.guru/) is most known for allowing agencies and developers to [manage multiple Joomla and WordPress sites](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/), well now you can add any webspace that can run PHP. We so that well with [over 67,000 sites already connected](https://mysites.guru/blog/67000-joomla-and-wordpress-sites-trust-mysites-guru-for-their-update-management/) to our platform! This means you can add Drupal Sites, Prestashop, Magento, etc to [mySites.guru](https://mysites.guru/) and use our powerful toolset to [Audit](https://mysites.guru/blog/security-audit-tools/), [Manage](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/), [Backup](https://mysites.guru/blog/backup-all-your-joomla-wp-sites-easily-with-one-button-in-mysites-guru/), and [Monitor](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/) your sites ## Connect your sites to mySites.guru today and manage them in one place! Using the [connect another site wizard](https://mysites.guru/blog/add-unlimited-joomla-and-wordpress-sites-to-mysites-guru/) you can select, and download our PHP Application (Connector) for Generic sites, and upload that to the /bfnetwork on your server You can then provide us with some database connections (we use a database to store the audit cache) and then we are connected! ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2021-08-14-at-19.07.59-1024x820.webp) ## So what kind of tools are available for Generic PHP sites? You get the same award winning suite of tools you get when you connect unlimited Joomla and WordPress sites to mySites.guru !! This includes the snapshot, the [full audit](https://mysites.guru/blog/security-audit-tools/) - which looks at every single line of every single file in your webspace, looking for hacks, and malicious code, revealing ancient, historic and recent hacks with [our suspect content tools](https://mysites.guru/blog/how-to-fix-a-hacked-joomla-or-wordpress-site-with-mysites-guru/)! You can connect [Akeeba Backup Solo](https://www.akeeba.com/products/akeeba-solo.html) and use mySites.guru to [trigger periodic backups](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) of your webspace, even push them (using [Akeeba Backup Solo Professional features](https://www.akeeba.com/products/akeeba-solo.html)) to remote services like Dropbox and sFTP! ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2021-08-14-at-19.14.38-1024x823.webp) ## Uptime Monitoring - free with every site added! We no longer use [UptimeRobot](https://uptimerobot.com), long story, **but now we provide a [FREE Uptime Monitor](https://mysites.guru/blog/monitor-your-sites-uptime-with-mysites-guru/)** - powered by our own monitoring engine for each site you add to mySites.guru We will alert you when your site is offline, and when it responds again. We also keep a log of your response times so you can see any recent performance issues... ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2021-08-14-at-19.16.21-1024x533.webp) ## Backups - Powered by Akeeba Backup SOLO Professional You have heard of [Akeeba Backup for Joomla](https://www.akeeba.com/products/akeeba-backup.html) right? Well did you know that the same powerful backup engine is also available for standalone webspace without Joomla or WordPress? Its called [Akeeba Backup SOLO](https://www.akeeba.com/products/akeeba-solo.html) and can be fully integrated to [provide scheduled backups through mySites.guru](https://mysites.guru/blog/schedule-your-security-audits-updates-backups-for-your-site-with-mysites-guru/) ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2021-08-14-at-20.36.54-1024x585.webp) ## How to Manage Multiple WordPress Sites Like a Pro URL: https://mysites.guru/blog/how-to-manage-multiple-wordpress-sites-like-a-pro/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Practical tips for managing multiple WordPress sites efficiently, covering centralised dashboards, backup strategies, security hardening and team workflows. Once you're past about five WordPress sites, the cracks start showing. You forget which ones you've updated, backups slip, and you only find out about a security issue when a client asks why their site is redirecting to a pharmacy. Here's what actually works when you're managing lots of sites, based on over a decade of doing this myself. ## Get everything into one dashboard Logging into each site individually is the first thing that has to go. You need a single place that shows you update counts, security status, and uptime across every site. [mySites.guru](https://mysites.guru/) does this for unlimited WordPress, Joomla, and PHP sites at a flat monthly price. There are other options like ManageWP and MainWP too, but they tend to charge per site, which gets expensive fast when you're managing hundreds. Whatever you pick, stop using browser bookmarks as your "management system". ## Backups: automate them or they won't happen Manual backups don't happen. Everyone says they'll do them weekly, nobody actually does. Set up [automated backup schedules](https://mysites.guru/blog/unlimited-backup-schedules/) and forget about them. mySites.guru lets you [schedule backups across thousands of sites](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) using Akeeba Backup or All-In-One Migration. The important bit: test your restores occasionally. A backup you've never tested is just a file that makes you feel better. ## Updates: do them, but do them in bulk [Outdated plugins](https://mysites.guru/blog/wordpress-plugin-vulnerability-alerting/) are the number one way WordPress sites get hacked. That's not opinion, it's what I see across the 64,000+ sites connected to mySites.guru. [Bulk updates](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) let you push plugin, theme, and core updates to every site at once. You still need to pay attention to what you're updating, especially major version jumps, but the days of clicking "Update" on each site individually should be behind you. ## Security goes deeper than a plugin Installing Wordfence is fine, but it's surface-level. Real security means [scanning every file in your webspace](https://mysites.guru/blog/security-audit-tools/) for things that shouldn't be there: [backdoors, injected code, modified core files](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/). You also want [real-time alerts](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/) when files change unexpectedly or someone logs into an admin panel. Finding a hack three months after it happened is significantly worse than catching it the same day. [Security headers](https://mysites.guru/blog/check-your-websites-security-headers-with-mysites-guru/) and [SSL certificate monitoring](https://mysites.guru/blog/keep-an-eye-on-your-joomla-and-wordpress-ssl-certificate-expirations-with-mysites-guru/) are easy wins that most people skip. ## Teams need their own logins If your whole agency shares one mySites.guru login, or worse, one WordPress admin password across all client sites, stop. Give everyone [their own account](https://mysites.guru/blog/manage-multiple-joomla-and-wordpress-sites-with-your-whole-team/) with appropriate permissions. It's free with mySites.guru and means you can actually see who did what. ## Audit your sites regularly Not just for SEO. Check for [best practice issues](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/), PHP version compatibility, [disk space warnings](https://mysites.guru/blog/about-the-disk-space-warnings-in-mysites-guru/), and stale content. The mySites.guru [snapshot runs over 100 checks](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) on each connected site, twice a day. You can also [run a free audit](https://mysites.guru/free-audit/) right now to see what it finds. ## The short version Get a proper dashboard, automate your backups, update in bulk, scan deep for security issues, and give your team their own access. That's it. None of this is complicated. The hard part is actually setting it up instead of telling yourself you'll get to it next week. ## Upgrade 100s of Sites from One Dashboard URL: https://mysites.guru/blog/how-to-mass-upgrade-joomla-and-wordpress-sites-from-one-dashboard/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Run core and extension updates across hundreds of Joomla and WordPress sites simultaneously from the mySites.guru dashboard, with per-site success notifications. One of the most popular reasons for being able to [add multiple (unlimited!) Joomla and WordPress sites in a single dashboard](https://mysites.guru/), is the ability to **upgrade the core Joomla and WordPress versions with the minimal of fuss** - and clicks! With the **Ultimate Toolset** from mySites.guru you can mass upgrade Joomla and WordPress sites with ease! In this blog post we will show how quick and simple it is to upgrade unlimited sites in one go, from your [mySites.guru](https://manage.mysites.guru/en/register) [account](https://manage.mysites.guru/en/register), with zero downtime and no fuss. Just: - Backup - all sites in one go. - Upgrade - all sites in one go. - Run post update tests and Audit with mySites.guru *With Zero Downtime.* **Done. ** Simple eh? ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-11-03-at-18.58.21.webp) So lets take a look at how we achieve this in [mySites.guru account](https://manage.mysites.guru/en/register), with some randomly named sites. In the left menu, after login, you can see how many [Core Updates](https://manage.mysites.guru/en/sites/coreoutofdate) are needed, in this case 15 sites need an update (Gulp and [59 plugins/extensions need updating](https://manage.mysites.guru/en/updates/), but let's ignore that haha) Next, lets Backup multiple sites in one go by visiting the [Scheduled Backups page](https://manage.mysites.guru/en/backups/#schedules), and then the [schedules tab](https://manage.mysites.guru/en/backups/#schedules). For [Joomla](https://joomla.org), we use the multi-award winning [Akeeba Backup](https://mysites.guru/blog/unlimited-backup-schedules/) for Joomla, (Free/Core, or [Paid/Professional](https://www.akeeba.com/subscribe/levels.html), it doesn't matter). On this page we can see when the last backup was, we can click to backup one site at a time, or we can use the "Start Backup Of All Sites" button. ![Recent mySites.guru backups for WordPress and Joomla](../../assets/img/blog/ScreenShot-2024-01-29-21.19.25-1024x413.webp) We don't need to hang out on the page, as the backups are queued and run in the background of the service. Once we are happy we have backups, we can move on to upgrading the sites *(Be sure that you periodically TEST your backups, an untested backup is worthless)* Using the "[Mass Upgrade Sites](https://manage.mysites.guru/en/upgrade/sites/en-masse)" tool we can collect the upgrade paths from our sites, this take a few seconds to ask your site what your site wants to upgrade to. We can then select individual sites, or click "Select All" to upgrade all the sites, then press the large green button - and go grab a coffee. ![Mass Upgrade Sites To The Latest Version](../../assets/img/blog/ScreenShot-2024-01-29-21.20.46-1024x633.webp) Each upgrade is queued in the background, and you are taken to the status page where you can watch the sites upgrade before your very eyes! (Or listen of the success ping sounds!) You can select small batches of sites, or select all your sites - up to you (and your risk appetite) - we queue all updates and run them as fast as we (and your servers) can. Once your sites are upgraded, you can then [run a new backup](https://manage.mysites.guru/en/backups/), or [start an audit](https://manage.mysites.guru/en/audits/#scheduleaudits) of the site to collect the latest information from the site. You can even [remove the fluff from Joomla sites automatically](https://mysites.guru/blog/how-to-automatically-remove-fluff-files-after-joomla-updates/)! Simple eh? - with just a few clicks you can [upgrade multiple Joomla/WordPress sites](https://mysites.guru/features/) in seconds saving you time (and therefore money) and ensuring that you are fully up to date with the [latest releases of Joomla](https://downloads.joomla.org/latest) and [WordPress](https://wordpress.org) at all times - that's right, although this blog post used Joomla as an example, the procedure is the same for WordPress sites (that are not using built in auto-upgrades powered by WordPress themselves). **BONUS**: If you are too busy to upgrade your sites yourself,[ you can add UNLIMITED Team Members to your mySites.guru accoun](https://mysites.guru/blog/manage-multiple-joomla-and-wordpress-sites-with-your-whole-team/)t, and tell/ask/demand them to upgrade the sites for you! ## Test Site Performance With Lighthouse URL: https://mysites.guru/blog/how-to-test-your-site-performance-with-lighthouse-audits-in-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Run Google Lighthouse performance audits against any of your connected Joomla or WordPress sites directly from within the mySites.guru dashboard. **We no longer provide built-in Lighthouse Performance Audits.** Google's Lighthouse tooling has matured to the point where it no longer makes sense for us to wrap it as a micro-service. You can run the same audits directly through the official [PageSpeed Insights](https://pagespeed.web.dev/) service from Google — it's free, always up to date, and gives you the full Lighthouse report. ## Install Extensions to Multiple Joomla Sites URL: https://mysites.guru/blog/how-to-install-an-extension-to-multiple-joomla-sites-at-once/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Push a Joomla extension install to hundreds of sites simultaneously from the mySites.guru dashboard, with full success and failure notifications per site. When you want to install an extension across multiple Joomla (or WordPress!) sites in one go, you can use the mySites.guru Mass Installer Tool ## Mass plugin installer for Joomla and WordPress Here is a quick video explaining this tool from [Tim Davis of Basic Joomla](https://www.youtube.com/@Basicjoomla) https://www.youtube.com/watch?v=YHgTJ2DYOe8 *Note this was filmed before the 2024 refresh of the mySites.guru interface. Some screens and menus differ.* ## How to install or update a Joomla! extension You can use mySites.guru to [mass install Joomla extension](https://mysites.guru/blog/install-a-joomla-extension-or-wordpress-plugin-to-1000-sites-with-ease-using-mysites-guru/) zip file to hundreds of your connected sites right from your mySites.guru account, ## How to install a WordPress Plugin to manage sites Again, you can use mySites.guru to [mass install WordPress plugin](https://mysites.guru/blog/install-a-joomla-extension-or-wordpress-plugin-to-1000-sites-with-ease-using-mysites-guru/) to 1000s of [connected WordPress](https://mysites.guru/blog/manage-multiple-wordpress-sites/) sites all in one go. ## Steps to Mass Installing WordPress Plugin (or Joomla) 1 - Upload a plugin zip file or provide the url you want us to use ![Upload a plugin zip file or provide the url you want us to use](../../assets/img/blog/ScreenShot-2024-02-18-23.31.13-1024x670.webp) 2 - Select the sites you want us to [mass install Joomla extension](https://mysites.guru/blog/install-a-joomla-extension-or-wordpress-plugin-to-1000-sites-with-ease-using-mysites-guru/) to ![ScreenShot 23.32.05](../../assets/img/blog/ScreenShot-2024-02-18-23.32.05-1024x554.webp) ## Sit back and relax - mySites.guru will then install the zip to your sites mySites.guru will then install the plugin on all the selected sites, with no more interaction needed. Sit back and relax. Go grab a coffee if you like, we will be finished before the kettle boils! ![Relax](../../assets/img/blog/relax.webp) ## Auto-Upgrade 1000s of Plugins & Extensions URL: https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Automatically upgrade Joomla core, extensions, WordPress core and plugins across thousands of sites from a single mySites.guru dashboard. Here on our blog we have already talked about [how to setup automatic updates for any Joomla plugin](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/), how to [automatically remove fluff files](https://mysites.guru/blog/how-to-automatically-remove-fluff-files-after-joomla-updates/) after [Joomla updates](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/) and we have talked about how to [manage your extensions/plugins with mySites.guru](https://mysites.guru/blog/manage-all-your-joomla-sites-extensions-with-mysites-guru/), and lastly we talked about how to mass [upgrade Joomla](https://mysites.guru/blog/how-to-mass-upgrade-joomla-and-wordpress-sites-from-one-dashboard/) and WordPress, from one dashboard, within seconds - today we bring all these together. ## Mass Upgrade Joomla and WordPress Sites from One Dashboard. Using mySites.guru you can select all your out of date Joomla or WordPress and sites, literally with a single click of "select all" and then a click on "Start Upgrades For Selected Sites... " and then go make a coffee! We will take care of your sites, adding them to our upgrade queue, downloading the relevant upgrade path distributed zip file, extracting the files on your server, and running any post install tasks (including [removing fluff](https://mysites.guru/blog/how-to-automatically-remove-fluff-files-after-joomla-updates/) in Joomla if you ask) You can select one site or a hundred sites from your list - makes no difference to us, we will just upgrade any you select! ![Mass Upgrade Sites To The Latest Version using mySites.guru](../../assets/img/blog/ScreenShot-2024-02-02-18.07.29-1024x652.webp)*Mass Upgrade Sites To The Latest Version using mySites.guru* ## How to have Joomla Extension Updates automatically upgrade when available A cool feature of mySites.guru is that you can select any of your update site streams to be enabled for auto updates. This means that, for example, if you have [Akeeba Backup Extension installed](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/), and auto-updates enabled, as soon as a new [Akeeba Backup](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) version is released by the developer, the mySites.guru system will automatically queue an update of Akeeba on your site. You can opt in for this on a per site basis, or on all sites with Akeeba installed. This applies to ANY Joomla extension! ![auto-update in Joomla extensions in mySites.guru](../../assets/img/blog/ScreenShot-2024-02-02-18.08.40-1024x468.webp)*auto-update in Joomla extensions in mySites.guru* ## View and apply WordPress Plugin Updates on any site Using the Manage Site page in mySites.guru, you can view any available plugin updates for WordPress (or Joomla), you can read the release information from the developer and apply the update with a single click! Being able to see the version you have (in red) and the version available (in green) you can make informed decisions about your upgrade path ![WordPress Updates on a site in mySites.guru](../../assets/img/blog/ScreenShot-2024-02-02-18.10.09-1024x541.webp)*WordPress Updates on a site in mySites.guru* ## Important Items Left Menu The mySites.guru left menu also gives you an overview of how many upgrades and updates, and core upgrades are needed to keep your sites safe and secure and following best practice. ![The mySites.guru left menu](../../assets/img/blog/ScreenShot-2024-02-02-18.11.09-348x1024.webp)*The mySites.guru left menu* ## Conclusion As you can see, there are many ways in mySites.guru to keep your Joomla and WordPress sites up to date and secure by applying updates in a centralized and single dashboard. You can also run post upgrade tasks such as removing fluff files and view the version upgrade path your sites will take before you commit to the upgrades. ### BONUS: Backup before any upgrade with mySites.guru Using the [built in support for Akeeba Backup & All-In-One Migration Plugi](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/)n (for WordPress) you can quickly and easily take a backup of your site using the [backup features in your account](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) before making changes such as updates. You can control these backups and even[ start a backup of ALL SITES](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) in one go should you desire (Although this puts load on your server for a small time) ![Recent Backups, Schedules and Backup Plugin Connection Status Page in mySites.guru](../../assets/img/blog/ScreenShot-2024-02-02-18.11.59-1024x623.webp)*Recent Backups, Schedules and Backup Plugin Connection Status Page in mySites.guru* ## Install Extensions to 1000+ Sites at Once URL: https://mysites.guru/blog/install-a-joomla-extension-or-wordpress-plugin-to-1000-sites-with-ease-using-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Install any Joomla extension or WordPress plugin across 1,000 sites in one go using the mySites.guru bulk install tool — no SSH or FTP needed. How do I mass Install Joomla Extension/WP Plugin to 1000 of sites? Using mySites.guru you can **upload the same plugin to UNLIMITED SITES! ** One of the unique tools at mySites.guru is the ability to mass install Joomla Extensions, Plugins, Modules, Template and [Manage WordPress Plugins from a central dashboard](https://mysites.guru/). Using this feature you can push an important update manually, [upgrade something across all your sites at the same time](https://mysites.guru/blog/how-to-mass-upgrade-joomla-and-wordpress-sites-from-one-dashboard/). The mySites.guru [mass plugin installer](https://mysites.guru/blog/how-to-install-an-extension-to-multiple-joomla-sites-at-once/) can help here! ## Where do I find this tool? You can find the Mass Package Installer in main tool finder in mySites.guru - just search for it! ![ScreenShot 23.30.39](../../assets/img/blog/ScreenShot-2024-02-18-23.30.39-1024x696.webp) Simply upload a Zip file - or provide a URL direct to a hosted zip file in step one: ![ScreenShot 23.31.13](../../assets/img/blog/ScreenShot-2024-02-18-23.31.13-1024x670.webp) Secondly, select one, two, or all (UNLIMITED) sites on which to install this package from your list of connected Joomla and WordPress sites ![ScreenShot 23.32.05](../../assets/img/blog/ScreenShot-2024-02-18-23.32.05-1024x554.webp) Then click "Install Extension On Selected Sites"... grab a coffee... In the background we will queue a job for each site, and run as fast as we can to install the plugin/extension on all your selected sites. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-28-at-06.42.07-1024x220.webp) Done! ### Bonus: Use the extensions filter to find sites to select For example. Lets say you wanted to install Akeeba Backup on all sites that already have Akeeba Backup Old version installed. You can use the Joomla Extensions feature in mySites.guru to find Akeeba: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-28-at-06.43.53-1024x514.webp) and then click "filter by these" button to be redirected to the Mass Package Install Page with the sites that have Akeeba installed on them pre-selected: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-28-at-06.44.55-1024x241.webp) Watch a video on How to Install One Extension to Multiple Joomla Sites at Once https://www.youtube.com/watch?v=YHgTJ2DYOe8 ## Integrate mySites.guru to Alfred Workflow on Mac URL: https://mysites.guru/blog/integrate-mysites-guru-to-alfred-workflow-on-mac/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites How to integrate mySites.guru with Alfred on macOS so you can jump straight to any connected site's management page from your keyboard. You can now [install our Alfred Workflow](https://manage.mysites.guru/mySites.alfredworkflow), and get quick easy access to all your sites within mySites.guru! ## Wait! What is Alfred? Why should I use it? [Alfred](https://www.alfredapp.com) is an award-winning app for macOS which boosts your efficiency with hotkeys, keywords, text expansion and more. Search your Mac and the web, and be more productive with custom actions to control your Mac. Seriously, if you are using a Mac Computer you should be using Alfred. I have mine mapped to CMD+SPACE and just by hitting that keyboard combination I get instant access to so many features Check out the Mac app - for FREE - at[ https://www.alfredapp.com](https://www.alfredapp.com) ## What is a Alfred Workflow? A workflow can be thought of as a plugin or extension. It adds additional functionality to Alfred. You need the [Alfred PowerPack](https://www.alfredapp.com/powerpack/) to use workflows which is £34 (or £59 lifetime) but its still totally worth it, for the productivity you will gain. Its also very addictive to create your own workflows and power up your productivity to new levels - how do you think I work so fast? haha. https://youtu.be/qP0ORBgDHr8 ## How to integrate mySites.guru with Alfred Simple. - Once you have Alfred and the Powerpack enabled, just [download our Workflow](https://manage.mysites.guru/mySites.alfredworkflow) - press your Alfred shortcut (Mine is CMD+SPACE) and then type "my" (without the quotes) then a space - Instantly you will see a list of menu items you can choose - Select an item and hit enter and your browser will load that page! ## Full Integration with YOUR account. Furthermore, you can enable public pages in your mySites.guru account, to obtain a token. A token is just a string like **smk4md33zf223efmg6y3bgbbo7mmeu63** *(demo token, not real!)* You do that on the Public Site Screenshots page https://manage.mysites.guru/en/sites/screenshots This token can then be configured in the workflow (Edit the workflow in Alfred, and paste the token in the place of the placeholder ENTER_TOKEN_HERE in the script), and will give you access to MORE features, such as listing all your sites in the Alfred search, and allowing you to jump direct to the Manage Site page for a site, making getting to the right place as simple as the following keystrokes (for a site called mySites.guru) ``` CMD+SPACE my SPACE mys ENTER ``` that's all I type to get to the Manage Site page for mySites.guru site in my mySites.guru account ha! The "mys" filters the site list. Prefer Raycast over Alfred? We built a [Raycast extension](https://mysites.guru/blog/mysites-guru-raycast-extension-for-mac/) too. ## Joomla 5 Technical Requirements — PHP, MySQL & MariaDB Versions You Need (2026) URL: https://mysites.guru/blog/joomla-5-technical-requirements-check/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Check if your server meets Joomla 5's minimum requirements: PHP 8.1+, MySQL 8.0.13+, or MariaDB 10.4+. See the full compatibility matrix and scan all your sites at once. [Joomla 5.0.0](https://downloads.joomla.org/cms/joomla5/5-0-0) was released in October 2023, and it introduced a new strict [joomla technical requirements](https://manual.joomla.org/docs/next/get-started/technical-requirements/) minimum of **MySQL 8.0.13, MariaDB 10.4.0 and PHP 7.2.5** The mySites.guru tool for [Joomla 5 Technical Requirements - Hosting Check](https://manage.mysites.guru/en/tools/joomla5/compatibility) is a feature of the [subscription at mySites.guru](https://mysites.guru/pricing/) These versions should be very un-controversial, however [it quickly became apparent](https://forum.joomla.org/viewtopic.php?t=1004735) that some incompetent and incumbent web hosts, [such as SiteGround, did not provide MySQL 8 and refused to give timeframes on when they would migrate their hosting services to support MySQL 8](https://world.siteground.com/blog/new-mysql-setup/) - This is not a SiteGround[1](#8627da4e-36da-4f61-ab6f-54e1a21489b1) bashing blog post per se. But as a webhost that used to officially support the Joomla project - and still (Feb 2024) has no planned date for MySQL 8 its a very very sad state. You can [see in the comments of their article here](https://world.siteground.com/blog/new-mysql-setup/) that they still dont have a date for MySQL 8 support - seems they want to force an upgrade, rather than provide a standalone MySQL 8 service which they could do in a single day if needed... strange. Joomla admins were eager to upgrade from Joomla 4 to Joomla 5 with mySites.guru, and even manually, but were hit by this road block. Over the coming months, other web hosts would also declare they had no urgent plans to implement MySQL in their mass hosting packages and so mySites.guru customers started asking for a tool to identify the hosting specifications of the sites connected in their mySites.guru account. ## What does the Joomla project say? Not much [other than this page](https://downloads.joomla.org/technical-requirements) (which ironically says nothing now, and just redirects you to check out [https://manual.joomla.org/docs/next/get-started/technical-requirements/](https://manual.joomla.org/docs/next/get-started/technical-requirements/) which is part of their "incomplete" new documentation site. The Joomla project published a rebuttal post in November 2023 entitled "[Embracing Change: Why Joomla 5’s Requirement for MySQL 8 is a Leap Forward…](https://magazine.joomla.org/all-issues/november/joomla-5-mysql8-requirement)" in that article that acknowledge that users face challenges upgrading to Joomla 5 due to hosting limitations with MySQL 8. The comment on this article from famous [Nicholas from Akeeba](https://magazine.joomla.org/all-issues/november/joomla-5-mysql8-requirement#comments) states: > Recommending MySQL 8.1 is extremely premature [...] The MariaDB support should’ve also been bumped [...] I think going for 8.0 instead of 5.7 when neither Joomla! uses any new features in MySQL nor do third parties are ready for this change was a mistake [...] More caution should be exercised when changes like that are decided > > > [Nicholas K. Dionysopoulos](https://magazine.joomla.org/all-issues/november/joomla-5-mysql8-requirement#comments) on Tuesday, 21 November 2023 14:25 Make of that whatever you will. This blog post is not arguing the toss who is right or who is wrong, it is a post about the Joomla 5 Technical Requirements Checker at mySites.guru ## PHP, MySQL, Update Information at a glance The mySites.guru tool for [Joomla 5 Technical Requirements - Hosting Check](https://manage.mysites.guru/en/tools/joomla5/compatibility) is a feature of the [subscription at mySites.guru](https://mysites.guru/pricing/) - no additional charge was made and this new feature added for free into all account. ## Where to find the Joomla 5 Technical Requirements tool in mySites.guru? You can get to the tool quickest by [invoking the command palette](https://mysites.guru/blog/our-command-palette-navigation-with-cmdk/) with [cmd k](https://mysites.guru/blog/our-command-palette-navigation-with-cmdk/) (or ctrl k on windows/linux) and typing "Joomla 5" or "compat" to filter the commands and then enter. This will take you direct to the [Joomla 5 Technical Requirements tool](https://manage.mysites.guru/en/tools/joomla5/compatibility) ![Joomla 5 Technical Requirements Checker at mySites.guru](../../assets/img/blog/ScreenShot-2024-02-05-17.39.43-1024x734.webp)*The mySites.guru command palette - filtered by Joomla 5* An even quicker way is to just press c 5 on the keyboard (that is lowercase c and then the number 5) - that is the [keyboard shortcut](https://manage.mysites.guru/en/help/keyboardshortcuts) to the page in mySites.guru!! The direct url is: [https://manage.mysites.guru/en/tools/joomla5/compatibility](https://manage.mysites.guru/en/tools/joomla5/compatibility) (Obviously you need to be logged in for that to work) ## Joomla 5 Technical Requirements - Hosting Check Here is a preview of the dashboard for the the Joomla 5 Technical Requirements - Hosting Check in mySites.guru ![ScreenShot 17.44.13](../../assets/img/blog/ScreenShot-2024-02-05-17.44.13-1024x792.webp) As you can see the tool clearly lists all your Joomla 4 and Joomla 5 sites, along with the currently installed Joomla version, the web server hostname, the update channel enabled, and the server hosting PHP version and Database type (MySQL or MariaDB) and version number. If your PHP or Database Server meets the MINIMUM this will be highlighted with Yellow The MINIMUM Joomla 5 Technical Requirements are: **PHP 8.1.0, MySQL 8.0.13 or MariaDB 10.4.0.** If your PHP or Database Server meets the RECOMMENDED this will be highlighted with Green The RECOMMENDED Joomla 5 Technical Requirements are: **PHP 8.2+, MySQL 8.1+ or MariaDB 11.1+** If your PHP or Database Server doesn't meet the MINIMUM technical requirements this will be highlighted with Red ![Joomla 5 Technical Requirements Checker at mySites.guru showing the PHP and MySQL versions](../../assets/img/blog/ScreenShot-2024-02-05-17.57.33-877x1024.webp) ## What is the update channel? **[Joomla has 3 main update channels](https://docs.joomla.org/Help310:Components_Joomla_Update_Configuration)** - the **Default**, **Joomla Next **and **Testing**. It is **highly recommended that you leave your production websites on the default setting** - this will prevent you accidentally applying major updates to Joomla core. Joomla "Next" channel allows to switch between major releases. From 4 to 5 to 6 for example. Testing is as its name suggests. For use in testing releases prior to release by experienced developers. ## Joomla 5 Minimum Technical Requirements The [absolute minimum versions that can be installed](https://manual.joomla.org/docs/next/get-started/technical-requirements/) on a server to run Joomla 5 are: - PHP 8.1.0 (also standard modules like json, simplexml, dom, gd, mysqlnd needed) - MySQL 8.0.13 or MariaDB 10.4.0 - This article (and most of the Joomla Community!) ignore the Postgres compatibility as not many people use that database server. ## Joomla 5 Recommended Technical Requirements. The [RECOMMENDED versions to be installed to run Joomla 5](https://manual.joomla.org/docs/next/get-started/technical-requirements/) are "the latest PHP version and the latest MySQL/MariaDB" version - haha - but no seriously, there is no reason to be not running the latest versions of PHP in 2024! The ["official" recommended is PHP 8.2 and MySQL 8.1/MariaDB 11.1.0](https://manual.joomla.org/docs/next/get-started/technical-requirements/) - but of course over time these will probably increase - for example at the time of writing this PHP 8.3.2 is the latest PHP version available, and PHP 8.2 series will only be in "active support" for another 10 months, and [will become end of life on 8th December 2025](https://www.php.net/supported-versions) see [https://www.php.net/supported-versions](https://www.php.net/supported-versions) for full PHP details. ![Joomla 5 Recommended Technical Requirements.](../../assets/img/blog/ScreenShot-2024-02-05-17.53.26-1024x703.webp) ## What is my web host doesn't meet the minimum standards? If your webhost doesn't have the minimum standards for Joomla 5 hosting then you should really consider moving - the MySQL8 and PHP 8.2 requirements are pretty normal and not groundbreaking. MySQL 8.0.13 was released in October 2018 - so thats over 5 years ago - if your web host has not upgraded their MySQL server in the last 5 years then maybe they are not the most secure and reliable partner for your web site... #justsaying ## What is the supported version of MySQL by Oracle? [https://endoflife.date/mysql](https://endoflife.date/mysql) mysql 5.6 extended support ended in 2021 and mysql 5.7 extended support ended.... 31st October 2023. Only MySQL 8.0 (LTS) and 8.1.* series are actually supported by Oracle now. ![Mysql end of life check technical requirements](../../assets/img/blog/ScreenShot-2024-02-05-18.08.44-783x1024.webp)*Data from [https://endoflife.date/mysql](https://endoflife.date/mysql)* ## What if my site is stuck on Joomla 3 - how do I secure Joomla 3? You can look at the new tool which [Fixes all Joomla 3 security issues](https://mysites.guru/blog/how-to-fix-joomla-3-security-issues-with-a-single-click/) with a single click, in the mySites.guru snapshot. ## Learn best practice for Joomla and WordPress sites URL: https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Every mySites.guru snapshot and audit check comes with a detailed Learn More page explaining the best practice recommendation, the risk and how to fix it. In this blog post we are going to highlight the awesome "Learn More" pages in the mySites.guru service - this covers both Joomla and WordPress best practice. The mySites.guru [Snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) and Audit cover well over 100 checks, each comes with a "Learn More" page and a tool to further investigate the issue. Although many people might disagree with all the best practice we promote, there will be consensus on the majority - and there is a reason for each and every check we make in the mySites.guru service. Mostly these are based on our experience of over the years being intimately involved with the Joomla project (and to a lesser extent the WordPress project). Each "Learn More page will contain many of the following blocks: - Our Recommendation - How the audit checks this setting - Background Information - A Tool To Investigate or a reason why no tool is available - Further Reading - [Get Expert Assistance](https://fix.mysites.guru/) For the rest of this blog post, we are going to take one of the checks, the "Logs/tmp Folder Locations Should Exist At Default Locations" check for Joomla sites as an example. This check is in the [snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/), and looks like this: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-03-28-at-23.37.32-1024x119.webp) You can click on the Learn More link to get to that page. ## Our Recommendation This block clearly states what we believe is the correct best practice, and expounds on that with additional information. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-03-28-at-23.38.46-1024x1019.webp)*Example "Our Recommendation" block on the Learn More page* ## How the audit checks this This block explains, in technical and non-technical language how the mySites.guru [snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/)/audit process gets its data for this check. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-03-28-at-23.40.44-1024x557.webp) ## Background Information In this block we might list some more background information - if any - we might want to bring to your attention. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-03-28-at-23.42.26-1024x598.webp) ## Further Reading In this block we might list some links from around the web, or the official Joomla documentation that might give more in-depth guidance or where the licensing of the content of those links means [we cannot replicate it](https://docs.joomla.org/JEDL) in our commercial service. ## Tools This is normally a direct link to the Investigate Tool, or back to the [Snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/)/Audit tabs if this check has a toggle. ## Get Expert Assistance Ok, we understand that you are not all experts with decades of experience, however if you need additional - [paid consultancy](https://fix.mysites.guru/) - to fix a problem for you, then we are more than happy to conduct a **FIXED FEE** consultancy to fix this, and all issues identified in a [snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/)/audit. Full details can be found on [https://fix.mysites.guru](https://fix.mysites.guru) or you can just go ahead and submit your request at [https://fix.mysites.guru/](https://fix.mysites.guru/) when logged in. ### Summary The "Learn More" pages are full of helpful information, given to educate you on the best practice for Joomla and WordPress, and to explain why we do the things we do in our service. ## Track SSL Certificate Expirations Easily URL: https://mysites.guru/blog/keep-an-eye-on-your-joomla-and-wordpress-ssl-certificate-expirations-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites mySites.guru checks every connected site's SSL certificate issuer, expiry date and full chain validity on every snapshot, alerting you before certificates expire. The screenshots below are from an older version of the interface. We've since redesigned the dashboard, but the process works the same way. You already know that mySites.guru is an amazing [unique dashboard](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/), bringing together information from all your [Joomla and WordPress sites in one place](https://mysites.guru/blog/manage-multiple-joomla-and-wordpress-sites-with-your-whole-team/), but there are some smaller features that we, and our customers just take for granted, as they only activate when something goes wrong. SSL Certificate checks are one such feature that gets invoked when things go wrong with your site, and when you really need to be alerted to it. **Since 2012**, when we snapshot your Joomla or WordPress site as part of our [security audit for Joomla](https://mysites.guru/blog/security-audit-tools/), we download a copy of your public SSL Certificate active on your domain, the same way a browser would. We then collect the** SSL Issuer, Expiration Date and check the SSL Certificate Validation Chain** right along the chain to ensure that all the intermediate certificates are also valid. SSL is a complex thing under the hood, and there are many other checks we make of your SSL Implementation, including the ciphers users and the actual minimum level of security that your site allows. If your site accepts any insecure encryption methods, we will alert you by email about this. We also distinguish [cPanel](https://cpanel.net) and [Let's Encrypt SSL Certificates](https://letsencrypt.org) as these are normally web host provided and auto-renewed without user intervention, these are shown with custom icons on your dashboard. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-14-at-08.52.24-1.webp) ## Short Expiration Dates Now Standard The whole SSL Ecosystem is moving towards shorter and shorter expiration times. Whereas the norm used to be 2 years to 5 years, with the invention of auto-renewalable SSL with Let's Encrypt, that time has been drastically reduced to just a few months. This means that, if the process fails, your site can be taken offline to visitors (by browser security) if your certificate is invalid or expired. This is why mySites.guru gives you a overview of your SSL Certificates, listed by expiration date ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-14-at-08.56.29-1024x466.webp) On this screen you can also export the list to CSV file for further offline processing should you wish. ## Alerting of expiration date approaching By default, we will alert you if your SSL gets within 2 days of expiration. Under normal circumstances this should never happen! ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-14-at-08.58.47-1024x211.webp) However we know that some people have specific requirements and 2 days might be too short for business processes or manual renewals, so we allow you to configure the number of days before expiration that we alert on. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-14-at-09.00.34-1024x447.webp) ## BONUS: Our Recommendation, Integration with Qualys Tools. The industry standard tool for testing SSL Certificate implementations is the [Qualys Tools](https://www.ssllabs.com/ssltest/index.html). mySites.guru gives you integration with this tool within the Learn More page in the [SSL Snapshot tool](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/). ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-14-at-09.03.32-1024x681.webp) This tool will give you LOADS of technical information about your SSL Implementation, and your underlying web server security. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-14-at-09.04.02-800x1024.webp) ## Manage all your Joomla Sites Extensions with mySites.guru URL: https://mysites.guru/blog/manage-all-your-joomla-sites-extensions-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites View, search and update every Joomla extension across all your connected sites from a single page in mySites.guru — tracking over four million extension relationships. Two years ago we were tracking over four million relationships between Joomla sites, extensions and the update sites that are used for updates from the developers, and, we got it wrong. ***Our architecture was wrong, and the performance sucked.*** So we made the decision to remove it then. This has now been **completely rewritten** (Using PHP 7.4 and Symfony 4.4) for the mySites.guru service and has been re-released to [great praise from our long term subscribers](https://mysites.guru/reviews/), some of which have been subscribers since 2012! ***(Edit: This is an old article now, we now run on the very latest Symfony framework and the very latest PHP version (8.3.3 at the time of this edit!)*** ### Want to Update One Extension on Multiple Sites instantly? Watch Tim walk you though it https://www.youtube.com/watch?v=tFVIbeRRcTY ### So what can I do with mySites.guru to manage my extensions? These are the main headline features: - You can [view a complete list of extensions](https://manage.mysites.guru/en/extensions/) installed on your portfolio of sites. - You can [search for a specific extension](https://manage.mysites.guru/en/extensions/similar/to/c116dd35616c46e593169e67634f7bdc) regardless of version number, and see the sites that have that extension installed - You can [search for a specific version of a specific extension](https://manage.mysites.guru/en/extensions/981a7d15f55d3dbd6780645ead34bb8d), and see all the sites that have that specific version installed - You can see how many other sites in our database, have those extensions installed too, as a [Top 50 Extensions list](https://manage.mysites.guru/en/extensions/top/50), drawn from live data in our database of paying customers with almost 60,000 sites. - You can filter the [Mass Package Installer page](https://manage.mysites.guru/en/tools/remoteinstall), by all sites with a certain extension installed (Allowing you to push an update to just those sites) - For any site, you can see each and every extension, plugin, template or module (or even library) installed, its version number, links to its developer and their support sites. - As [previously announced](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/), you can now set ANY EXTENSIONS update stream to automatically provide updates as soon as they are available - [fully automated updates of any Joomla extension](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/) - You can use the [Mass Package Installer](https://manage.mysites.guru/en/tools/remoteinstall) to push any Joomla extension, module, plugin, or template to all your sites in one go, or a selection of sites. As you can see above, each of these features enables you to make wide-ranging and sweeping changes to ALL your sites in one go, or a sub set of those selected sites **making the task of keeping your Joomla extensions up to date a breeze**. ### So what are the Top Ten Extensions used by mySites.guru customers? Well you could login and [click the link](https://manage.mysites.guru/en/extensions/top/50), but here is a snapshot in time image below to give you a rough estimate on 1st December 2019. The list is a pretty obvious list of the major players in Joomla extensions, nothing exciting or different to our expectations really. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-11-30-at-20.24.35.webp)*To view the full list of 50, login and navigate to the realtime list.* ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2019-11-30-at-21.38.17.webp)*Example overview page of an old extension on old (hackable) sites.* https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/ ## Manage Multiple Sites With Your Whole Team URL: https://mysites.guru/blog/manage-multiple-joomla-and-wordpress-sites-with-your-whole-team/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Add unlimited team members to your mySites.guru account with per-site and per-feature permissions. No per-seat fees. If you run an agency, you've probably been through the dance of sharing logins over Slack or forwarding alert emails to the right person. We added team accounts to mySites.guru so you can stop doing that. Everyone on your team gets their own login. You pick which sites they can see and which tools they can use — backups only, monitoring only, full access, whatever makes sense. Want to give a client read-only access to just their own site? That works too. ![Team members screenshot](../../assets/img/blog/team-members-screenshot.webp) ## Setting it up Go to your [Account page](https://manage.mysites.guru/en/account/tools), open the [Your Team tab](https://manage.mysites.guru/en/teams/), and click **Add Team Member**. Assign them sites and pick their permissions. They'll get their own login and can start working right away. ## Notifications Team members get all notifications by default. They can tweak their own [notification preferences](https://manage.mysites.guru/en/notifications/) without affecting yours. Changes anyone makes to site config or monitors apply to the site, not the user, so everyone sees the same thing. ## Passkeys and security Every team account supports [passkeys](https://mysites.guru/blog/passkeys-for-secure-login-to-mysites/) — Face ID, Touch ID, Windows Hello, whatever your device offers. No codes to type, no authenticator app to fumble with, and nothing that can be phished. Your team logs in with a fingerprint or a glance and they're in. Passkeys replace the weakest link in account security (passwords people reuse everywhere) with cryptographic keys tied to their device. If someone on your team is still using `password123` for everything, passkeys fix that problem permanently. Two Factor Authentication is also available for teams that want a more traditional setup. You can send password resets, disable accounts, or remove someone whenever you need to. There are no per-seat fees. Team access is part of every plan — add as many people as you need. [Add Your First Team Member Now](https://manage.mysites.guru/en/teams/) ## How To Manage Multiple WordPress Sites From One Dashboard URL: https://mysites.guru/blog/manage-multiple-wordpress-sites/ Date: 2024-03-11 Tags: wordpress, multi-site management, agency tools Category: Manage Multiple WordPress Sites Centralise updates, backups, security audits and one-click logins across all your WordPress sites. One dashboard, unlimited sites, £19.99/month. If you're looking after more than a handful of WordPress sites, you already know the pain. Logging into each one individually to check for updates, run backups, or see if something's broken. It doesn't scale, and it gets old fast. I built [mySites.guru](https://mysites.guru/) to fix exactly this problem. One dashboard, all your sites, no per-site fees. Here's what it actually does. ## The real problem with multiple WordPress sites A single WordPress site is fine. You log in, update your plugins, check your security, move on. But once you're managing 10, 50, or 200 sites for clients, that approach falls apart. You end up with browser tabs everywhere, forgotten updates, and security issues you don't find out about until a client emails you in a panic. Most people try to solve this with spreadsheets, bookmarks, or sheer willpower. None of those work long-term. ## What mySites.guru does differently ![A dashboard for managing multiple wordpress sites in a single place](../../assets/img/blog/ScreenShot-2024-02-10-13.42.26-1024x557.webp) **One dashboard for everything.** The [mySites.guru dashboard](https://mysites.guru/blog/the-best-dashboard-for-unlimited-joomla-and-wordpress-sites/) shows site health, update counts, security alerts and uptime status across every connected site. No more logging into each one. **Security that goes deep.** The [audit tools](https://mysites.guru/blog/security-audit-tools/) scan every file in your webspace for [hacks and backdoors](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/), not just the obvious stuff. You get [real-time alerts](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/) when files change or someone logs into an admin panel. **Bulk updates across all sites.** [Update WordPress core, plugins, and themes](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) across hundreds of sites at once. You pick what to update, hit go, and get notified when it's done. **Scheduled backups.** Set up [automated backup schedules](https://mysites.guru/blog/unlimited-backup-schedules/) using Akeeba Backup or All-In-One Migration. You can [run backups across thousands of sites](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) from the dashboard without touching FTP or SSH. **[One-click admin login.](https://mysites.guru/blog/one-click-login-to-any-joomla-or-wordpress-admin-console-with-mysites-guru/)** Jump straight into any site's admin panel without remembering passwords. It's genuinely the feature people tell me they use most. **[White-label client reports.](https://mysites.guru/blog/whitelabeled-client-activity-reports-for-joomla-and-wordpress-sites/)** If you're an agency, you can send branded reports to clients showing what you did, when, and why. Useful for proving your value at invoice time. ## Best practice checks on every site The mySites.guru [snapshot and audit tools](https://mysites.guru/blog/security-audit-tools/) run over 100 checks on each site, twice a day. [Security headers](https://mysites.guru/blog/check-your-websites-security-headers-with-mysites-guru/), PHP versions, [SSL certificates](https://mysites.guru/blog/keep-an-eye-on-your-joomla-and-wordpress-ssl-certificate-expirations-with-mysites-guru/), [disk space](https://mysites.guru/blog/about-the-disk-space-warnings-in-mysites-guru/), and more. You don't have to remember to check. It just tells you when something needs attention. Claim your [free audit](https://mysites.guru/free-audit/) and see for yourself. ![The manage site page in mySites.guru for managing multiple wordpress sites](../../assets/img/blog/ScreenShot-2024-02-10-13.42.51-1024x684.webp) ## Not just WordPress mySites.guru also works with Joomla and any PHP-based site. Craft, OctoberCMS, whatever you're running. If it has PHP, you can connect it. Unlimited sites, one flat monthly price. ## Manage Your Joomla 4 Sites with mySites.guru URL: https://mysites.guru/blog/manage-your-joomla-4-sites-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru fully supports Joomla 4, offering the same complete audit, backup, update and monitoring toolset for all your Joomla 4 sites. Its been 9 years in development, but Joomla 4 will be released on 17th August 2021 🎉🎉 > **mySites.guru is fully compatible with Joomla 4.0.0 Stable, and is in fact fully compatible with all [Joomla versions](https://mysites.guru/blog/end-of-life-supported-versions/) from Joomla 1.5.0 onwards** - even if the [Joomla site is hacked](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) and compromised, our tools still work and give you award winning solutions to find issues, follow and learn best practice, backup and monitor your Joomla sites. ## Notes for those with mySites.guru subscriptions: mySites.guru** never performs Joomla upgrades automatically. You have to manually login and request that m**ySites.guru performant an upgrade. Due to issues when Joomla 3.10.0 was first released, which, after upgrading to Joomla 3.10.0, the Joomla site would then show a one-click-upgrade path to Joomla 4.0.0 by mistake in Joomla Admin - **we went ahead and then made it IMPOSSIBLE to upgrade from Joomla 3.10.0 to Joomla 4.0.0 using mySites.guru - it simply cannot be done**. Joomla 3.10.0 to Joomla 4.0.0 was never an easy upgrade - it was always going to be a migration. Now the Joomla project accept there were issues and have moved Joomla 4.0.0 to the NEXT update stream, so that Joomla 3.10.0 doesnt see it as an available upgrade unless you have manually selected the update stream. [https://docs.joomla.org/J3.x:Joomla_3.10_points_to_4.0_while_it_claims_to_be_on_the_Default_update_server](https://docs.joomla.org/J3.x:Joomla_3.10_points_to_4.0_while_it_claims_to_be_on_the_Default_update_server) [https://github.com/joomla/joomla-cms/pull/35214](https://github.com/joomla/joomla-cms/pull/35214) It is **never going to be possible in the future** to use mySites.guru to upgrade from Joomla 3.10.0 to Joomla 4.0.0. This is also because we have decided our Joomla 4 and Joomla 3 connector plugins will be different to take advantage of the new minimum version of PHP (7.2.5) that Joomla 4 has. In order to migrate your site to Joomla 4.0.0 you need to perform a mini-migration - this includes checking all templates, extensions, plugins and modules for compatibility - DO NOT RELY ON THE PRE UPDATE CHECKER - it will flat out lie to you, a known issue! > DO NOT perform a Joomla 4 mini-migration/upgrade on a live site. Ever. > This is something that needs preparation, planning and testing on a development copy of the site first. > BACKUP before and TEST YOUR BACKUPS. ## To migrate a site already connected to mySites.guru: -- Uninstall the mySites.guru system plugin -- Delete the site from mySites.guru -- Perform the mini-migration to Joomla 4 -- Use the Add Another Site process to generate the Joomla 4 specific plugin and install that to your live Joomla 4 site to reconnect to mySites.guru. ## Edit: Joomla 5 is now here! Check out the mySites.guru [Joomla 5 Technical Requirements Check](https://mysites.guru/blog/joomla-5-technical-requirements-check/) tool! https://mysites.guru/blog/joomla-5-technical-requirements-check/ ## Migrating to Modern Joomla When Using mySites.guru URL: https://mysites.guru/blog/migrating-to-joomla-4-when-using-mysites-guru/ Date: 2024-03-11 Tags: joomla, migration, joomla 4, joomla 5, joomla 6 Category: Manage Multiple Joomla Sites How to keep your sites connected to mySites.guru when migrating from Joomla 3 to Joomla 4, 5, or 6. Step-by-step connector swap process. This is not a guide on how to migrate Joomla 3 to a newer version. This is for mySites.guru subscribers who want to keep their sites connected and monitored after migrating. [Joomla 3 reached end-of-life on August 17, 2023](https://mysites.guru/blog/the-joomla-3-10-999-project/). No further releases will be made, even for security issues. If you still have Joomla 3 sites, migrating to Joomla 4, 5, or 6 should be a priority. Joomla 5 is the current stable release, and [Joomla 6 is already out](https://mysites.guru/blog/joomla-6-technical-requirements/). Which version you target depends on your hosting and what extensions you need. Check the [Joomla 5 requirements](https://mysites.guru/blog/joomla-5-technical-requirements-check/) and [Joomla 6 requirements](https://mysites.guru/blog/joomla-6-technical-requirements/) to see if your servers are ready. ## Migration, not upgrade Moving from Joomla 3 to Joomla 4+ is a migration, not a one-click upgrade. Every plugin, extension, module, and template on your site needs a compatible version for the target Joomla release. Some won't have one. Sometimes the only way to find out is to attempt the migration and fix what breaks. Plenty of migrations stall when that one extension you depend on hasn't been updated in years and has no replacement. ℹ️ Joomla's official migration guides These were written for the Joomla 3 to 4 migration. Some URLs may have moved since then, but the general process still applies for moving to Joomla 4+. Planning for Mini-Migration Step by Step Migration Pre-Update Check ## Why we don't offer a fixed-fee migration service Every Joomla 3 site is different. The extensions, the template framework, whatever custom code has been bolted on over the years. We could get days into the work and hit a wall because one critical extension has no modern replacement. There's no honest way to quote a fixed price for that, so we don't offer it. ## Reconnecting mySites.guru after migration The Joomla 3 connector won't work on Joomla 4 or later. We built a separate modern connector that uses current PHP standards and is compatible with Joomla 4, 5, and 6. Here's the process: 1. **Remove** the old mySites.guru plugin from your Joomla 3 site before migrating 2. **Delete** the old site entry from your mySites.guru account 3. **Migrate** your site to your target Joomla version (4, 5, or 6) and get it stable 4. In mySites.guru, click **"Add Another Site"** and select the Joomla 4+ connector option 5. Install the new connector in your migrated site's admin panel After that, mySites.guru works the same as it did with your Joomla 3 site. All the same [monitoring and management tools](https://mysites.guru/features/), plus version-specific features like the [Joomla 5](https://mysites.guru/blog/joomla-5-technical-requirements-check/) and [Joomla 6](https://mysites.guru/blog/joomla-6-technical-requirements/) requirements checkers. ![mySites.guru connection wizard showing the Joomla 4+ connector option](../../assets/img/blog/ScreenShot-2024-02-04-14.38.17-665x1024.webp) If you run into any issues during the reconnection, [get in touch](https://manage.mysites.guru/contact). ## Monitor site uptime with mySites.guru URL: https://mysites.guru/blog/monitor-your-sites-uptime-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru replaced UptimeRobot with its own custom node.js uptime monitoring engine, delivering per-minute checks and instant downtime alerts at no extra cost. We used to provide [UptimeRobot](https://uptimerobot.com) Integrated monitors for your sites, but now we are providing UNLIMITED FREE uptime monitors - powered by our own custom-written engine - to all mySites.guru subscribers and connected sites. ## FREE Uptime Monitors from our OWN Robot Engine - for all mySites.guru subscribers and their connected sites - get alerted to downtime quickly! Exciting news! For over a decade mySites.guru has been providing [UptimeRobot](https://uptimerobot.com) uptime monitoring as an opt-in option for all sites connected to our service. This has now come to an end. Buying in the UptimeRobot service was our single biggest expense each month totally more than the total bill for all our infrastructure for mySites.guru service at [DigitalOcean](https://DigitalOcean.com)! ***(tl;dr [UptimeRobot](https://uptimerobot.com) was acquired, the service was unreliable since and then they tried to hike the fee we were paying by 352.4%!)*** - [Read more about this below](#why) We are pleased to announce that we have flipped the switch, removing all UptimeRobot monitors and replacing with our own - **custom built per-min second-accurate Uptime Monitoring solution - written from scratch in node.js in less than a week, refined, tweaked, and integrated to mySites.guru in less than a few weeks - all at no extra cost to our subscribers**. (Well in fact we are saving ourselves $22,416 by doing this!) We have no plans to launch a complete [UptimeRobot](https://uptimerobot.com) clone, as that market is already saturated (If you need an uptime service, we can highly recommend https://ohdear.app over UptimeRobot :)), but we will be adding Status Pages for you shortly too - [mySites.guru](https://mysites.guru/) already does [SSL checks](https://mysites.guru/blog/keep-an-eye-on-your-joomla-and-wordpress-ssl-certificate-expirations-with-mysites-guru/) and much much more in our award winning [Audit tools for Joomla and WordPress sites](https://mysites.guru/blog/security-audit-tools/). The new micro-service, standalone to the main mySites.guru servers, will check your connected sites and alert you when they are not online - or worse, hacked - allowing you to respond to any outages quickly. Our service will check your site with a single HEAD request, and if its online then great. If your site is not responded to us in 45 seconds, we will try again, this time with a GET request, and we will wait 45 seconds again for your site to reply. If your site has not responded again we will make one final GET request, this time from a different location around the world (secret IP, because your site should not be blocking/whitelisting IP addresses, its a public web facing site!) if your site fails to respond to this then we **alert you that your site may be down**, by email. We have spread out, and will continue to spread sites that are on the same server across multiple times so that we do not hammer your server with the single HEAD requests all in the same second. We have performance load tested the new platform to 1 million domain names per second - and this can safely be handled on three $5 servers... thus saving us much in buying in another persons service for this. We just needed the push to write the service ourselves. Example email alert: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2021-08-14-at-22.15.21-1024x496.webp) You can see an overview of all your monitors in your account: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2021-08-14-at-22.08.07-1024x408.webp) You can also see the last 24 hour site response times, **easily seeing performance issues,** like this: ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2021-08-14-at-22.09.12-1024x572.webp) > tl;dr > UptimeRobot was acquired > the service was unreliable since > **and then they tried to hike the fee we were paying by 352.4%!** ## Why we stopped using UptimeRobot.com Ever since mySites.guru first launched sometime in 2012, we have provided uptime monitors for all sites connected to the mySites.guru platform. ![E8yAih4WQAAM3PR](../../assets/img/blog/E8yAih4WQAAM3PR-1024x576.jpeg) These monitors were provided by the Engine at [UptimeRobot](https://uptimerobot.com) under the management of their founder [Umat Muhaddisoglu](https://twitter.com/umutm). The service was rock solid and we rarely had any issues - apart from we kept hitting the limit of the number of monitors we were paying for, and kept increasing - and thus we came to a financial arrangement that suited both of us. This was a discounted price, based on 5 min (and not every min) monitors. It was still very expensive for what it was. We consumed the API provided by the UptimeRobot service and monitors were opt-in within the mySites.guru service. In 2019, UptimeRobot [was acquired](https://blog.uptimerobot.com/uptimerobot-2020-update/) by [](https://itrinity.com/)**[itrinity](https://itrinity.com/)**, a Czech/Slovak company operating UptimeRobot as a Malta based company (Its a shell company address!) in a closed deal. This was not announced at the time and was kept very quiet for a while. **Downtime: ** **On 24th Jan 2019**, 5th March 2019, 5th April 2019, 2nd September 2019, 1st November 2019, 5th November 2019, 11th December 2019, 12th December 2019, 19th December 2019, 23rd December 2019, 10th Jan 2020, 25th January 2020, 17th Feb 2020, 11th March 2020, 18th April 2020, 26th April 2020, 27th April 2020 All above dates... **The whole UptimeRobot API was down, This effected all our users trying to create or remove monitors.** Ea**rly in 2020** the UptimeRobot service started to have technical issues - they called them DDoS attacks, but this was not proved, and ever since then their platform has been unreliable with lots of complaints on twitter from affected users. It was clear that since the take over many changes were being implemented that were having knock on effects, but they still would not admit the issues. **On 6th May 2020** Peter Hrbacik (The new CEO of UptimeRobot) emailed me after seeing my complaints on Twitter about the bad service received and the repeated downtime. He stated he *"fully understand your frustration. I am very sorry for all the troubles. There were really tough times during the last weeks as we faced many DoS attacks and technical issues."* He also stated that the acquisition was not made public for the reason *"we don't want to spam our users"* **On 10th May 2020** we made our monthly payment and then a few hours later UptmeRobot cancelled our PayPal subscription and terminated our account. This effected all our users and meant that we could not service our account using the API. **On 14th May 2020** the whole UptimeRobot API was down again, This effected all our users trying to create or remove monitors. **On 19th May 2020** the API was down again - the excuse was "updating infrastructure to stabilise our service" **On 28th May 2020** Peter Hrbacik (The new CEO of UptimeRobot) emailed me to say that they were *"about to roll out a big infrastructure update which should secure far more stability of our services"* - that night the API was down for 7 hours. **On 4th June 2020** itrinity finally emailed all UptimeRobot users - and announced **[their blog post](https://blog.uptimerobot.com/uptimerobot-2020-update/)** talking about the acquisition and the recent issues. **On 9th June 2020** The SSL Certificate on stats.uptimerobot.com was invalid effecting all users with Status Pages. **On 10th June 2020** Kristian from UptimeRobot published personal information from our account to a public URL at gofile.io - a direct and clear breach of data protection **On 27th July 2020** UptimeRobot again automatically terminated our account without warning. This was 17 days after our last payment. This effected our users as downtime was not notified and users could not start (or delete) new monitors. **On 20th September 2020** UptimeRobot again automatically terminated our account without warning - apparently an admin oversight (again) and fixed in a few hours. This effected our users as downtime was not notified and users could not start (or delete) new monitors. **On 27th June 2021** UptimeRobot again automatically terminated our account without warning - apparently an admin oversight (again) and fixed in a few hours. This effected our users as downtime was not notified and users could not start (or delete) new monitors. I emailed Peter Hrbacik (The new CEO of UptimeRobot) again - without reply. **THIS IS WHERE IT GETS INSANE...** **On 5th July 2021** out of the blue I receive an email from Martin Toma, COO at itrinity. His email is basically saying that they have decided to switch my subscription, from my historically agreed price ($566) for 20000 monitors at 5min intervals, to new pricing. **His offer was $22,416 if I paid annually** - and gave us 66 days to agree or leave. This was a 352.4% price increase. He did acknowledge that we were one of their **"earliest & biggest customers” ** I noted that the pricing offered to us above was over and beyond the published pricing on their website and I queried that and was told this was due to our "reselling activities"!! Let's be clear: **mySites.guru was not "reselling" the UptimeRobot service. Ever. **We were consuming the API that came with the account we were paying for in **complete compliance with the terms and conditions of the service**. We were receiving notifications from UptimeRobot when a site went down, and in turn we would alert our customer. This is not reselling, this is the same as you signing up as a digital agency, and adding your clients sites to their monitoring - and when a site goes down, you the digital agency contacting your customer to resolve the issue - we were doing nothing wrong here. I mentioned the fact that we were in complete compliance with the ToS at UptimeRobot to Martin on 5th July 2021. **On 9th July 2021** Martin replied with *"You are right, we don't explicitly forbid or specify conditions for such behavior. We will release an update to our ToS soon."* Furthermore, he backtracked on the pricing, saying *"we decided not to charge any extra premium for your reselling activities"* - note, we are NOT reselling, we are consuming the UptimeRobot account in full and complete compliance of their ToS and just as we had done for a decade! ***"So, the final pricing for the 20,000 monitors plan is $1,662. If you decide to switch to annual payment it will be $18,680"*** So the price dropped from $22,416 to $18,680 a year - when previously I was paying just $6,792... so yeah - thats a bit of a piss take! Martin was also pissed at me "tweet-shaming" UptimeRobot when I shared the content of his proposition, and the fact that they were imposing a 352.4% price increase on us with 66 days notice. Its not like their service has been stunning and giving me confidence that UptimeRobot under their management is a good thing - its been down considerable times, and all I have had is excuses - no one has yet explained why my account was terminated again last weekend despite me paying **On 9th July 2021** Martin replied to say he was not holding us to ransom, and we were free to leave. I replied less than 1min later stating to please terminate my subscription and monitors on 9th of September, 2021, the date 66 days later that he was going to impose the 352.4% price increase. **On July 14, 2021**: [Added “Resale or Redistribution of Service” and “Contacting UptimeRobot”](https://uptimerobot.com/terms/) terms were changed. Indeed [he did update the ToS](https://uptimerobot.com/terms/) to specifically block ban and outlaw a whole list of services -** making use of UptimeRobot Non-Commercial Only** (did you know that?!) as well as adding additional clauses to state that all previous contracts, discounts etc were "speculative" and** that they had a right to publish correspondence and confidential information provided them by email was fair game to be published by them **- unless the UptimeRobot board gave agreement in writing. So basically he is screwing over his "earliest & biggest customers” by outlawing them. Im sure if many read their new ToS they would have issue with these new terms. **Since then neither Martin Toma (COO) or Peter Hrbacik (The new CEO of UptimeRobot) have even bothered to reply to my follow up emails, tweets or to confirm that they will be terminating my account. ** **On 12th August 2021** mySites.guru flipped the switch and started providing our own Uptime Monitoring Service - within mySites.guru - powered by our own custom written monitoring engine - written from scratch to be provide per-min second-accurate Uptime Monitoring for all mySites.guru connected sites. Copies of all emails available on request - we have nothing to hide and have documented the issues accurately without spin. Onwards and upwards - but setting the record straight. -- The saga continues... **On 12th August 2021 **I requested the invoices for 2021 as they were not in my account, and I informed UptimeRobot that the country on the invoices were totally wrong (They had Isle of Man, whereas we are located in Jersey, Channel Islands) - they replied on 13th August with the invoices but told me they **could not provide accurate invoices with the correct country on, **as they is *"use a library from another provider"*- which means every invoice is factually invalid as the country is wrong for my business and they refuse to change it. ## mySites.guru is the new name for rebranded myJoomla.com URL: https://mysites.guru/blog/myjoomla-com-is-now-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites myJoomla.com has been rebranded as mySites.guru to reflect full support for Joomla, WordPress and any PHP-based website in one platform. As our service now supports **Joomla** and **WordPress** CMS’s, its no longer appropriate to be called “[myjoomla.com](https://myJoomla.com)” and therefore we have changed the service name to [mySites.guru](https://mysites.guru/). For a limited time myJoomla.guru will be used to market to individual segments of the market specific to one of the platforms, but moving forward **mySites.guru** will be the new name, and home of our service. ## mySites.guru connected to over 64,000 Joomla and WordPress Sites URL: https://mysites.guru/blog/mysites-guru-connected-to-74000-joomla-and-wordpress-sites/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru celebrates 74,000+ actively connected Joomla, WordPress and PHP sites — all managed from a single dashboard invested into daily by its founder. > mySites.guru is a unique service to assist you in ensuring all your Joomla and WordPress sites are following the best practice, have backups, are monitored, and gives you a suite of unique tools to investigate under the hood of your site, checking each and every line of code in your webspace for hacks are much much more... > > > Sign up today at [https://manage.mysites.guru/en/register](https://manage.mysites.guru/en/register) We are incredibly humbled. The thing is, people love us because, despite our lack of marketing, shiny site, podcast, and lipstick - we have a rock solid product that out-performs expectations every day. Yeah any service can [backup](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/), [update](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) and [monitor](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/) a site. **But not all services are created equal**. Ours is invested into daily, new code deployed multiple times a day - every day. We react and respond to emerging threats, add new hack signatures and patterns daily, and our detection of Joomla and WordPress hacks in file is second to none. ### **I work on this project full time. Its not a side hustle or investment for me - its my passion. ** There is always room to improve, and deploying multiple times a day, we improve things daily, grazing at the code, refining features, add value and give you more power each week to maintain your sites, and your customer sites with ease. 75,000+ sites now trust mySites.guru. Thats incredible, but only just the beginning! ## mySites.guru powers through 60,000 Joomla and WordPress Sites Managed URL: https://mysites.guru/blog/mysites-guru-powers-through-60000-joomla-and-wordpress-sites-managed/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites mySites.guru surpasses 60,000 actively connected Joomla and WordPress sites, driven by unique audit, update and monitoring tools not found in competing services. ***[Edit: This post was first published several years ago - its SEO is great but the number (60,000) has been increased by tens of thousands more sites!]*** Firstly a huge thank you to our loyal subscribers, a large number of which have been with us since our very first month in 2012 when we launched. mySites.guru is a **unique service** for managing Joomla and WordPress sites. Others have attempted to replicate our service but none have come even close. Any service can do [updates](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) and [backups](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) - but we are light years ahead with **unique tools and services** not found anywhere else in other services. Last weekend, we connected our 60,000 live site to the mySites.guru service. > *There have been **many more than 60,000 sites connected** in total, but we only log the ACTIVE number of sites connected, and in our database in real-time. * > > > > > > *We don't track, log, record the number of sites that have been added and then removed over the years, once a site is deleted.* **I just wanted to say a huge thanks to those that are ending 2020 with their subscriptions to mySites.guru - your investment in our success has been reinvested into making the service a huge success - much more is in the plans for 2020, some of which has been kept top secret as I work on it. ** Thank you. Enjoy your holiday festive Christmas period.... but keep an eye out, Joomla 3.9.14 will be released next Tuesday (I'm guessing, well I know, but its still a guess). ## mySites.guru surpasses 64,000 connected Joomla and WordPress Sites URL: https://mysites.guru/blog/mysites-guru-surpasses-64000-connected-joomla-and-wordpress-sites/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru hits 64,000 connected Joomla and WordPress sites, powered by daily code deployments, real-time hack detection and a founder who works on it full time. *[Edit: This is an old article, mySites.guru is now connected to well over 74,000 sites!]* **We did it. Our multi-award winning solution for Joomla and WordPress sites has just added its 64,000 website to our service! ** Congratulations to John M. for being the one to add that site! 🎉 > mySites.guru is a unique service to assist you in ensuring all your Joomla and WordPress sites are following the best practice, have backups, are monitored, and gives you a suite of unique tools to investigate under the hood of your site, checking each and every line of code in your webspace for hacks are much much more… > > > Sign up today at [https://manage.mysites.guru/en/register/](https://manage.mysites.guru/en/register) ![4k images](../../assets/img/blog/4k-images-7-2-1024x576.webp) I** am incredibly humbled. ** The thing is, people love us because, despite our lack of marketing, shiny site, podcast, and lipstick – we have a rock solid product that out-performs expectations every day. Yeah any service can [backup](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/), [update](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) and [monitor](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/) a site. **But not all services are created equal**. Ours is invested into daily, new code deployed multiple times a day – every day. We react and respond to emerging threats, add new hack signatures and patterns daily, and our detection of Joomla and WordPress hacks in file is second to none. > **I work on this project full time. Its not a side hustle or investment for me – its my passion. ** > > > ~Phil Taylor. There is always room to improve, and deploying multiple times a day, we improve things daily, grazing at the code, refining features, add value and give you more power each week to maintain your sites, and your customer sites with ease. 64,000+ sites now trust mySites.guru. ***Thats incredible, but still, only just the beginning!*** Thank you. Phil. ## One-Click Admin Login to Any Site URL: https://mysites.guru/blog/one-click-login-to-any-joomla-or-wordpress-admin-console-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Skip the login page entirely. One click from mySites.guru logs you straight into any Joomla or WordPress admin console — no passwords stored, fully encrypted. If you manage more than a handful of sites, you know the routine: open a tab, navigate to /administrator or /wp-admin, type your username, type your password, hit enter, wait. Multiply that by 10, 50, or 200 sites and it adds up fast. One-click admin login removes all of that. From your mySites.guru dashboard, press a single button and you're sitting in the admin console of any connected Joomla or WordPress site — logged in, ready to work. ![Login to any Joomla or WordPress Admin Console with a single click from the mySites.guru service.](../../assets/img/blog/CleanShot-2024-11-20-at-14.55.43@2x-1024x576.webp) Thousands of users have been using this feature since 2017. We publish [live login statistics](https://manage.mysites.guru/en/live/stats) inside your account so you can see just how much time it saves across your team. ## How it works for you 1. Click the **Admin Login** button next to any site 2. A new tab opens and you're already logged into the admin console That's it. No credentials to type, no login pages to wait for. ## How it works under the hood Your password is never involved. We don't ask for it, we don't store it, and we don't want it. Instead, every login goes through a multi-step encrypted handshake: 1. mySites.guru contacts our request validation service to register an upcoming request 2. An encrypted login request is sent to the mySites.guru plugin/extension on your site 3. Your site checks back with our validation service to confirm the request is genuine 4. After validation, your site decrypts the request and sees it's a login instruction 5. Your site creates a new session for the admin user you've pre-selected in mySites.guru 6. You're redirected to your site, where your browser picks up that session The result: you're logged in without a password ever crossing the wire. For logging into your mySites.guru account itself, we also support [passkeys](https://mysites.guru/blog/passkeys-for-secure-login-to-mysites/) — so you can go fully passwordless end to end. ## Setting it up One-click login is an **opt-in feature**. To enable it: 1. Connect your site to your mySites.guru account 2. Go to the **Settings Tab** on the Manage Site page 3. Select the admin user you want to log in as Once configured, every admin link within mySites.guru automatically becomes a one-click login button. ## The auto sign-in dashboard Need to jump between multiple sites quickly? The [Secure Auto Sign In](https://manage.mysites.guru/auto-sign-in/) dashboard lists all your connected sites with a login button next to each one. You can also choose which user to log in as, per site. Three ways to get there: - Press **ll** (two lowercase L's) from anywhere in mySites.guru - Press **Cmd+K** to open the [command palette](https://mysites.guru/blog/our-command-palette-navigation-with-cmdk/) and search for "Secure Auto Sign In" - Use the Tool Finder ![Screenshot of mySites.guru auto sign-in dashboard](../../assets/img/blog/CleanShot-2024-11-20-at-14.52.31@2x-1024x586.webp) ## Sites with .htaccess protection If your admin area is behind .htaccess basic auth, you have two options: - **Store the credentials** on the site's settings page in mySites.guru so login is fully automatic - **Enter them once manually** when prompted — your browser caches .htaccess credentials until you restart it, so you'll rarely need to re-enter them ## The mySites.guru Command Palette Navigation URL: https://mysites.guru/blog/our-command-palette-navigation-with-cmdk/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Press Cmd+K anywhere in mySites.guru to open the command palette and instantly navigate to any site, tool or account setting without touching the mouse. One of the quickest and easiest ways to navigate an application is with a Command Palette Navigation. The service at mySites.guru has a huge list of tools for you to use in its command palette - just press cmd k / ctrl k to invoke and navigate the whole service with a few keystrokes, The command palette in your [manage.mySites.guru](https://manage.mysites.guru/en/register) account includes all menu options for quick and easy navigation, this includes all Account Functions, like changing your password and viewing your invoices. All your sites are also included, so if you have 100 sites you can quickly and easily navigate to any site's manage site page - or any of the [Ultimate Toolset for Joomla/WordPress](https://mysites.guru/) from anywhere, just press Cmd k, type a few chars of your sites name or domain, and then click enter (or select it from the list) You can also access most of the [WordPress Ultimate Toolset](https://mysites.guru/) from the commands in the command palette. The whole point here is that you don't need to click through the tool finder or remember complicated things -**just invoke with cmd k and then search for a tool or feature** - with 100s of tools/features its quick and easy to find what you need. ![The mySites.guru command palette that can be invoked with cmdk](../../assets/img/blog/ScreenShot-2024-02-02-17.04.03-1024x512.webp)*The mySites.guru command palette that can be invoked with cmdk* ## Command palettes are not a new thing! Some of the other advantages command palettes bring when done correctly also include: - **They make the user experience faster. **You don't have to take your hands off the keyboard. No clicking into menus, remembering where a feature lives. Just cmd+k and type. - **They aid discoverability.** You don't need to know if functionality exists - type what you want and find out if it does and where it is. - **You can always find what you're looking for.** Design trends and long-lived software mean that the UI can change. If you’re using a command palette, you don’t need to know where functionality has moved in the UI, you just search for it. - **They make your product look sleeker and more inviting. **You can hide functionality from the UI, avoiding cluttering the screen, overwhelming folks with options, or confusing them with multiple sub-menus. - **Accessibility. **They can be implemented to help users with disabilities by providing keyboard shortcuts or screen reader support. You can read more about the past, present and future over at [https://www.commandbar.com/blog/command-palette-past-present-and-future/](https://www.commandbar.com/blog/command-palette-past-present-and-future/) although we still dont believe that AI is worth the hype and will never replace much of what its hyped to replace - command palettes bring quick and easy navigation to large applications. ## The Google Chrome Command Palette If you are using Google Chrome, then you already have an app that has a command palette built in! The console has a command palette that allows easy access to all features - to invoke that open your Inspector (console), focus it, and press cmd p (or ctrl p on windows) ro open a resource or SHIFT CMD P to open the full command palette to run commands.: ![The Google Chrome Command Palette](../../assets/img/blog/ScreenShot-2024-02-02-17.14.58-1024x693.webp)*The Google Chrome Command Palette* I use it mainly to disable Javascript for testing - ![ScreenShot 17.17.58](../../assets/img/blog/ScreenShot-2024-02-02-17.17.58-1024x325.webp) Cmd P (ctrl P on windows) is a common keystroke for command palettes for obvious reasons. SublimeText also has a command Palette - ![The Sublime Text command palette](../../assets/img/blog/ScreenShot-2024-02-02-17.18.46-1024x607.webp)*The Sublime Text command palette* ## The best command palette in existence? that has to be GitHub! Yes its true, the best command palette we use daily is the one from GitHub which is invoked on any github.com repo with Cmd k / ctrl k ![The GitHub command palette](../../assets/img/blog/ScreenShot-2024-02-02-17.20.34-1024x755.webp)*The GitHub command palette* from this interface you can navigate pretty much anything in your repository - or even press the delete button to break out of the current context and load different contexts or search across the whole of GitHub - it really is the best ever command palette integration we have ever seen! ![The GitHub command palette image](../../assets/img/blog/ScreenShot-2024-02-02-17.21.42-1024x838.webp)*The GitHub command palette* ## Did you know WordPress has a Command Palette? No neither did I until researching this blog post! You can learn more about the [WordPress Command Palette](https://learn.wordpress.org/tutorial/working-faster-with-the-command-palette/) on the official [learn.wordpress.org website](https://learn.wordpress.org/tutorial/working-faster-with-the-command-palette/). To access the WordPress Command Palette, simply open the Site Editor or a page or a post and use the keyboard shortcut command K on Mac or control K on Windows. You can also find it in the sidebar of the site view by clicking on the Search icon or the title bar of a template or page. Once you open the Command Palette, you will see a list of available commands. ![Image](https://mysites.guru/img/blog/image-14.gif) ## Bonus: mySites.guru Keyboard Shortcuts! if you press the question mark on your keyboard (shift / on my mac) then you will get to the [Keyboard Shortcuts page](https://manage.mysites.guru/en/help/keyboardshortcuts) describing other keyboard shortcuts you can use from anywhere. These include some of the most commonly used tools such as: - the [Mass Remote Installation Of Plugins](https://mysites.guru/blog/install-a-joomla-extension-or-wordpress-plugin-to-1000-sites-with-ease-using-mysites-guru/) (keyboard shortcut: m i) - the [Mass Update WordPress/Joomla Sites Tool](https://mysites.guru/blog/how-to-mass-upgrade-joomla-and-wordpress-sites-from-one-dashboard/) (keyboard shortcut: m u) - the [Available Upgrades & Extension/Plugin Updates](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) (keyboard shortcut: u) You can even toggle dark mode from anywhere simply by pressing d Want to quickly logout? Press shift l (thats basically a capital L to logout) Want to get back to your list of sites? (s) or just view WordPress Sites (w) So many [more keyboard shortcuts](https://manage.mysites.guru/en/help/keyboardshortcuts) are available in your mySites.guru account. ![Just some of the long list of keyboard shortcuts in the mySites.guru service](../../assets/img/blog/ScreenShot-2024-02-02-17.01.54-580x1024.webp)*Just some of the long list of keyboard shortcuts in the mySites.guru service* ## Over 74,000 Joomla and WordPress Sites trust mySites.guru service URL: https://mysites.guru/blog/over-66000-joomla-and-wordpress-sites-trust-mysites-guru-service/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru celebrates 75,000+ connected sites — with 500 new Joomla and WordPress sites added monthly and daily code deployments improving the platform. ***Just two months ago**, we were here announcing that [mySites.guru had surpassed 65,000 connected Joomla and WordPress sites](https://mysites.guru/reviews/).* Today we celebrate a new milestone in [mySites.guru](https://mysites.guru/) history! **75,000+ Sites!** On average, [our amazing subscribers](https://mysites.guru/reviews/) are adding 500 new Joomla or WordPress sites a month to our service, that's 6000 sites a year! > *mySites.guru is a unique service to assist you in ensuring [all your Joomla and WordPress sites](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/) are [following the best practice](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/), have [backups](https://mysites.guru/blog/backup-all-your-joomla-wp-sites-easily-with-one-button-in-mysites-guru/), are [monitored](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/), and gives you a [suite of unique tools](https://mysites.guru/blog/security-audit-tools/) to investigate under the hood of your site, [checking each and every line of code](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) in your webspace for hacks are much much more… * > Sign up today at [https://manage.mysites.guru/](https://manage.mysites.guru/en/register) ## **This is another period of incredible growth!** Yeah any service can [backup](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/), [update](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) and [monitor](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/) a site. **But not all services are created equal**. Ours is invested into daily, new code deployed multiple times a day – every day. We react and respond to emerging threats, add new hack signatures and patterns daily, and our detection of Joomla and WordPress hacks in file is second to none due to my hands on approach to investigating every single hack personally. We have been adding some amazing new features, some announced in [our blog ](https://mysites.guru/blog/), but many not, the blog posts include: - [How to hide 1000s of Post Installation Messages on 1000s of sites](https://mysites.guru/blog/how-to-hide-joomla-post-installation-messages-on-1000-sites-with-one-click-with-mysites-guru/) - [How to snapshot all your Joomla sites with one click](https://mysites.guru/blog/snapshot-all-your-sites-with-one-click-at-mysites-guru-the-joomla-and-wordpress-control-panel/) - [How to backup all your sites with one click - with mySites.guru](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) - [Security Headers - Check 8 server headers your site should have](https://mysites.guru/blog/check-your-websites-security-headers-with-mysites-guru/) - and much more, in summary, [listed in our change log](https://manage.mysites.guru/en/changelog) ## On Christmas Day 2020 we revealed a brand new platform The new platform is now Powered by PHP 8 - yes that's right, bang up to date PHP version, and also running Symfony 5.2.1, bang up to date. This means we can now power ahead in releasing new features at an incredible rate and be future proofed. We also removed a lot of the technical debt that we had gained over the years, deleting over 500,000 lines of code, and deploying over 1million lines of code! ## Thank you. > *"I just want to say a personal thank you to all those that are subscribers and have been since we launched in 2012, you know who you are - your energy, suggestions and feature requests keep me on my toes daily striving to be the best service that we can possibly be.*" > > > ~Phil Taylor - Founder of mySites.guru ## Schedule Audits, Updates & Backups URL: https://mysites.guru/blog/schedule-your-security-audits-updates-backups-for-your-site-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Configure time-based and action-based schedules for security audits, snapshots, updates and Akeeba backups across all your mySites.guru connected sites. In this blog post we are going to explore some options available for scheduling actions within [mySites.guru](https://mysites.guru/), for Joomla and WordPress. These include the [audit](https://mysites.guru/blog/security-audit-tools/), [snapshots](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/), [backups](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) and [updates](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/). The mySites.guru service runs a powerful scheduler. This is **time based** and also **action based**. ## Audit Schedule For example. Audits are run either daily, weekly, or monthly, based on the last time an audit was taken. The time based part is "daily/weekly/monthly" and the action based part is the "time an audit was last taken". If you manually start an audit then the time is reset, and your schedule is based on that time. So the next audit will be a week after that time (or a day/month depending on what you select) Please note: We only run one audit per hostname (server hostname) at a time, and queue any others that are due on the same server to restrict the load we place on a single server. No one wants 100s of audits of sites on the same server at the same time... not even us! The audit scheduler allows you to see your chosen schedule, and if you have chosen to disable the schedule you can see that too. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-07-at-04.08.25-1024x308.webp) ## Backup Schedule mySites.guru has support for [Akeeba Backup for Joomla and WordPress](https://mysites.guru/blog/unlimited-backup-schedules/), and (currently) [All-in-one Migration Plugin](https://mysites.guru/blog/unlimited-backup-schedules/) for WordPress. Again, you can set [daily, weekly, or monthly backup schedules](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) in your mySites.guru account, you can even [start backups from the same screen](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) or queue the start of [backups on all your Joomla and WordPress sites](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/). ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-07-at-04.10.43-1024x393.webp) ## Updates Schedule The updates scheduling is slightly different. You don't specify a time for updates of extensions and plugins to happen, you can [enable auto updates for any extension](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/) on a per site, or per update site basis ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-07-at-04.25.16-1024x201.webp) On the next [snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) we take (currently twice every 24 hours) if we spy that an [update](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) is available, then we will attempt to [apply the update](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/), and notify you (according to your preferences) if the update was successful or not. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-07-at-04.26.09-1024x177.webp) You can view the result of the scheduled updates in your account too ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-07-at-04.23.05-1024x690.webp) ## Bonus 1: White label Reporting Scheduler Upcoming in the mySites.guru service shortly, you will also be able to schedule white label reports to be sent to you or your clients about their sites, a subset of sites or just one site. *More on this soon. Shhh its a secret!* ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-07-at-04.32.46-1024x508.webp) ## BONUS 2: Real-time Triggers & Near Real-time Alerting Not so much scheduled, but in almost real-time, the mySites.guru service can alert you to events happening on your website such as - When a user logs in - When a new user is created - When a non-admin tries to login to admin - When your templates file is modified - When your sites configuration file is modified - etc... These alerts are sent to you according to your notification preferences and can be a real lifesaver if your site has been hacked in the past and you want visibility on whats happening. Regular audits also surface [hidden files lurking in your webspace](https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/) that real-time triggers alone won't catch. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-07-at-04.29.00-1024x392.webp) ## How to Find Hacked Files in WordPress & Joomla — Deep Security Audit URL: https://mysites.guru/blog/security-audit-tools/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Surface-level scanners miss hidden malware. Learn how a file-level audit checks every line of code against 20,000+ patterns and 14,000+ known hack signatures to find backdoors other tools miss. Think your WordPress or Joomla site is clean? Surface-level scanners only see what a browser sees. A proper security audit digs into every file in your webspace — and that's exactly what the mySites.guru audit does. Want to try it? **[Run a free site audit](https://mysites.guru/free-audit/)** with no credit card required. In this post I'll walk through how the mySites.guru security audit works, what it checks, and why it catches things that other tools miss. [Connect unlimited sites to the mySites.guru service](https://mysites.guru/blog/manage-all-your-joomla-sites-extensions-with-mysites-guru/), then you can run **UNLIMITED** audits of your **UNLIMITED** sites on demand, or schedule them to run daily, weekly or monthly. > Some [other services](https://watchful.net) **claim** to have an "audit" tool. Most of the time they mean they have implemented the [Sucuri SiteCheck API](https://sitecheck.sucuri.net/), which only "scans" your site as a visiting browser would, **it doesn't check the files in your webspace**, and **doesn't find anything that is hidden under the surface** of your rendered webpages. **Be warned.** Not all "Audits" are in-depth and comprehensive! > > > Make sure you compare apples with apples. Not everyone claiming to be an "apple" is. At the start of every audit we also run our [snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) tools, [capturing over 100 quick checks of your site](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/). Added to the audit that's even more checks! The audit first compiles a list of all the folders in your webspace - without exceptions - and then grabs a list of the files in those folders. We then run an exhaustive process which includes: - Identifying it the file is a core Joomla or WordPress file - If it's a core file, identifying if that file has been modified since release - If the core file is modified, doing a comparison with the original file - Storing the md5 hash of the file for future comparison - Looping through every single line of code in every single file - Searching every single line of code, for one of nearly 2000 patterns of previous hacks we have seen, and if found marking a file as "suspect" - Checking the md5 hash of the file against over 14,000 specific md5 hashes of previously declared "hacked" files. There are no false positives, each of these 14,000 md5 hashes has been manually checked and confirmed to match a file which is hacked - We check the created, modified and other metadata of each file, including the EXIF data on images (where hacks are known to reside!) - We identify any encrypted files, PHP error logs, Archive files, files over 2mb in size, zero byte files and many other classifications Once the audit is over we notify you so you can login to and review the results. The screenshot below shows the first three sections of the audit tab. ![ScreenShot 17.48.05](../../assets/img/blog/ScreenShot-2024-01-29-17.48.05-1024x950.webp)*Example Audit Results (truncated)* As you can see we display the audit results in the same format as the [snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) tab, with the number of problems, name of the tool, a link to any video, a helpful [learn more page](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/), and a button used to investigate our findings. ## Suspect Files Tool Our most popular tool is the [suspect content tool](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/). This is the tool that lists all the files that have matched either our 20000ish regex patterns, or one of our 14,000 md5 hashes. Just because a file is listed doesnt mean its hacked, unless we specifically state so, as the regex pattern matches are designed to raise false positives and highlight other things (like hidden spammy links to template providers!). If your file is a [known backdoor for a hacker - we mark it as such](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/)! ![Example hacked file content ](../../assets/img/blog/ScreenShot-2024-01-29-17.50.42-1024x363.webp)*Example hacked file, this one is an insecure form that allows anyone to upload any file their like to the webspace!* ![ScreenShot 17.52.24](../../assets/img/blog/ScreenShot-2024-01-29-17.52.24-1024x277.webp)*This example is a "pretend" image that actually has [hackers code](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) embedded into the image to allow the hacker to run any PHP code it likes - this specific example is part of a larger hack* By clicking any of the file names, you can see a preview of the section of the file we think is suspect. You can also see when it was modified, its size, and its permissions. You can use our tools to edit the file directly in mySites.guru and then save the changes, and we will upload them to your site - no need to find your FTP Client! You can also delete the whole file with a single click. ## Hacked Hashes ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-03-31-at-00.17.53-1024x378.webp)*Example export from our database.* One of the things that sets us apart from most other services, is that we crowdsource data on hacks and backdoors. In practice, this means that once a hack is discovered and confirmed on one Joomla site (for example), patterns and regexp are created, approved, and rolled out to the [75,000+ sites](https://mysites.guru/blog/mysites-guru-connected-to-74000-joomla-and-wordpress-sites/) the next time they are audited. Including your sites! This means you benefit from the discovery of emerging hacks and trends we see on other sites. Our system is totally dynamic and self-improving, even without human interaction and people often find hacks on their site when they add them to mySites.guru, that have been left dormant for years, or badly cleaned on previous clean ups. ## Fully automated improvements to our detection Furthermore, we can manually improve the audit (and we do) multiple times a day, and with our automatic rollout/upgrade of our tools connector on your site - you get the very latest protection without having to manually upgrade our connector! ## File Information Tools ![ScreenShot 17.55.50](../../assets/img/blog/ScreenShot-2024-01-29-17.55.50-938x1024.webp) One of the main sections in the mySites.guru audit tab is the list of File Information Tools. These allow you to investigate a list of files that match certain classifications, such as encrypted files, or files over 2mb. The audit also surfaces [hidden dot-files and dot-folders](https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/) that most file managers never show you and that hackers routinely exploit. Over the years these are the tools we have used to identify new and emerging hacks, or to look for something specific, like files that allow file uploads or sending email for example. ## Conclusion The mySites.guru audit is unlike any other service you will read about. **We do not buy in someone else's API**, all our hack detection is based on over a decade of real life hacks for Joomla and WordPress (and not generic rule based detection like others) **If your site is hacked, mySites.guru will discover that**, and inform you, and give you the tools you need to fix your site yourself! After all, mySites.guru was created because, at the time, I was doing all this manually myself to fix hacked client sites and I needed a way to automate much of what I did. ## BONUS: Out of your depth? Need help? If the mySites.guru audit finds your Joomla or WordPress site is hacked, and you are unsure how to fix it with our tools, or just want us to take care of everything for you, you can escalate this to us using the service at **[https://fix.mysites.guru/](https://fix.mysites.guru/)** for **SET FEE priced hack fixes.** Not a subscriber yet? **[Start with a free site audit](https://mysites.guru/free-audit/)** — no credit card, no commitment. Connect your site and see what's hiding in your webspace. ## The Agency Dashboard for All Your Sites URL: https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites The mySites.guru main dashboard surfaces SSL status, update counts, audit alerts, uptime and more for every connected Joomla or WordPress site at a glance. In today's blog post we are going to highlight some features that allow you oversight of all your sites principle information - in a single place - the mySites.guru dashboard for [managing multiple WordPress sites](https://mysites.guru/blog/manage-multiple-wordpress-sites/). Having this information to hand, instead of spread over disparate systems, spreadsheets, post-it-notes allows you to make decisions much faster and see at a glance what needs doing. ## The Main Sites List The first page you get to after login is the main list of your sites. ![ScreenShot 21.43.43](../../assets/img/blog/ScreenShot-2024-01-29-21.43.43-1024x745.webp)*The Main Sites List In Your Account* This page brings together all your Joomla and WordPress sites. In a single mySites.guru account you can have UNLIMITED sites of any platform. On this page we list the most important information visually, so you can immediately see: - Number of [tags on a site](https://mysites.guru/blog/how-to-tag-sites/) - Audit not yet viewed notification - No SSL Certificate used on site - Number of [updates available](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/) per site - The site's server PHP Version - The sites's platform (Joomla/WordPress) version - If the site is [hacked](https://mysites.guru/blog/how-to-fix-a-hacked-joomla-or-wordpress-site-with-mysites-guru/) For version numbers, we highlight them green if the latest version, orange if out of date and red if end of life. From this page you can even export a CSV List of your sites and their overview information for processing in a spreadsheet or other system. You can also use the quick links to view your site, or, if configured, use the admin link to Auto Login to your Joomla/WordPress Admin console - a single click login! ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-03-29-at-16.15.01.webp)The globe icon = Site frontend The link icon = One Click Admin Login ## The left menu - Check Important Items Depending dynamically on the information we have on your sites, your left menu will also have some important checks as menu items to filter your sites list. ![ScreenShot 18.11.09](../../assets/img/blog/ScreenShot-2024-02-02-18.11.09-348x1024.webp)*Left Menu* These are just some of the menu items that can be visible based on the data on your sites, bringing together, in one place, a list of tasks you can undertake to get your sites in better shape, to allow you to see the [updates available](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/) on your sites and then by clicking the menu links, to filter your sites by that item - showing which sites you need to take action on. ## Other Site Information - SSL Expiration Dates Just to highlight some other menu items that bring together your site data in one place, you can find the "Other Site Information menu group, this contains several items such as: - **Your Webservers, by hostname** - a list of your server hostnames and the filter to see which sites are on which servers - **Your Joomla Extensions** - a complete set of tools for viewing and managing your Joomla extensions, and listing which sites they are on, and their versions and data - **Your Joomla Update Site**s - a list of all the Joomla Update Sites for your extensions, and the ability to set and disable automatic extension/plugin updates - **Your Site Screenshots** - FREE graphical screenshots of the home page of every site you have in your account, and links to enable a public "show off" page of these. - **Your SSL Certificate Expirations** - see below... ## Example: SSL Expiration Dates One of these "Other Site Information" Menu items is for SSL Expiration Dates. On this page we bring together in one place, a list of all your sites with SSL Certificates installed, and list, by expiration date, their certificate issuers and expiration date. The items nearer the top will expire first (But dont worry, mySites.guru checks your site several times a day with the [Snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/), and if your SSL is getting close to expiration we alert you by email!) ![ScreenShot 17.46.57](../../assets/img/blog/ScreenShot-2024-02-04-17.46.57-1024x674.webp) In this post, we have highlighted some of the ways mySites.guru brings your data together from UNLIMITED Joomla and WordPress sites, and makes it available in a single powerful dashboard on which you can depend. ## Site Management Is More Than Just Updates URL: https://mysites.guru/blog/site-management-is-about-more-than-just-upgrades-backups-and-uptime-monitoring/ Date: 2024-03-11 Tags: site management, security audits, best practice, hack detection, wordpress Category: Manage Multiple WordPress Sites Real site management means security audits, best practice checks, and hack detection — not just bulk updates, backups, and uptime pings. "Managed site hosting", "managed server hosting", "managed updates" — you hear it everywhere. But **there is so much more than updates, backups, and monitoring** needed to run a successful agency full of sites. ![mySites.guru logo on dark background](../../assets/img/blog/my-sites-guru-logo-1280x720-1067x600-1024x576.webp) At mySites.guru, we manage [tens of thousands of Joomla and WordPress sites](https://mysites.guru/blog/over-66000-joomla-and-wordpress-sites-trust-mysites-guru-service/), backed by [over a decade of experience within the Joomla project](https://www.phil-taylor.com), delivering architectures for large companies, small companies, and digital agencies. There is so much more to website management than running bulk updates, backups, and checking for uptime. Plenty of services exist for WordPress, and a handful for Joomla — but very few **handle both platforms** the way mySites.guru does. Even the big players like GoDaddy have bought companies like ManageWP and rebranded it [GoDaddyPro](https://www.godaddy.com/en-uk/pro/hub-dashboard) (WordPress only, though). Building a tool that does mass updates, backups, and uptime is table stakes. We've watched companies attempt it as a side project with contract help. The hard part is everything else. ## So why is mySites.guru different? If you run a digital agency or freelance, you need [a complete solution](https://mysites.guru/blog/add-unlimited-joomla-and-wordpress-sites-to-mysites-guru/). Not just another updates dashboard. **Site management is hard work.** When a customer calls saying their [site is hacked](https://mysites.guru/blog/how-to-fix-a-hacked-joomla-or-wordpress-site-with-mysites-guru/), they blame you, not their underinvestment. We get it. **[Best practice](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) is the key to preventative maintenance.** But it's hard to keep on top of, hard to consistently apply to all sites — especially when you've moved on to the next build or customer, and new attacks keep appearing. **When a site gets hacked**, you need the [tools to investigate and fix the hack](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) yourself, and you need [someone to escalate to for bigger issues](https://fix.mysites.guru/). We've got your back on that too. **Handling 100–1,000 websites is a full-time job.** Or at least it should be. Many agencies can't spare a person to do it full-time, and many customers don't want to pay for maintenance — until everything goes wrong. You don't always have time to check every setting on every site, especially the one the customer still hasn't paid for. **Your datacenter and VPS provider** only care about power and connectivity. They don't help with site problems, hacks, or brokenness. It's never their problem. Sometimes you just need [an expert](https://fix.mySites.guru/) who can talk the talk with your web host and get them to actually make changes. ### What mySites.guru gives you beyond updates, backups, and uptime From day one, [mySites.guru](https://mysites.guru/) has been an [unlimited service at a set price](https://mysites.guru/pricing/) for [unlimited sites](https://mysites.guru/blog/add-unlimited-joomla-and-wordpress-sites-to-mysites-guru/), with a [toolset](https://mysites.guru/blog/security-audit-tools/) that goes well beyond what's listed on the [features page](https://mysites.guru/features/). Every new customer gets a [free month of service](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) so you can use the tools on your own sites and see what's really going on under the hood. ℹ️ Not your typical site management dashboard This is a unique toolset not found elsewhere — security audits, hack detection, and best practice enforcement built into every plan. ![mySites.guru Snapshot results showing best practice checks across multiple site categories](../../assets/img/blog/snapshot-1024x538.webp) #### The Snapshot The [mySites.guru Snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) instantly checks your site against a large number of best practice criteria and reports results within seconds, with links to explore any issues found. ![mySites.guru Audit results showing file-level security scan with flagged items](../../assets/img/blog/audit-1024x538.webp) #### The Audit The [mySites.guru Audit](https://mysites.guru/blog/security-audit-tools/) goes deeper than the Snapshot. It compiles a list of every file in your webspace and checks each line of code, looking for hacks and malicious patterns. What we check for improves daily as more crowdsourced data is added. A [hack found on someone else's site](https://mysites.guru/blog/how-to-fix-a-hacked-joomla-or-wordpress-site-with-mysites-guru/) gets added to the detection rules, so your next audit catches it too. We don't "scan" your site from the outside like some other vendors do. [We look at every single line of code](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) and every image, flag anything suspect, and give you tools to dig into the results. That same deep scan also turns up [hidden files most site owners don't know exist](https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/) -- dot-files, leftover scripts, and system files that can become real problems. 💡 Deep visibility into your sites The Snapshot and Audit each include dozens of tools for digging into what's actually happening on your sites. ![mySites.guru dashboard showing site overview with security and update status](../../assets/img/blog/50-1024x576.webp) #### Learn More Pages Every tool is well documented. The [mySites.guru Learn More pages](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) explain what we looked for, what we found, why it matters, and link to external resources if you want to go further. ## And much more Here's a quick rundown of what else mySites.guru offers. The **[Features page](https://mysites.guru/features/)** has everything, or [get in touch](https://manage.mysites.guru/contact) if you have questions. [A Single Dashboard](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/) for [Unlimited Sites](https://mysites.guru/blog/add-unlimited-joomla-and-wordpress-sites-to-mysites-guru/) • [Best Practice Checks](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) • [Snapshots](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) •[Suspect Content Tool](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) • [Periodic Auditing](https://mysites.guru/blog/security-audit-tools/) • [Find hacks and backdoors](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) • [Rock Solid Backups](https://mysites.guru/blog/backup-1000s-of-joomla-and-wordpress-sites-with-ease-with-mysites-guru/) • Toggle Fixes • [One Click Login](https://mysites.guru/blog/one-click-login-to-any-joomla-or-wordpress-admin-console-with-mysites-guru/) • [End-Of-Life Support](https://mysites.guru/blog/end-of-life-supported-versions/) •[Version Tracking](https://mysites.guru/blog/end-of-life-supported-versions/) • [Scheduler](https://mysites.guru/blog/schedule-your-security-audits-updates-backups-for-your-site-with-mysites-guru/) • [Generate Screenshots](https://mysites.guru/) • [SSL Checks](https://mysites.guru/blog/keep-an-eye-on-your-joomla-and-wordpress-ssl-certificate-expirations-with-mysites-guru/) • [White Label Client Reporting](https://mysites.guru/blog/whitelabeled-client-activity-reports-for-joomla-and-wordpress-sites/) • [Supports WordPress & Joomla, even very old versions](https://mysites.guru/blog/end-of-life-supported-versions/) • [Mass Plugin Installer](https://mysites.guru/blog/install-a-joomla-extension-or-wordpress-plugin-to-1000-sites-with-ease-using-mysites-guru/) • [Uptime Monitoring](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/)/[Alerts](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/) • Action Logs •[Extension Management/Tracking](https://mysites.guru/blog/top-50-joomla-extensions/) • [Team Accounts](https://mysites.guru/blog/manage-multiple-joomla-and-wordpress-sites-with-your-whole-team/) • [Lighthouse Performance Audits](https://mysites.guru/blog/how-to-test-your-site-performance-with-lighthouse-audits-in-mysites-guru/) • [Automatic Updates](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/) • [Mass Updates & Upgrades](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/) • Tagging • [Real Time Alerting](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/) • [Fix a Hack](https://mysites.guru/blog/how-to-fix-a-hacked-joomla-or-wordpress-site-with-mysites-guru/) • [One Click Backup](https://mysites.guru/blog/backup-all-your-joomla-wp-sites-easily-with-one-button-in-mysites-guru/) • [Security Headers Checks](https://mysites.guru/blog/check-your-websites-security-headers-with-mysites-guru/) •[Unlimited Backup Schedules](https://mysites.guru/blog/unlimited-backup-schedules/) • [Public Uptime Status Pages](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/) ## Tools for Managing Multiple Sites URL: https://mysites.guru/blog/snapshot-all-your-sites-with-one-click-at-mysites-guru-the-joomla-and-wordpress-control-panel/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites The mySites.guru Snapshot All button refreshes version data, security checks and best practice results across every connected site in one click. *Ok another Friday release - we deploy 7 days a week, and especially on a Friday, our favourite day for features to be released* and deployed! Earlier in the week we [reinstated the "Backup All" sites button](https://mysites.guru/blog/backup-all-your-joomla-wp-sites-easily-with-one-button-in-mysites-guru/), this time its the "Snapshot All" button! One of the most requested features this week was the ability to **update the snapshot of all sites in one go**. This is useful just before a [mass update of Joomla or WordPress sites](https://mysites.guru/blog/how-to-mass-upgrade-joomla-and-wordpress-sites-from-one-dashboard/). [The mySites.guru snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) is the quickest collection of data we run. Whereas the [audit requires us to look at every single file in your webspace](https://mysites.guru/blog/security-audit-tools/), and then [audit every single line of every single file,](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) the snapshot is looking for very specific things. Some of the data is version numbers, PHP Version, Joomla Version, WordPress Versions, PHP Configuration settings etc. Some of the data is specific checks, looking at specific configuration options in your site to ensure you are following all the best practice we are promoting. We also [look for specific hacks](https://mysites.guru/blog/how-to-fix-a-hacked-joomla-or-wordpress-site-with-mysites-guru/) that are quick to find. ## The new "Snapshot All" button This weeks most requested feature was a new Snapshot all button. > Actually mySites.guru had this button way back in 2012 when we first launched when we only had a few sites and we did not need to worry about scaling our service > > It was removed when we started getting busy :) ![ScreenShot 19.27.20](../../assets/img/blog/ScreenShot-2024-02-05-19.27.20.webp) You can find the new button at the top right of the [main sites overview page](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/), this page shows some of the version numbers and results of the snapshot. ![ScreenShot 19.26.50](../../assets/img/blog/ScreenShot-2024-02-05-19.26.50-1024x731.webp) Once you press this button, we will user a job into our queue for each site, with a short load balancing delay to not overload your web servers, and snapshot each site. This will also update the [list of updates available for each site](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/). You can then carry on using mySites.guru as we will do this in the background for you, and update the data as soon as we receive replies from your web servers. > This is just another example of customers asking for features, and us responding to that feedback - not in a matter of months or weeks, but in hours or days. mySites.guru is the ONLY service that iterates as fast and deploys to production many times a day > > > Join us today - [get your first month free!](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) ![First Month Free](../../assets/img/blog/first-month-free.webp) ## The Best Multi-Site Management Dashboard URL: https://mysites.guru/blog/the-best-dashboard-for-unlimited-joomla-and-wordpress-sites/ Date: 2024-03-11 Tags: wordpress, joomla, site management, dashboard Category: Manage Multiple Joomla Sites Manage unlimited WordPress, Joomla and PHP sites from one secure dashboard. Security audits, backups, uptime monitoring and more for GBP 19.99/month. Over 75,000 WordPress and Joomla sites are connected to mySites.guru. One dashboard to [manage multiple WordPress sites](https://mysites.guru/blog/manage-multiple-wordpress-sites/), run [security audits, backups, uptime checks](https://mysites.guru/features/) and everything else. Joomla gets the same features, not a cut-down version. The service has been running since 2012 and the [price](https://mysites.guru/pricing/) hasn't changed once. GBP 19.99 per month, **unlimited sites**. ## What subscribers actually think We don't write our own testimonials. Our subscribers post on Twitter/X and other platforms using their own accounts, and we link to those posts on the [reviews page](https://mysites.guru/reviews/). Click through and verify them yourself. ## The WPMayor.com review WPMayor.com published an independent review of mySites.guru: [read it on their site](https://wpmayor.com/mysites-guru-review/). We [wrote some notes](https://mysites.guru/blog/wp-mayor-review-of-mysites-guru/) about it too. ## What you actually get Plenty of multi-site dashboards exist. Very few of them handle Joomla, WordPress *and* arbitrary PHP webspaces in the [same panel](https://mysites.guru/blog/manage-multiple-wordpress-sites/) with identical features across all three. Here's what's included: - [Best practice checks](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) for every connected site - [Hacked file and backdoor scanning](https://mysites.guru/blog/find-hacked-files-and-backdoors-in-joomla-and-wordpress/) - [Uptime monitoring](https://mysites.guru/blog/monitor-your-sites-uptime-with-mysites-guru/) - [Line-by-line security audits](https://mysites.guru/blog/security-audit-tools/) - Akeeba Backup and All-In-One-Backup integration with a [flexible backup scheduler](https://mysites.guru/blog/unlimited-backup-schedules/) - [Real-time alerts](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/) when files change or someone logs into an admin panel Still running Joomla 1.5.26? That works too. mySites.guru is [compatible back to Joomla 1.5.0](https://mysites.guru/blog/end-of-life-supported-versions/). ## Switching from Joomla to WordPress? Remove the Joomla site, [add the WordPress one](https://mysites.guru/blog/manage-multiple-wordpress-sites/). [No extra charge](https://mysites.guru/pricing/), no per-site fees. Same subscription, same price since 2012. ℹ️ Simple pricing GBP 19.99 per month. Unlimited sites, all features included. ## Free for a full month Sign up, connect your sites, use everything. Cancel before the month ends and you pay nothing. [Here's how it works](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/). [![First month free promotion](../../assets/img/blog/first-month-free.webp)](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) ## You talk to the developer, not a support team mySites.guru support means talking to [Phil Taylor](https://www.phil-taylor.com/) directly. Phil built the service, has been in the Joomla ecosystem since the Mambo days, and was one of the top code contributors to Joomla 4. No ticket queue, no first-line script readers. You [talk to the person who wrote the code](https://fix.mySites.guru/). ## Site hacked? Fixed fee to clean it up Phil can recover hacked WordPress and Joomla sites for a flat fee, no hourly billing. Details at [fix.mySites.guru](https://fix.mySites.guru/). [![Fix your Joomla or WordPress issue today](../../assets/img/blog/fix-1024x576.webp)](https://fix.mySites.guru/) ## The Joomla 3.10.999 Project URL: https://mysites.guru/blog/the-joomla-3-10-999-project/ Date: 2024-03-11 Category: Joomla Phil Taylor's Joomla 3.10.999 project backported critical security patches to end-of-life Joomla 3 sites. Here's what it was, why it existed, and what you should do now. Joomla 3 reached [end of life](https://mysites.guru/blog/end-of-life-supported-versions/) in August 2023. Since that date, the Joomla Project has not released any further security updates for the 3.x series. If you're still running Joomla 3, your site is unpatched and exposed. ## What was the 3.10.999 project? Every time a major Joomla series hits end of life, Phil Taylor publishes what he calls the "dot 999" project. It's a reference repository: the last official release from the supported series, plus community-sourced security patches to keep sites minimally secure after official support stops. Phil did this for Joomla 1.5, Joomla 2.5, and Joomla 3.10. Most of the patches came from community contributors and from Phil's own work. The projects sit alongside two other long-running community resources: the [community hosted mirror](https://mirror.myjoomla.io) (goes back to the Mambo days) and the [core files service](https://corefiles.myjoomla.io) (every Joomla file ever officially released). All three projects are on GitHub: - [Joomla 1.5.999](https://github.com/PhilETaylor/Joomla1.5.999) - [Joomla 2.5.999](https://github.com/PhilETaylor/Joomla2.5.999) - [Joomla 3.10.999](https://github.com/PhilETaylor/Joomla3.10.999) These are reference repos only. They document the recommended changes to keep sites minimally secure. They were never intended to be complete, forward-compatible, or tracking the latest PHP releases. There are no custom update servers. You grab what you need and apply it yourself. ## If you're still on Joomla 3, it's time to move Joomla 3 has been end of life since August 2023, over two and a half years now. The latest supported series is Joomla 6, and the migration tooling has come a long way since the early Joomla 4 days. Running an unsupported CMS means no security patches and no compatibility fixes. Hosting providers are already dropping the older PHP versions that Joomla 3 needs, so breakage is coming whether you plan for it or not. The 3.10.999 project was always a stopgap, not a destination. If you haven't migrated yet, now is the time. ## Fix every known Joomla 3 vulnerability with one click Downloading patches from GitHub and manually editing 55 files per site is fine if you have one or two sites. If you manage dozens or hundreds of Joomla 3 installations, it doesn't scale. That's why mySites.guru built the Joomla 3 Patch Tool. It's a single toggle that applies every known security fix from the 3.10.999 project directly to your sites. No manual file edits, no separate subscription. [Read the full guide to the Joomla 3 Patch Tool](https://mysites.guru/blog/how-to-fix-joomla-3-security-issues-with-a-single-click/) ### How it works The patch tool is in the Site Snapshot for each Joomla 3.10.12 site in your mySites.guru account. Flip the toggle on and the mySites.guru connector compares MD5 hashes of every file that needs patching against the expected patched versions. Anything that doesn't match gets replaced. Flip it off and the files revert to stock 3.10.12. Fully reversible. ### What it patches The tool modifies 55 files covering every known vulnerability disclosed since Joomla 3.10.12: - 9 separate XSS vulnerabilities across media selection fields, mail address outputs, filter code, StringHelper, com_fields, wrapper extensions, OutputFilter methods, module chromes, and menu list IDs - Cache poisoning in pagination - Open redirects from inadequate URL validation - Insufficient session expiration in MFA management views - Environment variable exposure - ACL violations in multiple core views - Bug-fix-for-bug-fix patches, where the now-defunct commercial eLTS releases shipped broken code that needed further patching The full CVE list with links to every advisory is in the [patch tool guide](https://mysites.guru/blog/how-to-fix-joomla-3-security-issues-with-a-single-click/). ### Bulk patching across all your sites Got a fleet of Joomla 3 sites? The patch tool has a bulk view that shows every Joomla 3.10.12 site you manage with individual toggles. One screen, all your sites. Jump straight to it at [manage.mysites.guru/en/tools/allsites/Joomla/joomlaconfiguration/joomla3eol](https://manage.mysites.guru/en/tools/allsites/Joomla/joomlaconfiguration/joomla3eol). ### No eLTS subscription required The Joomla Project used to offer a commercial eLTS programme for Joomla 3, but that has since ended. mySites.guru includes all known Joomla 3 security patches as part of your standard subscription. The patches come from the same open-source 3.10.999 project. ### Patched files show up in audits After patching, your mySites.guru security audit will flag the modified files as Core File Changes, because they are changes to the original 3.10.12 distribution. You can inspect every diff directly in the audit tool, so you always know what changed and why. ## Joomla 3 is still everywhere Joomla 3 is end of life, but it still runs on a huge number of sites. Joomla's own usage statistics put 3.10.x at over 35% of reporting installations. If you run a digital agency, you know how it goes: migrating clients takes budget, developer time, and client sign-off. That doesn't happen overnight, and the sites still need protecting while you work through the backlog. The 3.10.999 project and the mySites.guru patch tool are there for exactly that gap. Keep sites secure while you plan and execute the migration to Joomla 6. Add your Joomla 3 sites to mySites.guru, flip the patch toggle, and get on with the migration planning. [Start your free trial](https://mysites.guru/pricing/) - no credit card required. ## Anonymize Data Before Taking Screenshots URL: https://mysites.guru/blog/tip-how-to-anonymize-data-before-taking-a-screenshot-of-your-mysites-guru-account/ Date: 2024-03-11 Category: Manage Multiple Joomla Sites Append ?anon=1 to any mySites.guru URL to instantly replace site names, URLs and user data with randomised values so you can share screenshots safely. We love that people want to share screenshots of our [award-winning tool set for Joomla and WordPress sites](https://mysites.guru/features/), but doing so reveals live site names, or customer names, and we, and you, might not like those immortalized in images - so we have created a quick, easy, and fun way to anonymize data as its rendered on the screen in your mySites.guru account ![Anonymised data dashboard ](../../assets/img/blog/ScreenShot-2024-01-29-21.43.43-1024x745.webp)*All site names, urls, tags and other personal data is anonymised with ?anon=1 in the url. * Another example screen - "Ethan Martinez" is a fake random name. All you need to do is to append **?anon=1** to any URL, and instantly your Site's names, URLs and other data will be magically transformed into randomized data Here is an example link to your list of sites in your account: - [https://manage.mysites.guru/en/sites/?anon=1](https://manage.mysites.guru/en/sites/?anon=1) Huge thanks to several MIT-License open source projects for making this possible. - For Usernames, User Data, Avatars we use [https://randomuser.me/](https://randomuser.me/) - For those cute robots we use [robohash](https://robohash.org) Hope you enjoy this small Easter-egg as much as we do. ## Top 50 Joomla Extensions in 2024 URL: https://mysites.guru/blog/top-50-joomla-extensions/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Real-time ranking of the top 50 most-installed Joomla extensions, pulled live from the mySites.guru database of 75,000+ connected sites. People are always interested in what other people are using to build their Joomla site. We have the data, so while other sites might blog post about this with static information, we thought we would make this REAL TIME and accessible to all our mySites.guru subscribers, updated with data in real time pulling from our database of over 75,000+ sites No Surprises by Akeeba Backup and Joomla Content Editor win hands down. Login to your mySites.guru account (Subscribe today if you have not already) and then head on over to: - [https://manage.mysites.guru/en/extensions/top/50](https://manage.mysites.guru/en/extensions/top/50) For those that are not customers, here is a sneak preview of the top 10 extensions for Joomla, at the end of November 2019. ![ScreenShot 18.59.15](../../assets/img/blog/ScreenShot-2024-02-05-18.59.15-1024x699.webp) ## Want to make sure your site is compatible with Joomla 5? Check out the new mySites.guru [Joomla 5 Technical Requirements Checker](https://mysites.guru/blog/joomla-5-technical-requirements-check/). ## WordPress Debug Constants Explained — WP_DEBUG, WP_DEBUG_LOG & More URL: https://mysites.guru/blog/understanding-wordpress-debug-constants/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites A quick guide to every WordPress debug constant in wp-config.php. Learn what WP_DEBUG, WP_DEBUG_LOG and WP_DEBUG_DISPLAY do, plus a common WP_DEBUG_LOG mistake that exposes your error logs publicly. WordPress has a handful of PHP constants that control how errors are reported. They all live in your `/wp-config.php` file, and most WordPress developers never touch them. That's usually fine until something breaks and you have no idea why. Here's what each one does, when to use it, and a common mistake with `WP_DEBUG_LOG` that could be exposing your error logs to the entire internet. The official docs are over at [WordPress.org's Advanced Administration Handbook](https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/) if you want the full reference. ## WP_DEBUG This is the main switch. Set it to `true` and WordPress will show PHP errors, notices, and warnings on screen. ``` define( 'WP_DEBUG', true ); ``` Leave this on in development, turn it off in production. Simple. ## WP_DEBUG_LOG Instead of printing errors to the screen, this writes them to a log file. Useful for production sites where you don't want visitors seeing PHP warnings. ``` define( 'WP_DEBUG_LOG', true ); ``` **Here's the catch:** this creates a file at `/wp-content/debug.log` which, depending on your server config, is publicly accessible. Worse, [Google has already indexed thousands of them](https://www.google.com/search?q=allinurl%3Awp-content%2Fdebug.log). Gulp. ![allinurl search for wp-content/debug.log](../../assets/img/blog/ScreenShot-2024-02-14-20.20.54-813x1024.webp) Instead of passing `true`, pass a custom filename: ``` define( 'WP_DEBUG_LOG', 'myOwnRandomFileName_as8f6safsif.log' ); ``` Now nobody can guess the URL. ## WP_DEBUG_DISPLAY Controls whether errors show on screen. Set to `false` on live sites so errors get logged but visitors don't see them. ``` define( 'WP_DEBUG_DISPLAY', false ); ``` ## SCRIPT_DEBUG Forces WordPress to load the full, unminified versions of its CSS and JS files instead of the minified ones. Handy when you're debugging front-end issues and need to actually read the source. ``` define( 'SCRIPT_DEBUG', true ); ``` ## SAVEQUERIES Stores every database query in `$wpdb->queries` so you can inspect them. Good for tracking down slow queries, but leave it off in production because it adds overhead. ``` define( 'SAVEQUERIES', true ); ``` ## Checking these across all your sites with mySites.guru Manually checking `wp-config.php` on every site gets old fast. The [mySites.guru snapshot](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) reads your WordPress config and [flags anything that doesn't match best practice](https://mysites.guru/blog/snapshot-all-your-sites-with-one-click-at-mysites-guru-the-joomla-and-wordpress-control-panel/). Most settings have [one-click toggles](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) so you can fix them without editing files. ![constants on one WordPress site](../../assets/img/blog/ScreenShot-2024-02-14-20.03.49-1024x604.webp) You can also view any single constant across all your connected sites at once using the [Ultimate Toolset](https://mysites.guru/features/). Click through any [snapshot tool](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/) to see that value on every site in one view. ![view constant across all sites](../../assets/img/blog/ScreenShot-2024-02-14-20.11.43-1024x587.webp) ## Need someone to fix it for you? If debugging isn't your thing, or you'd rather not deal with it, we offer set-fee site fixes at **[fix.mysites.guru](https://fix.mysites.guru/)**. No hourly billing, no surprises. [![Fix your Joomla or WordPress issue today](../../assets/img/blog/fix-1024x576.webp)](https://fix.mySites.guru/) We haven't raised [our prices](https://mysites.guru/pricing/) since 2012. But if you want to see the toolset for yourself first, you can [use mySites.guru free for a whole month](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/). [![First Month Free](../../assets/img/blog/first-month-free.webp)](https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/) ## Universal User Management Across Sites URL: https://mysites.guru/blog/universal-user-management-for-joomla-and-wordpress-sites/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Universal User Management for Joomla and WordPress with mySites.guru That's right, you can now manage all your users, in all your sites, from a single page - You can change their email address, change their password, assign different roles/permissions and much more! mySites.guru is an award winning service that lets you manage UNLIMITED Joomla, WordPress and other PHP based websites for a single set fee of just GBP19.99 per month - we are often adding new features, some small, some larger. ## The idea behind Universal User Management ### Scenario One: We get it. You are busy running your digital agency, and the customer phones you, disturbing your day, and says they cannot login, they have forgotten their password. Before using mySites.guru you would have to go to their website, remember your own credentials, login, find their user account and reset their password, and then tell them what you changed it to. Now with mySites.guru Universal User Management you can - Go to [https://manage.mysites.guru/en/universal_user_management/](https://manage.mysites.guru/en/universal_user_management/) (Of course you are already logged into mySites.guru and you can find this link in the left menu (or just hit shift twice on the keyboard!) - search for their name, or email address - Click edit next to their user account - change their password - click save - DONE #### STEP ONE - Search ![Screen Shot at 17.53.08](../../assets/img/blog/Screen-Shot-2022-08-21-at-17.53.08.webp) #### STEP TWO - Select one or more user objects found from your 1000s of sites OR click the edit button to edit one user specifically ![Screen Shot at 17.54.33](../../assets/img/blog/Screen-Shot-2022-08-21-at-17.54.33-1024x203.webp) ![Screen Shot at 17.56.35](../../assets/img/blog/Screen-Shot-2022-08-21-at-17.56.35-961x1024.webp) > **AND THATS IT! DONE!!!** ![Screen Shot at 17.58.18](../../assets/img/blog/Screen-Shot-2022-08-21-at-17.58.18-1024x476.webp) ### Scenario Two: You have a member of your digital agency staff leave - maybe on bad terms - and you want to search all your customers sites to see which sites they have access to - now you can do that, you can search for their name or email address - and get back a list of sites that they have user accounts on. You can then block that user, or for now just set a new password for them - that works too. ### Scenario Three: You want to change the name of a user who has recently got married, they want their new surname on all their accounts - yup that's possible across 100s of sites in one go! ### Scenario Four: You want to change the permissions/role of a user - across all sites ### Scenario Five: You just want the ability to search all users on all sites for a specific hackers account, or a specific name or email domain name? - yup you can do that too! ### Another Scenario? I can't list them all - but our beta users have found this feature to be rock solid and they love it - but this is only the start, we wanted to release this early so that you could use it, while we invest more time in the upcoming enhancements ## What's coming soon? - The ability to block a user (WordPress has no concept of blocking a user, so we need to roll our own!) - The ability to remove Two Factor Authentication/Multi-Factor Authentication from a Joomla User - Retrieval of Two Factor Authentication/Multi-Factor Authentication backup codes from a Joomla User so that you can provide your customer with a one-time-only login so they can reenable 2fa/Mfa. - Ability to login as ANY user on ANY SITE - (**You can already do this** with **mySites.guru AutoLogin** on by selecting the user on the settings tab!) - And much more... If you have a use case then[ let me know](https://manage.mysites.guru/contact)! ## Unlimited Backup Schedules - powered by cron syntax URL: https://mysites.guru/blog/unlimited-backup-schedules/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites 41.37% backup monthly 49.47% backup weekly 9.16% backup daily Using mySites.guru you can backup your site unlimited times, based on unlimited schedules, configured with powerful cron syntax You can create **UNLIMITED backup schedules** in mySites.guru. Each schedule is powered by a cron expression, giving you total control over the timing and period of your backups, and you can even set DIFFERENT Backup Profiles per schedule. ## Example Schedules: - Daily Morning: Backup using the "Default Backup Profile" and save on the server every morning. - Send a backup to FTP every evening - Send a backup to Amazon Glazier once a week on a Tuesday [![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-08-31-at-16.48.08-1024x288.webp)](../../assets/img/blog/Screenshot-2020-08-31-at-16.48.08.webp) ## Cron Expression Cron syntax is a standardised way of writing a period of time that you want an event to happen. Its used on pretty much every computer and server you have ever used and is well known. Im not going to try to [teach you to suck eggs](https://en.wikipedia.org/wiki/Teaching_grandmother_to_suck_eggs), there is a Wikipedia page on cron here [https://en.wikipedia.org/wiki/Cron#CRON_expression](https://en.wikipedia.org/wiki/Cron#CRON_expression) but I expect most Digital Agencies using mySites.guru will know what a cron is :-) Cron has 5 segments - * * * * * (a star means "every") so * * * * * means every min of every day of every month of every year... probably not what you want. However, you can change the syntax to get granular control over your backup schedules. Here are some more examples: Daily Backup at 09:15 UTC = **15 9 * * *** Weekly Backup - At 12:34 UTC on Tuesday. = **34 12 * * 2** (The 2 here means, the second day of the week, where 0 is Sunday, 1 is Monday and 2 is Tuesday) Monthly Backup - At 04:36 UTC on 26 of every month. = **36 4 26 * *** (26 here represents the 26th day in the month) ## Different Backup Profiles You can now specify a different schedule for each backup profile. This is powerful. You can now have a daily on server backup, a weekly off server backup and a AmazonS3 backup once a month - if you like. You can finally take advantage of the amazing Professional Features of Akeeba Backup for Joomla and WordPress. ## Powered by Akeeba Backup There is no doubt. Akeeba Backup Professional is the most powerful backup solution for Joomla and WordPress. mySites.guru since its conception has always supported the Nicholas and the Akeeba project by integrating their API with our products, and directing customers to purchase the Akeeba Professional suite of tools. > If you are new to Joomla/WordPress and need a rock solid backup solution - its a no brainer, go and purchase a subscription to Akeeba Backup Professional, and while there grab Admin Tools Professional too!! ***mySites.guru also supports All-In-One-Migration Backup Plugin for WordPress. *** ## When to backup? In migrating the backup schedules to cron syntax we noted: ![MySites.guru REFRESH BLACK](../../assets/img/blog/mySites.guru-REFRESH-BLACK-18-1024x538.webp)*41.37% backup monthly 49.47% backup weekly 9.16% backup daily* We would certainly advocate taking a backup before any major changes, and at a period to suit your risk appetite, the time between your backups will be the amount of data you stand to lose, make that period as small as possible. ## Where to store the backups? **Be sensible. Don't store all your eggs in one basket**. Don't store your site backups on the same server as your website. One datacenter fire, or server compromise and you site, along with its backups are GONE! Akeeba Backup Professional has full support for MANY remote storage services. Most are very very cheap! For the price of a coffee a month you can have peace of mind! ## What about my old schedules? Don't worry, we have migrated your old settings, including your selected profile number and its daily, weekly and monthly setting. We took the date of your last backup based on those settings - and applied that to the new cron syntax to get a syntax that would be equivalent to your previous settings. ## mySites.guru No longer provides UptimeRobot.com Status pages URL: https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru no longer integrates UptimeRobot — it now runs its own custom uptime monitoring engine, replacing the third-party service that tried to raise fees by 352%. **mySites.guru No longer provides UptimeRobot.com Status pages** as we no longer integrate the [UptimeRobot.com](https://uptimerobot.com) service into the mySites.guru service Instead we [designed, developed and run our own uptime monitoring service](https://mysites.guru/blog/monitor-your-sites-uptime-with-mysites-guru/) as part of the complete [Ultimate Toolset](https://mysites.guru/features/) at mySites.guru > The main reason we stopped integrating with UptimeRobot.com is they tried to extort obscene amounts of money from us, and then changed their terms and conditions to outlaw what we were doing perfectly legally until they were bought out by the outlaws... Read more: [Why we stopped using UptimeRobot.com](https://mysites.guru/blog/monitor-your-sites-uptime-with-mysites-guru/#why) ## mySites.guru Social Media Links URL: https://mysites.guru/blog/where-to-keep-up-to-date-with-mysites-guru-news-and-announcements/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites All the social media channels, mailing lists and community links where you can follow mySites.guru news, feature announcements and updates. We love to keep in touch with you! In this blog post we are going to list and provide links to the ways you can keep in touch with our social media and mailing lists. [Continue reading](https://mysites.guru/blog/where-to-keep-up-to-date-with-mysites-guru-news-and-announcements/#more-369) to get the links to everywhere we post. ![MySites.guru REFRESH BLACK](../../assets/img/blog/mySites.guru-REFRESH-BLACK-6-1024x538.webp) ![Screenshot of mySites.guru feature](../../assets/img/blog/38-1024x538.webp) ## White-Label Activity Reports for Clients URL: https://mysites.guru/blog/whitelabeled-client-activity-reports-for-joomla-and-wordpress-sites/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites mySites.guru generates automated, white-label site activity reports emailed to your clients on any schedule, covering updates, backups, audits and uptime. *Introducing mySites.guru Sites Activity Reports!* Those that follow our journey know that we deploy new features almost daily. Some features are small, some are bigger, but some have been repeatedly requested and are much much larger to develop. Reports is one of those. ## Automated. While You Sleep. One of the unique features of the mySites.guru [white label reports](https://mysites.guru/blog/create-custom-client-white-label-reports-for-your-joomla-and-wordpress-sites/) is that you can set and forget them. You can create [unlimited report schedules](https://mysites.guru/blog/whitelabeled-client-activity-reports-for-joomla-and-wordpress-sites/), each being able to run as often as once a minute if you like - (please don't ;-)) - and have these reports emailed to UNLIMITED people - including your customers. The report period they cover can be dynamic too - for example, you could: `Send email your client at them@example.com from your email address you@yourdomain.com, every month on the 7th of the month at 1am, with a a customised report that contains details of just 2 sites from your list, AND any site tagged "customer1", but with no version numbers in it, and only with data since the last report was generated - with your logo in the report... ` This report will be sent at 1am on the 7th of each and every month until you cancel/delete the report. Simple Another example: `Send yourself an email weekly on a Sunday with a list of all the available updates available for all sites in your account using the default template` Powerful! ## Powerful Site Selection Some report solutions can only handle selecting sites or tags. Well with the mySites.guru [whitelabeled report](https://mysites.guru/blog/create-custom-client-white-label-reports-for-your-joomla-and-wordpress-sites/)s for WordPress and Joomla you can select any combination of tags and sites for [managing multiple wordpress sites](https://mysites.guru/) You could select 3 sites and 6 tags - and the result would be 3 sites + any site tagged with any of the 6 tags - and if that causes duplicates, we remove the duplicate and only report on the sites as you would expect. This is powerful! You could use a tag per customer, or just select one site per report - the power is in your hands! ## Unlimited. Configurable. Powerful. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-13.17.57-1024x113.webp) Thats right - knock yourself out, add as many report configs as you like. Each report config allows you to configure: - The report name (used as any emails subject line) - To schedule the report or run it manually only - Configure the schedule using standard CRON syntax - use our awesome cron syntax builder, simple clicks! ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-13.14.07.webp) - Select the period for the report to cover: - Since the last report ran - Between two set dates - Set number of days before the run time - Select one, all, or some of your Sites or Tags to build the source dataset for your report - Select your report options, these include enabling/disabling report sections, and hiding individual report log rows you don't way - Configure who to email the report to - you can email UNLIMITED EMAIL ADDRESSES - Get help to configure your domain's DNS for ultimate email deliverability, and to remove the last trace of mySites.guru from the emails ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-13.19.49.webp) - Customise your report using our built in sandboxed Twig based template designer ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-13.18.59.webp) ## Schedule emails to send to you - or from you to your clients! We know that some of you want to use reports to send monthly "look what I have done" reports direct to your client, and for that email to not have mySites.guru as the sender or to appear in the "From" part of the email. We hear you. But sending email on behalf of someone else is a technical and complex task. SPF and DKIM Records in DNS are the best way to ensure email deliverability - you should already know that - we will walk you though the process of setting up the correct records to allow us to send email from YOU to YOUR customers. Its fully automated, and as long as you follow the instructions, will result in three green ticks - and then from then on, all report emails will be sent "from" your email address ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-13.19.49.webp) **We don't need your password for you mail account! We don't need your mail server details! We do not need to access your mailbox! ** ## What does the report contain? Good question. This section is already out of date as Ive added more features since it was first written :) But note - you can turn off any of these to hide them - you can fully customise the report to suit your own needs. The main sections are: - Site Screenshot - [UptimeRobot](https://www.UptimeRobot.com/) Uptime Summary - [UptimeRobot](https://www.UptimeRobot.com/) Uptime Log - Extension Updates Available - Backup Information - Site Activity Log - Site Version Number - PHP Version Number The Site activity log table also contains data captured on our events, which are named accurately: - onViewedGlobalConfig - onSavedGlobalConfig - onViewedComponentOptions - onSavedComponentOptions - onAdminLogin - onAdminLogout - onUserViewed - onUserLogout - onUserModified - onUserCreated - onFileModified - [onSnapshotTaken](https://mysites.guru/blog/get-a-quick-snapshot-of-your-joomla-and-wordpress-sites-with-mysites-guru/) - [onAuditStarted](https://mysites.guru/blog/schedule-your-security-audits-updates-backups-for-your-site-with-mysites-guru/) - onAuditFinished - onContentSearch - onConnectorUpgrade - onConnectorReconnect - onFileDeleted - onFileSaved - [onExtensionUpgrade](https://mysites.guru/blog/automatic-updates-for-any-joomla-extension/) - onAlertTriggered - onUserLogin - onBackupStarted - onBackupFinished - onBackupProfileChanged - [onDowntimeStarted](https://mysites.guru/blog/uptimerobot-public-status-pages-free-for-all-mysites-guru-subscribers/) - onDowntimeFinished - onExtensionInstall - onExtensionRemove - onExtensionPublish - onExtensionUnpublish - onToolApplied - onSavedPluginOptions *This list is correct as of March 2020, but is increasing as we add more logging and features, and merging the Joomla User Action Log.* ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-13.36.13-1024x461.webp)*Example Site Activity Log* ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-13.41.50-1024x360.webp)*Example UptimeRobot Monitor Summary* ## Customise the report with simple HTML and twig tags Our built in template designer allows you to modify the standard template we provide, using your HTML skills you already have, and some basic` {{ placeholder }}` tags in the **[Twig format](https://twig.symfony.com)**. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-14.07.10-1024x855.webp) ## Why no PDF format? Although PDF attempts to be a "Portable" document format, the reality is actually very difficult. It is actually very difficult to automatically generate a great looking PDF that renders well under all circumstances, especially when you are dealing with tabular rows of data that spread over page breaks and could be any number of rows long. PDF also page size specific. In the UK we love "A4" in the USA they prefer "Letter" for example. PDF also requires clients to have additional software installed to read the files. We have chosen HTML as the format of our reports, with markup to make them render great when you (if you) choose to print them out. - The internet is used to HTML. - Everyone can render HTML. - Email Clients can all handle HTML. - HTML can easily be customised by you. - HTML is faster - HTML is responsive to being read on mobile devices - We could go on... ## Why are you only now giving us this feature? The main reason we were previously unable to provide you with reporting features is that we simply did not have the data to provide. **One of the founding principles of mySites.guru is that we hold the very minimum information about you and your sites in order to provide the service we provide. ** However with the introduction of User Activity Log in Joomla we reconsidered, and as most of the activity happens on your site anyway, we released that we could just use YOUR Database to log YOUR data activity, therefore the data is not sitting in our database until you actually want it reported on. This also helps us with capacity planning, think about it, each site with 100 activities a day, [75,000+ sites in mySites.guru](https://mysites.guru/blog/over-66000-joomla-and-wordpress-sites-trust-mysites-guru-service/), that's **2,263,000,000 log rows** per year - gulp! YOUR activity is logged in YOUR database. ## What's next for mySites.guru reports? "I’m glad you asked! The answer is, “A lot of extra features!“" haha - We will be merging the Joomla User Action Log into the reports, giving you an even greater level of detail in your activity logs for you and your customers* (Done but not yet deployed at the time of writing*) - We will be increasing the number of actions that are logged, for example, when you use the mySites.guru tool set to make changes to your sites, we will log that for you to report.* (Done but not yet deployed at the time of writing)* - And much more... You can already **save unlimited report configurations**, you can **schedule the reports** and **email them to yourself**, or configure to **send from your email address to your clients with no reference to mySites.guru** or phil@phil-taylor.com and you can already **customise the format, layout, and options of each report**, with **simple toggles to remove sections** or data rows - or **completely customise the report in the HTML Template designer**! ## Where can I find the reports? The reports section is in your mySites.guru account - in the left menu you can find it in the Scheduled Actions menu section. ![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-13.46.21.webp) Or just use the [keyboard shortcuts](https://twitter.com/mysitesguru/status/1249381939901071363) - press r on your keyboard when logged in to get to the [reports page](https://manage.mysites.guru/en/reports/) The direct url is: [https://manage.mysites.guru/en/reports/](https://manage.mysites.guru/en/reports/) ## How much extra does UNLIMITED Client Reports cost? ***Nothing Extra!. Zip. Nil. Nada.*** If you are a mySites.guru subscriber you get access to reporting. Thats right, your standard [mySites.guru subscription price](https://mysites.guru/pricing/) for unlimited sites **INCLUDES ALL FEATURES** of mySites.guru, including the new features we release now and in the future! [![Screenshot of mySites.guru feature](../../assets/img/blog/Screenshot-2020-04-18-at-13.49.11-1024x741.webp)](https://mysites.guru/pricing/) ### BONUS: The report is attached to the email as a HTML Attachment and you can also download the report.html from your account We know that some customers like to store, forward, process and edit their reports themselves. This is why with every scheduled email we send with the report as the body of the email, we will also attach a simple report.html file to your emails, so you can download to your computer the whole report in a single file for further processing, editing, branding, storing etc. You can also download these files from mySites.guru on the report page using the download button. ## What did WP Mayor think of mySites.guru for WordPress? URL: https://mysites.guru/blog/wp-mayor-review-of-mysites-guru/ Date: 2024-03-11 Category: Manage Multiple WordPress Sites Find out what WPMayor.com had to say about mySites.guru - managing multiple WordPress sites in one dashboard Today, we are really excited to receive a review from the top rated WordPress blog [WP Mayor](https://wpmayor.com) ! Some time ago, we submitted the idea of a product review to [WP Mayor](https://wpmayor.com), and gave them complete access to the [whole toolset at mySites.guru](https://mysites.guru/blog/site-information-all-in-one-place-with-mysites-guru/) for [managing multiple WordPress sites](https://mysites.guru/blog/the-best-dashboard-for-unlimited-joomla-and-wordpress-sites/) for almost a month. We gave them [full permission to write whatever they wanted](https://wpmayor.com/disclosure/) about us. The reviewer was [Kevin Wood](https://wpmayor.com/author/kevin-wood/), who has over 10 years of hands-on WordPress experience, Kevin excels in making complex WordPress topics more accessible. Overall Kevin was impressed with mySites.guru and details why in his review. The only change we asked for in this review was to correct the price currency conversion ([mySites.guru is GBP19.99 per month](https://mysites.guru/pricing/), which is approx USD$28 for UNLIMITED sites!) ## The WP Mayor Review of mySites.guru ⭐⭐⭐⭐⭐ You can view the complete review by clicking below: https://wpmayor.com/mysites-guru-review/ This review was performed as part of a paid product analysis. [Here’s why you can trust their verdict](https://wpmayor.com/disclosure/). ![ScreenShot 13.03.30](../../assets/img/blog/ScreenShot-2024-03-11-13.03.30.webp) The review focuses on the main mySites.guru features - those being, [Managing multiple WordPress sites in one dashboard](https://mysites.guru/), the [huge toolset of tools for WordPress](https://mysites.guru/blog/security-audit-tools/), individual site management, the [WordPress Site Audit](https://mysites.guru/free-audit/), [Uptime Monitoring](https://mysites.guru/blog/monitor-your-sites-uptime-with-mysites-guru/), [Mass upgrade of WordPress plugins](https://mysites.guru/blog/how-to-update-joomla-joomla-extensions-wordpress-and-wordpress-plugins-from-mysites-guru/), [Universal User Management](https://mysites.guru/blog/universal-user-management-for-joomla-and-wordpress-sites/), [Realtime Alerting](https://mysites.guru/blog/get-real-time-alerting-of-modified-files-admin-logins-and-much-more-with-mysites-guru/), [White label reporting](https://mysites.guru/blog/whitelabeled-client-activity-reports-for-joomla-and-wordpress-sites/) and a nod to our specialised `[Learn More](https://mysites.guru/blog/learn-the-best-practice-for-joomla-and-wordpress-sites-with-mysites-guru/)` pages. ## Our thoughts on the review The review pretty much sums up the mySites.guru service to a tee. Its always scary to give someone full reign to say what they feel about a project you have invested into every single day for a decade or more, but overall Im pleased that the [features of mySites.guru](https://mysites.guru/features/) and the support I provide has shined through. Sure there are things we can improve about the mySites.guru service - but thats the thing, Im here day in and day our improving and expanding the service - with zero price increases since 2012 - despite the ever expanding toolset! I totally agree that things can be complex and advanced for beginners - however mySites.guru is designed for Digital Agencies to [manage unlimited WordPress sites](https://mysites.guru/) - not WordPress beginners. ![ScreenShot 13.03.38](../../assets/img/blog/ScreenShot-2024-03-11-13.03.38.webp) https://mysites.guru/blog/how-to-get-mysites-guru-for-free-for-a-whole-month/ https://mysites.guru/free-audit/ ## Emails from AuditMailerTest@myjoomla.io URL: https://mysites.guru/blog/emails-from-auditmailertest-myjoomla-io/ Date: 2022-04-12 Category: Manage Multiple Joomla Sites Explains why you may receive test emails from AuditMailerTest@myjoomla.io and what they mean for your mySites.guru audit notifications. Several people have noticed emails from AuditMailerTest@myjoomla.io in their Mail sent items. At the start of every [mySites.guru audit](https://mysites.guru/blog/security-audit-tools/) we use the Joomla/WordPress Configuration for Mail settings (whatever you have your Joomla/WordPress site configured for sending mail) to send a short email to AuditMailerTest@myjoomla.io ([myJoomla was the initial name for the mySites.guru service](https://mysites.guru/blog/myjoomla-com-is-now-mysites-guru/), before we added support for WordPress sites, at that point [we changed brand to mySites.guru](https://mysites.guru/blog/myjoomla-com-is-now-mysites-guru/)) If we receive this then we flag that in the audit results as a success, if the email doesn't arrive then we flag that as a failure and something to investigate. ![extract of the mySites.guru service showing the Email Configuration test result](../../assets/img/blog/ScreenShot-2024-04-12-09.41.49-1024x253.webp) **This is a valid test to ensure your site can send emails.** Now, the server that receives these emails is not a real SMTP server, its a PHP script that pretends its a SMTP server, converts the incoming email to JSON and sends it back to mySites.guru for processing. If we don't receive the email then that is flagged in the mySites.guru audit - because **it would mean that your Joomla/WordPress site could not send email** using its configured method of sending emails... - **if your site cannot send email that might mean you are losing emails!** ![The learn More page from the mySites.guru service for the Joomla Global Config email configuration](../../assets/img/blog/ScreenShot-2024-04-12-09.44.30-1024x1011.webp) If you can see these emails in your Mail Clients "sent items" folder it probably also means you are reusing your credentials from your mail account with your site - this is bad and should be changed - if your Joomla/WordPress site ever was hacked (like every Joomla 4 version was exploitable to expose configuration.php values, except the latest few!) then the hacker would have full control over your mail account too - gulp! Beyond configuration files, hackers often leave behind [hidden dot-files you'd never spot without a dedicated scan](https://mysites.guru/blog/the-hidden-files-lurking-on-your-site-that-you-dont-know-about/). Normally you would set up and use a separate outgoing mail account for your Joomla/WordPress site if needed, normally a web server can be correctly configured to send mail without sending by SMTP. Personally we recommend using a SMTP service like [PostMarkApp.com](https://PostMarkApp.com) which provides better outgoing deliverability and visibility of sent emails. If you are receiving bounce backs or server spam error messages - then check your outgoing mail settings - because if you are bouncing or spam flagging our emails, you are probably also flagging emails that are genuinely sent from your site. The only way to stop these emails is to terminate your mySites.guru subscription or don't ever run another audit. I shall not be removing this valid and important part of the checks we do and adds value to the audit tools.