SEF urls | More than just good looks.
SEF urls not only look good, but they make your site harder to hack. Enabling SEF urls in your Joomla backend is a great thing to learn how to do.
SEF urls serves as a dual purpose feature
The biggest advantage to SEF urls is that your website viewers and users will have pretty urls to look at.
SEF urls look like this:
http://www.prothemer.com/blog/2009/hosting-and-security/sef-urls
While default urls look more like this:
http://www.prothemer.com/article345&-hash&zippetydew)daw(/zippety
While there is no solid proof that SEF urls will help your page rank or do any better in search, it is always advantageous for a url to be readable and to make sense. It makes everybodies life easier and prettier, and isn’t that what life is all about anyhow? Making things pretty and nice.
“So what does this have to do with my site security?”
Hackers will sometimes use tools like Google to search for insecurities with CMS’s. Simply because if they find one loophole, they will have a lot of sites to take advantage of.
If it is discovered that a specific string or un-SEFed url can cause your site some problems, you have less to worry about as your URLs are masked with SEF urls. They won’t come up in Google, and it will be far harder to do dirty things to them with this enabled.
Enabling SEF urls in Joomla is relatively simple
For the inexperienced, diagnosing issues or dealing with figuring it out if it does not work properly can be a bit of a headache. Diagnosing and/or enabling SEF urls in Joomla is out of the scope of this article, but Google has a lot of good results.
It should also be noted that the default SEF in Joomla 1.5 is really quite good. There are a few good components that can extend and enhance the built in functionality, but don’t even attempt to install those without making sure the Joomla one works first.
In conclusion
SEF urls might be a bit daunting to setup, but worth it for security and overall site usability. Do you have any SEF usage stories? Good or bad. 
Liked this post? Help spread the word by sharing it!
Tags: usability, useful tips
We are in love with everything web and embrace technology as a means to drive social change.
For me pretty urls are not about SEF but more about HEF. (Human Ear Friendly)
Imagine you are in the pub or are on the telephone. Which is the easiest url to tell someone that they are likely to remember.
http://www.joomla.org/index.php?option=com_content&view=article&id=19&Itemid=27
or
http://www.joomla.org/download.html
Brian Teeman´s last blog ..Joomla web site hacked
That’s a great point. It ran though my head but for some reason I left it out. Thanks for bringing that to the table as well.
Nice post Matt
In addition to the points already mentioned, if a sites url structure is properly thought out, they can also play a role in a sites navigation, as they give the person browsing a clear indication of where they are in the site.
What you’re describing is security by obscurity, which is about the weakest form of protection imaginable. Any self respecting hacker will find ways to design a signature of vulnerable sites and use that in google or other tools. Which in turn can be used by any script kiddie.
Brian is closest to the mark. Url’s are user interfaces, unique addresses to a specific location. Not only should they be memorable, ideally they should fit the site’s structure, which in turn will help a user with mental mapping.
Eg if an url is /people/john, I expect /people to give me a list of all people.
Finally, it is pretty proven that good url’s do help wioth SEO. Google gives greater priority to url’s that have a specific keyword, than to url’s that are just meaningless id’s. Google attempts to see websites as humans would, and humans prefer meaning over numbers.
Mathias´s last blog ..We’re hiring!
Thanks for the comment Mathias.
I am by no means suggesting this is a “be all and end all” to security. It is simply one more annoyance that could be a hindrance to the attacker. I was merely suggesting that SEO urls have multiple levels of usefulness.
We could probably debate all day if Google search gives a fart about pretty urls, but what it really comes down to is quality page content. When Google moves towards organic search instead of keyword search here soon, that will change everything.
Great point! So SEF stands for “Secure Everything First” URLs eh?
Mathias is definitely correct about SEF being security through obscurity. It’s very easy to test if a site is joomla or not with or without SEF urls. Sure SEF would mean that a url like com_eventlist would not appear in a google search but even then there are easier and better ways for a hacker to test for the presence of that extension. Site security is so much more than obscurity!!
Brian Teeman´s last blog ..Why is good content so important for my website?
Nice clean url structures have many advantages as well. They rank much better overall and they look professional. Nobody wants to look at a bunch of miscellaneous characters. It just looks and responds sloppy.