If you are using Akeeba Ticket System Professional on your site with GMail or G Suite email you need to make use of the Akeeba Ticket System mediator script for GMail if you are using the Reply by Email or New Ticket by Email feature with an email account hosted on GMail or G Suite.
The mediator is a small application hosted on Akeeba Ltd's server which mediates between your site where Akeeba Ticket System is installed and Google's API servers to procure and refresh the access tokens which are used by Akeeba Ticket System installed on your site to retrieve emails.
Akeeba Ltd does not store the GMail access tokens on its servers, or anywhere else, does not have access to your emails and can not send emails on your behalf.
Akeeba Ticket System Professional (ATS) is a Joomla component which is installed on your site. It provides the functionality of a self-hosted support ticket system.
Normally, your clients will log into your site and visit the ATS pages you have created there to create or reply to support tickets. An email is sent to the user when they create a new ticket or a reply is posted to their existing ticket.
You can find more about Akeeba Ticket System itself in its product page.
If you choose to do so, you can use either or both of optional features provided by the "Akeeba Ticket System - Fetch Email" plugin shipped with ATS: Reply by email and Create ticket by email.
The first option allows your clients to reply to the new ticket / new reply email notification by email. The contents of that email are posted as a reply to their support ticket.
The second option allows your clients to send an email to a designated address to create a new support ticket.
For these two features to work, ATS needs to log into your email server, check for the existence of new email messages, retrieve them, process them and finally mark them as read or delete them (depending on your preferences). This is done using either of the two industry-standard email retrieval protocols, IMAP or POP3. Logging into these mail servers typically takes place by sending a username (in most cases the email address) and a password.
GMail and G Suite email (collectively called "GMail" below) have long supported access to the mail server through the industry-standard IMAP protocol. This allowed site administrators using ATS on their sites to enter their GMail email address and password in ATS to access their emails over the IMAP protocol.
Several years ago, GMail introduced Two Factor Authentication in GMail. This makes access to your email much more secure. However, it means that using your regular GMail password no longer worked for retrieving email from your GMail account. To cater for these uses cases Google introduced application-specific passwords which were randomly generated upon the GMail user's request and could be revoked at any time. You could use an application-specific password with ATS to retrieve your email.
At the end of 2019 Google announced that it would be retiring application-specific passwords. Starting June 15th, 2020 it will be impossible to connect to create new application-specific passwords. Starting February 15th, 2021 existing application-specific passwords will stop working.
Google has offered an alternative for application-specific passwords for a few years now. It's called OAuth2 token access and it's more secure than application-specific passwords.
The way it works is that the application that needs email access sends the user to Google's authentication servers. The user logs in there and verifies that they want the application to have access to their email account. Upon acceptance, Google's servers send two long bits of text called access token and refresh token back to the application. The application uses the access token to log into IMAP and retrieve email. The access token periodically expires. In this case the application uses the refresh token to get a new access token from Google's servers. This means that the equivalent of a password, the access token, never has access for too long and even if it's somehow stolen it can cause very limited damage.
GMail's OAuth2 token access flow is what you have experienced if you have linked your GMail or G Suite account with an email application such as Mozilla Thunderbird, Apple Mail, Windows Mail, Microsoft Outlook for Android / iOS etc. The popup Google page you had to log into was Google's authentication server. At the end of the process your email application received an access token and a refresh token to access your GMail / G Suite email account.
The security of OAuth2 token access is very tightly controlled. Access and refresh tokens are only issued against an API application that has been registered with Google. Such an application can either be a desktop (e.g. Mozilla Thunderbird) or mobile (e.g. Microsoft Outlook for Android / iOS) application or a hosted web application.
Since we are talking about a Joomla component we are inherently talking about a hosted web application. However, for reasonable security reasons, a hosted web application registered with Google is restricted to a very specific domain name that its developer has to demonstrate they have control over. That is to say, we cannot create an application for ATS on behalf of all of our clients since each and every client has one or more sites, hosted on different domain names which are not under our control.
Considering that an API application is mandatory for OAuth2 token access to GMail and G Suite email accounts there are exactly two alternatives to this problem.
The first alternative is asking you, our clients who install ATS on your sites, to create an API application on Google's Cloud Console for each and every one of your sites, get it approved by Google and use it to connect ATS to your email account. While this would be the easiest way for us it would be extremely complicated for you. Worse yet, we couldn't offer to do that on your behalf or even help you navigate the process. That would be a very frustrating experience for you.
The second option is having us create an API application on Google's Cloud Console that applies to all of our clients' sites, get it approved by Google and use it to retrieve the access and refresh tokens. The tokens are passed directly to your site without them being stored on our server or anywhere else. Moreover, the same application can be used by your ATS on your site to exchange the refresh token with a new access token. Again, the new access token is sent back directly to your site without it being stored on our server or anywhere else. This miniature application is the Akeeba Ticket System mediator for GMail.
We chose to implement the second option because it's easier for you, our clients, to use. The only downside is that you get a request to authorize Akeeba Ticket System to read and send emails. This is a normal side-effect of how OAuth2 token access works. As noted, we do not store your access credentials (tokens), therefore we DO NOT have access to your email. If you are a subscriber of Akeeba Ticket System Professional you can request a copy of the source code of the mediator script to verify our assertion yourself.
Disclaimer: We are not lawyers. The information in this section is not legal advice and should not be treated as such. The information in this section is for informational purposes only. If you are unsure about compliance with privacy or other applicable laws in your jurisdiction please contact your lawyer to get a valid, professional, legal opinion.
As explained above, Akeeba Ltd does not store your access credentials (tokens) and does not have access to your email account. This makes the mediator script security-neutral.
Moreover, we do not keep or log any personally identifiable information when you use the mediator script. The only information logged is the fact that your site's IP address accessed the mediator script at a certain time. As a result the mediator script does not violate your privacy and does not require you to add any specific verbiage to your site's Privacy Policy to be compliant with the EU GDPR, California's CCPA or other similar privacy legislation.
Only your site can retrieve and process email. The only disclosure you may need in your Privacy Policy page is that your site will process the email sent to the designated support email address(es) for the purpose of creating new support tickets and / or creating new support ticket replies.
TL;DR version: Just like virtually every discount coupon out there you can use the coupon code to get a discount before paying, until the expiration date of the coupon code, with the limits announced for it, without being able to combine it with other coupon codes, discounts or special promotions. You cannot exchange it for money, subscription time or anything else. We also reserve the right to modify or terminate coupon codes without prior notification. Yup, that’s pretty much the same terms you’d get on the printed coupons you use at the convenience store.
And now for the long, boring version.
Company in this document refers to Akeeba Ltd.
Our Site in this document refers to the Company’s website currently located at https://www.akeeba.com.
Subscription in this document refers to any software and / or download services subscription currently available for sale on Our Site.
Subscription Page in this document refers to any page on Our Site which lets you purchase any of Our Subscriptions.
Coupon Code in this document refers to any discount code you can enter into the “Coupon code” field of any Subscription Page.
Regular Price in this document refers to the price of any of Our Subscriptions before any discount or tax is applied to it.
Automatic Discount in this document refers to reduction of the Regular Price applied automatically by Our Site’s e-commerce system and visible on the Subscription Page. This includes but is not limited to discounts applied automatically in the following occasions: when repurchasing a subscription while it is still active in your account, before it expires; when purchasing a subscription while holding another active subscription that qualifies you for an automatic discount.
Discount in this document refers to any price reduction applied to the Regular Price either automatically or as a result of a Coupon Code or Automatic Discount.
Our Company very infrequently publishes time limited Coupon Codes as part of special promotions on the occasion of major holidays and sponsored conferences. We believe in honest pricing: the price of our software is the lowest we can offer to guarantee continued development. As a result we do not have coupon codes at hand most of the time.
Coupon Codes are typically delivered by one of the following means: announced on social media such as Twitter and Facebook; Our Site (e.g. news section, documentation etc); on the sites of select partners; on-line, print or other physical advertisement material for conferences and similar events; electronic or printed certificates for raffles; delivered in personal messages for special cases (e.g. when a client has bought the wrong subscription).
We do not share our Coupon Codes in “coupon exchange” sites. Coupon Codes on such sites will generally do not work as they are outdated or already canceled. Furthermore, Coupon Codes which do not originate from us do not bind us in any way whatsoever.
Coupon Codes can be delivered either standalone or as part of a specially formed URL. Most Coupon Codes we announce are typically of the standalone kind. A standalone code looks like this: SPECIMEN
Specially formed URLs are mostly used for raffle certificates and whenever we need to convey a coupon code that applies to a specific subscription or client. A specially formed URL looks like this: https://www.akeeba.com/subscribe/new/akeebapro.html?coupon=SPECIMEN
Please note that the above examples are for illustration purposes only and will not work on Our Site.
Coupon Codes are only valid on the Subscription Page of Our Site. They are not valid for use on any other site, including any site offerring services related to our software or reselling our software legally or illegally.
Coupon Codes delivered standalone can be used with any of Our Subscriptions unless explicitly stated otherwise. In the latter case wording similar to “valid only for XYZ” is used, meaning that the coupon code is only valid if used to purchase a XYZ subscription.
Coupon Codes delivered through a specially formed URL can only be used for the subscription pointed to by the URL. If the URL points to a subscription selection page the Coupon Code can be used with any of Our Subscriptions unless explicitly stated otherwise. In this case the same provisions as the paragraph above apply.
All of our coupon codes come with an expiration date. We may define a date either explicitly e.g. “valid until June 1st, 2016” or implicitly e.g.“valid until the end of May”.
All dates are expressed in GMT timezone. If a time is not specified it is 00:00:00 (midnight).
If a year and / or month is not defined it is the year and month, respectively, when the message was posted. In the case of a Coupon Code announce at an event or social function it is the year and month the event takes place. If an event spans two months it is the second month, e.g. if an event is organized May 30th to June 1st then the month to take into account is June.
If no validity period is specified it is implied to be one calendar week (7 days) since the day of the post containing the Coupon Code.
Coupon Codes come with limitations to prevent abuse. Typically they can only be used once per user account and by a maximum of 100 users. We reserve the right to revise these limits without prior notice.
The Discount is always calculated against the Regular Price. A Coupon Code will give you either a fixed discount or a percentage discount.
In the case of a fixed discount we explicitly state the discount amount in a format customary to the target audience and always expressed in Euros. For example “10 Euros”, “10€”, “€10”, “€10.00” or “10,00 €” all refer to a Discount of ten Euros and zero Eurocents.
In the case of a percentage discount we explicitly state the discount as a percentage of the Regular Price. For example “20%” means that the Discount will be 20% of the Regular Price. For a subscription with a Regular Price of 40 Euros this would mean 40 Euros times 20% = 8 Euros and zero Eurocents.
If the Discount exceeds the Regular Price then the Discount is to be assumed equal to the Regular Price. Explicitly, there will never be a negative payment, discount or refund if the Discount exceeds the Regular Price.
The Discount granted by the use of the Coupon Code does not relieve you from the obligation to pay Value Added Tax (VAT) where applicable per the European Union’s VAT directives and the local laws which implement them. According to the legislation the applicable VAT rate is applied to the Regular Price after the Discount has been subtracted.
Example: Regular Price 40 Euros, Discount 8 Euros, 20% VAT Rate. The taxable amount is 40 Euros minus 8 Euros = 32 Euros. The VAT is 32 Euros times 20% = 6.40 Euros. The payable amount is 32 Euros + 6.40 Euros = 38 Euros and 40 Eurocents.
Our site informs you about the Regular Price, Discount and VAT rate applied. Before assuming a coupon code does not work please check whether VAT is being charged.
Discounts granted by Coupon Codes and Automatic Discounts cannot be applied additively.
You cannot combine two or more Coupon Codes. Only one Coupon Code can be used at any time.
You cannot combine the discount of a Coupon Code and an Automatic Discount. If there is both an Automatic Discount in effect and a Coupon Code is provided only the highest discount will be applied. Example 1: the Automatic Discount gives you a Discount of 2 Euros and the Coupon Code gives you a Discount of 8 Euros. The total discount applied is 8 Euros. Example 2: the Automatic Discount gives you a Discount of 10 Euros and the Coupon Code gives you a Discount of 8 Euros. The total discount applied is 10 Euros.
Furthermore you cannot combine two or more Coupon Codes with an Automatic Discount. You will need to pick one of the Coupon Codes and provide it to the Subscription Page. The rules described in the paragraph above will be applied in this case.
Coupon Codes will not be retroactively applied to finalized transactions. Coupon Codes can only be applied on our Subscription Page at the time of purchase, before you finalize the payment. When you finalize the payment the transaction is final and the Coupon Code can be no longer applied to it.
Explicitly, any full or partial refund request involving a Coupon Code not being applied will be denied. The same goes for requests to exchange a Coupon Code for subscription time, services or anything else per the No Exchange section below.
Coupon Codes are designed and intended to only give you a Discount when purchasing one of Our Subscriptions on Our Site. They cannot be exchanged for cash, refund (whole or partial), credit, another subscription, subscription extension (subscription time), services or anything else whatsoever.
The Company reserves the right to modify or terminate any aspect of a Coupon Code including but limited to the discount, validity period, applicability and limitation at any time without prior notification. Any modification or termination is not retroactive; if you’ve already used the coupon code the transaction is finalized and we won’t ask you for more money.
No exceptions to these Terms will be granted under any circumstances.
There are two editions of Akeeba Ticket System: Akeeba Ticket System Core (distributed free of charge, without support) and Akeeba Ticket System Professional (for-a-fee, with support). They are targeting different user groups, based on their needs and experience level.
To help you decide if Akeeba Ticket System Professional is suitable for you, we have compiled the following comparison table:
Feature | Core | Pro |
---|---|---|
Multiple nested support categories | ||
Public or private tickets | ||
Forced public or private tickets per category | ||
Submit tickets over the web | ||
Submit tickets by email | ||
Ticket assignment to specific support staff | ||
Open tickets view | ||
Manager notes – private notes seen only by support staff | ||
Send emails on ticket creation / reply | ||
Customisable email templates with WYSIWYG editor | ||
Canned replies | ||
Automatic replies based on ticket category, title, content and status | ||
Custom fields | ||
Custom ticket statuses | ||
Credits (virtual currency) system | ||
Automatic ticket system off-line schedule | ||
Ticket buckets for mass-replying to similar tickets | ||
Front-end ticket management for administrators | ||
Custom module positions for layout customisation | ||
AlphaUserPoints integration | ||
Akeeba Subscriptions integration | ||
Gravatar integration | ||
Joomla! Search and Smart Search integration | ||
CRON scripts for ticket and attachments clean-up | ||
DocImport integration | ||
InstantReply – automatically propose related public tickets to prevent unnecessary tickets | ||
Statistics on abandoned / spared by InstantReply tickets | ||
Time tracking | ||
Ticket print view | ||
User tagging |
There are two editions of Admin Tools: Admin Tools Core and Admin Tools Professional. They are targeting different user groups, based on their security needs and experience level.
Admin Tools Core is the Free (as in "free speech" and as in "free beer") edition which contains the necessary features to update your core Joomla! installation, fix directory permissions and perform database maintenance. It's what we believe that all sites shouldn't do without, in one neat extensions. However, it is missing all the active security enhancing features of the Professional release. It's recommended for administrators of very small sites.
Admin Tools Professional, on the other hand, is the for-a-fee edition which has those extra features only useful to larger sites which require active security. We recommend it for power users and web professionals who want to enhance the security of their web sites.
To help you decide if Admin Tools Professional is worth trying, we have compiled the following comparison table:
Feature | Core | Professional |
---|---|---|
Emergency Off-Line switch to put your site securely off-line in the case of an attack | ||
Protection of its configuration with a Master Password | ||
ACL: fine-grained control over which features each user can access | ||
Protect access to your administrator directory with a username and password | ||
Change your Super Administrator ID | ||
Fix the permissions of all files and directories on your server or apply your own configurable, custom permissions down to file and directory level | ||
Automatically rewrite links pointing to your old site's domain name / directory to point to your new domain name / directory | ||
Automatically convert all links to insecure (HTTP) items to HTTPS when your site is accessed over SSL | ||
One-click purge of your temporary directory | ||
Change your database collation (MySQL only) | ||
Repair and optimise all of your site's tables (MySQL only) | ||
Purge and optimise the sessions table with a single click (MySQL only) | ||
URL redirection with features beyond even what Joomla! has to offer |
|
|
Scheduled cleanup of your temporary directory | ||
Scheduled optimization of your sessions table (MySQL only) | ||
Scheduled purge of your sessions table (MySQL only) | ||
Automatic migration of hardcoded URLs in your articles, modules and everywhere when you change your site's domain name/location | ||
CSS and JavaScript aggregation to speed up your site | ||
PHP file changes and security scan | ||
.htaccess and NginX Configuration Maker | ||
Disable directory listings | ||
Protect against common file injection attacks | ||
Disable PHP Easter Eggs | ||
Block access to security-sensitive files such as htaccess.txt, configuration.php-dist and php.ini in your site's root | ||
Block specific user agents | ||
Protection against direct access to PHP file. It can even block access to uploaded hacking scripts, mitigating the attack. | ||
Force index.php parsing before index.html | ||
Optimise expiration time (good for SEO) | ||
Automatically compress static resources such as images, CSS, JS | ||
Redirect index.php to site root | ||
Redirect www to non-www, or non-www to www site, e.g. http://example.com to http://www.example.com |
||
Redirect old domain name to new domain name | ||
Force HTTPS for specific URLs, even when Joomla! doesn't let you to | ||
Force HSTS header for increased HTTPS security | ||
Web Application Firewall | ||
Customised exceptions, down to the component, view or query string level | ||
Full logging of security exceptions | ||
Send out an email when a security exception occurrs | ||
Geographic Blocking: prevent access to your site by specific countries or continents | ||
IP black-listing: prevent access to your site by specific IP addresses or blocks of IP addresses | ||
Administrator IP whitelist: only allow access to your site's administrator section by specific blocks of IP addresses | ||
Administrator secret URL parameter. You can only see the administrator login page if you append ?secretWord to the URL (the secret word is customisable) |
||
Change administrator login URL (e.g. use http://www.example.com/mylogin instead of http://www.example.com/administrator) |
||
Send email on successful or failed administrator login |
||
Customisable email templates and rate throttling for Admin Tools emails |
||
Forbid front-end Super Administrator login to deter brute-force password cracking |
||
SQLiShield protection against SQL injection attacks |
||
Cross Site Scripting block (XSSShield) |
||
Malicious User Agent block (MUAShield) |
||
CSRF/Anti-spam form protection (CSRFShield) |
||
Remote File Inclusion block (RFIShield) |
||
Direct File Inclusion shield (DFIShield) |
||
Uploads scanner (UploadShield) |
||
Anti-spam filtering based on Bad Words list |
||
Hide/customise generator meta tag |
||
Block access to Joomla! extensions installer |
||
Disable editing backend users' properties |
||
X-Content-Encoded-By HTTP header content for GZip compression customisation |
||
X-Powered-By HTTP header override |
||
Block tmpl=foo system template switch |
||
Block template=foo site template switch |
||
Integration with Project Honeypot's HTTP:BL anti-spam / anti-hacker IP blocking directory | ||
Auto-ban IPs causing excessive security exceptions (fully customisable) |
Akeeba Backup for WordPress comes in two different editions: the free of charge CORE edition and the for-a-fee (subscription based) Professional. Most first-time users will want to use the CORE edition to get started with backups. Advanced users and web professionals will want to upgrade to the Professional version to make use of the most advanced features.
To help you decide if Akeeba Backup Professional for WordPress is worth trying, we have compiled the following comparison table:
Feature | CORE | Professional |
---|---|---|
Akeeba Backup Plug-in Features | ||
Backup your entire site and its database with a single click | ||
Restoration script included in the backup archive We are the only ones to offer self-contained backup archives |
||
User interface translations into many languages |
||
Automatically fine-tune the configuration to suit your preferences and server setup | ||
Configuration encrypted with strong 128-bit AES cryptography | ||
Generate standard ZIP or custom JPA format backup archive files, including split ZIP/JPA | ||
Direct server-to-server transfer of your site over FTP/FTPS (DirectFTP) | ||
Direct server-to-server transfer of your site over SFTP (DirectSFTP) | ||
AES-128 encrypted archives (JPS format) | ||
Optimized database dump (Extended INSERTs) | ||
Front-end backup feature allowing scheduled (CRON) backups Front-end CRON functionality requires third party software (e.g. wget, curl) and web access |
||
Efficient native command-line PHP scripts for use in CRON scheduling
|
||
Multiple backup profiles | ||
Backup only your site's database or only your files | ||
Incremental files only backup | ||
Administer your backup files (download, delete) | ||
Import arbitrary archive files | ||
Restore your backup files from within the plug-in
(full site backup archives only) |
||
Exclude arbitrary directories, files or directory contents (individual item selection) |
||
Exclude database tables or table contents only (individual item selection) |
||
Regular expressions (PCRE) file, directory and database filters | ||
Option to exclude non-WordPress database tables | ||
Include extra MySQL databases in the backup set | ||
Include off-site directories in the backup set | ||
Cloud Backup Send backup archives to any FTP, FTPS and SFTP server | ||
Cloud Backup Store backup archives on Amazon S3 and restore from archives stored there | ||
Cloud Backup Store backup archives on DropBox, Box.com, Google Storage, iDriveSync, SugarSync, RackSpace CloudFiles, Microsoft Windows Azure BLOB Storage and any WebDAV server (allowing you to use another 40+ cloud storage services) |
||
Fine-grained quota management, even for remote files |
Our award-winning backup products will help you keep an extra copy of your site stashed away, just in case.
Protect your site from hackers and attacks with our security extensions.
These products are intended for the power user who knows their way around development tools and even command line.
Other extensions available for managing various aspects of your site.