How secure is the Joomla CMS System?
- Written by Luis Posselt
Debates about how secure the Joomla CMS system have existed on the internet for a while now.
A lot of people will say that Joomla has more holes than a swizz cheese. I mean even some hosting companies won’t allow you to work with Joomla because according to them Joomla is too insecure.
But let's analyze this situation because on my personal view and experience on this issues, the reasons for the insecurity problems is not the Joomla System itself.
How many times you have heard somebody like a friend, a hosting company, a so call expert, or anyone saying that Joomla is not good for building websites because its insecurities?
Now before telling you what is my take on this Joomla Security Matter, let me share with you a small analogy.
1. Imaging that two people buy the same Car Model.
2. And then imagine that they go to the same Security Car Company to install a new Security Alarm System inside their New Cars.
3. Now that they are happy with their new cars and with the full security system in place protecting their cars, they now feel totally secure about somebody stealing their cars.
4. But one day, one of them forgets to activate his Security Alarm System and guess what? The car gets stolen.
Now and after this, my questions to you are the following.
(Have in mind that the security system both customers bought was 100% perfect)
1. Why do you think the car got stolen?
2. Who is responsible for this situation?
If you are thinking right, the user was the creator of this problem and the reason why the car got stolen.
It does not matter what your thinking is on this situation because you should already know by now that humans are not perfect and they will never be, at least not in the near future.
Most of the problems (if not all of them) that happen in life are related to humans in one way or another.
And believe me my friends, Joomla is not the exception.
So, where I want to go with this is that even when Joomla is not the best CMS System for too many people, the security issue in here does not comes directly from the system itself but from the user who does NOT learn how to properly secure the Joomla System.
Yes I know sometimes the Joomla Coders create the security holes by mistake but that my friends happen as well in Wordpress and Drupal.
As today, I have been working with Joomla for over 3 years and yes some of my websites have been hacked in the past especially when I was learning Joomla. (Not a funny experience by the way)
But why that happened to me? Can you guess?
The answer is simple and that happened because at the beginning, I was not taking care of the security issues in those websites.
The problem was created by me because I did not secure those Joomla Websites properly and not because the Joomla was having too many security holes.
Keep in mind that I am not saying that Joomla CMS does not has any problems or security issues because to be honest I will be lying, but what I will like to emphasize with this blog post is that the last person who has the responsibility to secure a Joomla Website is the user who is building the Joomla website.
We are responsible for the education we get while learning how to properly secure Joomla Websites.
If you do mistakes and you install Joomla and secure Joomla improperly, believe me, your Joomla website sooner or later will get hacked.
Stop trying to blame others when the problem is probably you and your lack of understanding how to secure Joomla Websites.
Please have in mind that I don’t say this in a mean way but in a way that make you think about the problem and then in helping finding the solution to make that problem not happen again in the future.