I'm looking at CMS's for a new online magazine site I wish to start, and have crossed Joomla off the list due to security risks that I've read about in quite a few places. I hear the code is just very poor and has lots of security holes in it and sites can be hacked easily. Can anyone comment on this? Any major sites running with Joomla that are not experiencing security problems?
Could you elaborate what you have read, along with links please. I have maintained over 5 Joomla based sites, and none of them have been hacked as yet - so not sure what is the source of your information and its credibility. Thx
I searched for "Joomla Security Risk" and came up with tons of links to security fixes and problems with popular addons. I know it can be blamed on the addons, but from what I've seen, most sites must use lots of these addons to get the site they need up. Following are just a couple items. Here are some items form Secunia: http://secunia.com/advisories/search/?search=joomla Here's a comment from UniHacker: Joomla dot org hacked, Joomla 1.5 sites at risk. Aug 14th, 2008 by The Uni-Hacker. All Joomla 1.5 websites are at serious risk in getting hacked. In only the last two days I’ve managed to find a handful of websites, including our own, that have been hack into and defaced. Now, come to find out, the official Joomla.org website has also been hacked. It appears that the Joomla API for building extensions and mods is not programmed correctly. There are two many ways mod and extensions builders can mess up, and not even know it. It appears though that the Joomla 1.5 core is really whats at risk, but is not known for sure. Link: http://www.unihacker.com/2008/08/joomla-dot-org-hacked-joomla-15-sites-at-risk.html
About how often do you have to apply updates to the core? And let's say you have about 10 addons--are you updating these pretty often, and does a not-so-popular addon often just not get updated to fix their security problems and you have to remove it?
My understanding is that there was a problem with version 1.5, that has now been addressed with version 1.5.6 http://www.joomla.org/announcements/release-news/5199-joomla-156-released.html
I've ran tons of joomla sites and only had one problem when i forgot to change permissions of a certain file back. And that problem was very easy to notice and fix. Joomla is getting pretty good security wise these days.