I keep hearing joomla is bad with security.. is this true? What's the best version of joomla? I have some rival sites and I know if I put something exploitable up, they'd go to take me down so I needa know is there any security risks with joomla 1.0 and/or 1.5? thanks
Search this page for joomla - http://www.frsirt.com There has been a security flaw found almost every month so far in 2008. One of the problems with joomla, if an addon is found to have a security hole, it is still offered as a download. In comparison, some software sites like Vbulletin.org - if a piece of software is found to have a security flaw, that software is pulled from the site until the developer fixes the problem. I was active in the joomla community for about 6 months. During that time I never saw a piece of software pulled from the joomla community for security reasons. On the other hand, some communities send out a news letter if a popular addon is found to have a security flaw. Some of the "popular" addons I saw had not been updated for almost 2 years. Using software like that will leave any CMS / Forum open for attacks. But with joomla, it seems that security is secondary to the number of downloads the community can offer. So, with joomla security - your on your own. ==============EDIT===================== A search of this secrutiy site - http://search.securityfocus.com/sws...earch!&metaname=alldoc&sort=swishlastmodified Found 22 pages with 320 results of joomla related material Today is June 8th and 7 security flaws have been found just this month.
Oh wow... so both 1.0 and 1.5 have major security issues? :| i prefer joomla to drupal.. i just hate drupal :/ anything else comparable? ;x
Honestly the security for Joomla is pretty bad. I've had my previous site hacked quite a few times using Joomla 1.0. I'm not sure about 1.5 though since I've never been hacked using 1.5 yet.
It's open source software. People who program know how to hack software. It's a sad reality that there are those people among us who have nothing better to do than disrupt the lives of others. But as long as you have to keep your code open to the public, there will be those who find and exploit security holes. How does one make a completely secure CMS and still leave it open to development?
For one thing, the Joomla community could stop pimping insecure software. Its as if the joomla.org website wants to host as many downloads as possible, regardless of how secure the software is. Having lots of modifications is a good selling point to people looking for a free CMS. Joomla might have hundreds of mods, but what you dont hear is how many of those are outdated or not secure. Linux is open source as well, but it is very secure. Same with MYSQL. Being open source does not make it insecure, its "how" its coded that makes it insecure.
Joomla send your passwords in clear text. If you are doing something serious on your website, use SSL.
if you think joomla is unsafe....use wordpres...</joke> They say everbody can hack in WP..On the other hand..Drupal is known for being well protected...try to use it <--not joke!
If you use Joomla, try to : - update everytime there's a new release - keep the number of add ons to the bare minimum, and update them all the time too.
little homework perhaps.... Change the default database prefix (jos_) Remove version number / name of extensions Use a SEF component Use the correct CHMOD for each folder and file Delete leftover files Change your .htaccess file
These are all good points I had many 1.0 sites - which all got hacked - 1.5 is much better However - it's also a good idea to backup your site every time you make major changes - peace of mind : )
If your website was hacked, its not joomla's fault. Did you honestly followed all the security measures? Did you read all the security documents?