There are many aspects to consider when choosing a management system (CMS) for your website. Some things such as how the system is designed are obvious for everyone to check out as it is what you actually see when you use the system, while other things such as IT security are something that goes over the head of the average person.
Joomla! is a CMS system that has been very prone to problems for a long time and has thus become a ‘black sheep’ among IT people, and a favourite target for hackers. So why has it come to this? And why do new installations continue to appear daily?
Joomla! and the culture of carelessness
Joomla’s biggest problem right now is not the system itself, but many of the people who make a living selling and creating websites in the system. Since many (but far from all) of the people who provide Joomla! solutions are not very good at what they do, this has led to a large market where you can buy and sell everything from ready-made templates to modules – add-ons – for Joomla.
The business model is simply that you usually buy ready-made templates and modules that you cut and paste in an afternoon and then sell either as a cheap template solution – or sometimes even as a customised website (which is clearly a scam).
This in itself is not a problem, but when there is a lack of expertise at so many levels and very few reviewing bodies, the quality suffers. Open source is great, but it can easily fail if the “nerds” leave the project and the only ones left are salespeople with no morals. The result is that both Joomla! and many modules are very poorly programmed. What does this mean for those who have a Joomla! solution?
Joomla! has a lot of security problems
If you mention the word Joomla! to someone who runs a web hosting company or works with IT and security, you are usually met with a plethora of swear words. I haven’t spoken to a single advertising agency that hasn’t had security problems with their clients’ Joomla! installations. They get hacked on a regular basis, and then spread viruses and other things to those who access the sites. And once they are fixed, it sometimes takes only an hour before the site is hacked again.
The reason this happens is partly because the add-ons are poorly programmed, but also because many of the add-ons are bought. Because they are purchased, they are not freely available when you want to make upgrades. In many non-open source systems, you can buy the extensions once and then upgrade easily – but because Joomla! is open source, there is no such solution – and there never should be. Instead, the modules should be released as open source, just like Joomla! and then be upgradeable with a click.
Until the rogue players are weeded out and the quality of the modules is significantly improved, no one should use Joomla! for anything.