Security for Joomla and WordPress?

Security for Joomla and WordPress?

Security of the web content is, needless to say, very crucial in our times today. With many websites undertaking ecommerce activities among other things, a potential vulnerability exploited by a hacker could well mean a possible loss in revenue and other vital information going into the wrong hands.


Here, in this article we would scrutinize the various security features each of these CMS softwares have to offer and try to find out which one is more secure than the other. All the good CMS softwares out in the market are open source that is the code is public for anyone to see, modify and build further applications for, in the form of plug-ins or extensions. These include wordpresss and Joomla which have over 18,000 and 9,200 official plug-ins and extensions. While the “core code” (the application which installs on your computer without any add-ons) of both WordPress and Joomla are considered largely safe, it has been observed that most of the security issues and vulnerabilities arise from the plug-ins and extensions that are developed by the third party. This is where the security analysis teams of WordPress and Joomla have to constantly monitor their plug-ins directory and troubleshoot the problems as they come. Security vulnerabilities can also occur from the malware present on the server from where the website is hosted. The extent of vulnerability can also depend upon the experience of the webmaster running the website. In general the security issues can be classified into these broad categories :

  • Security of the core application
  • Security of the plug-ins
  • Quality of the hosting
  • Experience of the webmaster

Security for WordPress

At the start of the CMS gaining popularity, WordPress was a software that faced the maximum number of hacks and security issues. Since then however, WordPress has remarkably improved upon the security and reliability aspect. Today, wordpress is the most widely used CMS and with regular updates of its core files and patches released for its plug-ins, it has also become the most reliable. There are available many security plug-ins for the WordPress which make the work of managing the security even simpler. The tools search for the various updates of core files and plug-ins installed and patches them automatically, making the job of the administrator even simpler. A good tip to enhance security is to rename the administrative account from the default admin to another name of your choice through MYSQL command-line client. It is also advised to not broadcast the version of the WordPress version you are using on the website. This would further confuse the hackers into deciphering the version before they can hack it.

Security for Joomla

The core- code of Joomla, built on PHP and MySQL is considered largely safe and secure, the current version of the software being Joomla 2.5. The many vulnerability issues that occur in Joomla are mostly from the extensions and older versions of Joomla which have not been updated. Joomla claims to take all security vulnerability very seriously and has its own security team by the name of Joomla! Security Strike Team, consisting of developers and security experts who constantly improve and manage security for Joomla. The goals of the team as per their website are to:

  1. Investigate and respond to reported core vulnerabilities.
  2. Execute code reviews prior to release to identify new vulnerabilities.
  3. Provide public presence regarding security issues.
  4. Help the community understand Joomla security.

The JSST however currently monitors only Joomla 2.5.x and support for all the older versions is already discontinued with the version 1.5.x slated to end on April 2012.

Apart from this, there are available a number of extensions one can download from the Joomla extensions directory. These extensions are aimed at equipping the user with tools to perform database maintenance, change database prefix, enhance security with an administrator password for administrator directory and even set a secure Super Administrator ID etc. One such award winning extension is “Admin Tools” developed by Akeeba Developers. This tool is very popular and efficient and free. However the support is not and comes at a price.

Keeping the version up to date is one of the best measures that the webmaster can take to keep all information on his/her website safe and prone from potential vulnerabilities. Another good practice suggested by many forums of developers is to change the default database prefix (jos_). Most hackers try to retrieve the username and password from the jos_users table. Changing the prefix from this default name to your own custom name is a very good way of staying secure.

Joomla however has a general perception among the bloggers and website developers as being not very efficient and effective as that of WordPress, when it comes to security.  Many people have expressed the opinion that Joomla is a bit confusing when it comes to security measures and practices that a webmaster can undertake.

One has to remember that nothing is 100% safe from the hackers. Irrespective of what CMS one uses, it is often down to the practices of safety and maintenance that the webmaster undertakes. Diligence and experience of the webmaster thus very often delivers the final verdict on the security of the CMS. As a general practice, it is highly advisable to keep the core files and the plug-ins and extensions up to date. Also the use of a secure server and having a good and up to date firewall on the host computer is a good idea. Malware on the system of the administrator can easily lead to vital information being stolen and misused.

It is thus advised that your decision of choosing a CMS should not solely based on security. A system is as secure as the diligence of the webmaster and the administrators. Your decision of choosing the CMS should therefore be based upon the kind of website you wish to develop, with WordPress more suited for creating a blog and a rather static website, and Joomla more suited for rich media content to be streamed on the website. Security issues shall remain in both the CMS softwares with the efforts and diligence of the administrators as the primary and most effective shield one can have against the attackers.\


  • You might also consider reading:

Sharing Is Caring:

hey everyone my name is aayat which is an English blog. In this blog, along with the information related to Blogging, you will get all other types of information available in the English language!

Leave a Comment

Ads Blocker Image Powered by Code Help Pro
Ads Blocker Detected!!!

We have detected that you are using ads blocker extensions to block ads. Please support us by disabling these ads blocker.


Powered By
CHP Adblock Detector Plugin | Codehelppro