Nederlands 
English 
Misunderstanding: Joomla is unsafe
In this short series of blog articles, I am going to talk about the misconceptions I have heard about Joomla in recent years. I will try to start from the strength of Joomla itself but will not be able to avoid making a comparison with other systems. In this series, I will start with the main reason why I still work with this CMS, security.
Security through predictability and centralisation.
Out of my own interest, I have been looking into the code more and more recently, and the predictable way Joomla works is already an important indicator of security. All front- and backend requests must go through an index.php file. Plugins are triggered in predictable ways. Joomla uses predictable directory names for extensions, media files, images and so on.
In Joomla, it is only possible for developers via JInput to access $_FILES, $_GET, $_POST and $_REQUEST superglobals when querying data. This prevents many attacks because there are centralised points to enforce security.
When I look at other systems, I see that predictability is lacking and structures are abandoned to "make it as easy as possible" for the user. This at the expense of security!
The Vulnerable Extensions List.
Does this mean that there are never any poorly implemented extensions or templates? No it doesn't. On the Vulnerable Extensions List website(https://vel.joomla.org/live-vel), you can see a list of extensions where security problems have been found. It is wise to regularly check for extensions that you happen to use. Do pay attention to the version number of the extension because in many cases an update has already been released that solves this problem.
Joomla itself has had some security issues in the past, but the community is getting better and better at website security and faster at fixing problems in this area. This is on top of the fact that the basic structure is already security-conscious.
Joomla is not standing still.
It won't be long before we enjoy the new version of Joomla 4.x that the production team is working on. Versions 2 and 3 are secure, but improvements have been made to the MVC model and the overall structure. Many of the improvements, by the way, are already available in Joomla 3.8.
So why are Joomla websites being hacked anyway?
The CMS is in itself a secure system to build your website with. 1 of the conditions to keep your website really secure is that your software, both Joomla itself and all extensions, are kept up-to-date. Over the past few years, I have cleaned up about 50 hacked websites and each of them had the same problem. It was outdated!
