---
title: "Misunderstanding: Joomla is unsafe"
date: 2018-01-24
description: "Joomla is safe! The community working with Joomla is getting better and better with website security. This is on top of the fact that the basic structure of Joomla is already security-conscious."
author: "Jeroen Moolenschot"
intro_image: "https://www.joomill.com/images/blog/misverstand1-veiligheid.jpg"
---

# Misunderstanding: Joomla is unsafe

![Misunderstanding: Joomla is unsafe](https://www.joomill.com/images/blog/misverstand1-veiligheid.jpg)

In this short series of blog articles, I am going to talk about the misconceptions I have heard about Joomla in recent years. I will try to start from the strength of Joomla itself but will not be able to avoid making a comparison with other systems. In this series, I will start with the main reason why I still work with this CMS, security.

 
## Security through predictability and centralisation.

 Out of my own interest, I have been looking into the code more and more recently, and the predictable way Joomla works is already an important indicator of security. All front- and backend requests must go through an index.php file. Plugins are triggered in predictable ways. Joomla uses predictable directory names for extensions, media files, images and so on.

 In Joomla, it is only possible for developers via JInput to access $_FILES, $_GET, $_POST and $_REQUEST superglobals when querying data. This prevents many attacks because there are centralised points to enforce security.

 When I look at other systems, I see that predictability is lacking and structures are abandoned to "make it as easy as possible" for the user. This at the expense of security!

 
## The Vulnerable Extensions List.

 Does this mean that there are never any poorly implemented extensions or templates? No it doesn't. On the Vulnerable Extensions List website[(https://vel.joomla.org/live-vel)](https://vel.joomla.org/live-vel), you can see a list of extensions where security problems have been found. It is wise to regularly check for extensions that you happen to use. Do pay attention to the version number of the extension because in many cases an update has already been released that solves this problem.

 Joomla itself has had some security issues in the past, but the community is getting better and better at website security and faster at fixing problems in this area. This is on top of the fact that the basic structure is already security-conscious.

 
## Joomla is not standing still.

 It won't be long before we enjoy the new version of Joomla 4.x that the production team is working on. Versions 2 and 3 are secure, but improvements have been made to the MVC model and the overall structure. Many of the improvements, by the way, are already available in Joomla 3.8.

 
## So why are Joomla websites being hacked anyway?

 The CMS is in itself a secure system to build your website with. 1 of the conditions to keep your website really secure is that your software, both Joomla itself and all extensions, are kept up-to-date. Over the past few years, I have cleaned up about 50 hacked websites and each of them had the same problem. It was outdated!


## Custom Fields

**Call2Action Titel:** Don't want to leave the security of your website to chance?

**Call2Action Tekst:** Choose security with my maintenance subscription so that your site is always safe and up-to-date.