The Joomla! Vulnerability List web portal and an active developer community helps keep Joomla one of the most secure open source CMS systems in the marketplace.
If you are going to build your business online you want to make sure you build it on a solid and secure foundation. We believe Joomla is among the very best solutions for any small business enterprise for this reason and many others.
The Joomla community is aggressive and proactive about making the Joomla CMS and platform one of the most secure in the industry. Not only have they done a great job building the core CMS with security in mind and been one of the fastest open source communities to respond when a security vulnerability is discovered but they also are aggressive with processes for assuring the many 3rd party extensions are secure as well. As you could imagine with a community that has contributed 10’s of thousands of Joomla extensions which are mostly available through the Joomla extensions directory http://extensions.joomla.org/ and nearly as many templates (soon to be available in a Joomla Templates Directory), monitoring the potential security threats is quite a significant task. Joomla.org has always has a responsive security team but one of the things that community has done recently is expand their web portal http://vel.joomla.org/ for the Joomla! Vulnerability List. If you are a developer or even a site administrator you can subscribe to this list and be notified as extensions vulnerabilities are discovered and monitor if and how the developers have responded. Since keeping your site and associated Joomla extensions updated is one of the most important steps for securing your online assets this is a fantastic resource for you and the rest of the Joomla user community.
Some hosts are better than others for securing their servers but most do nothing at the application level or to protect your Joomla web site. This is why we also recommend that you consider another application layer security solution such as www.securelive.com or some CDN (Content Delivery Networks) have additional security protection worth merit as well. We have found the Secure Live solution to be the best all-around protection. Especially if you are still running older versions of the software and are limited on funds to maitain it. Most of the common threats can be protected against if you install one of the SecureLive solutions. It is also worth taking time to understand how your hosting environment is configured and protected and again keep your site up to date. There are great utility extensions like www.watchful.li for Joomla that can send you alerts and quickly review the status of your site extensions.
Since Joomla 2.5 upgrading your core Joomla and many supported extensions is as simple and easy as logging in and clicking a couple buttons. This has made keeping sites upgraded almost a non issues in many cases and increased the trend for Joomla as a top performer compared to other open source applications when it comes to security. This they are not the final athority nor do they catch everything, tools like those by veteran Joomie Phill Taylor at www.myjoomla.com are a cost effective way to scan your sites for vulnerabilities.
Our best advise is to make sure everything on your site is upgraded and use an application layer security tool like SecureLive). The costs of getting hacked and cleaning up are much more than the costs of being proactive and you can have a much greater peace of mind. The good news is that the Joomla community is doing a grewat job of providinge good information and built in tools for staying on top of security even if you know little about it. To learn more, make sure you drop by the Joomla! Vulnerability List portal and see where you may need to do any upgrades or proactive protection. http://vel.joomla.org/