Joomla Security Primer

As a security guy, I get asked frequently about Joomla, and if it's secure. I start to answer, and am always interrupted with something along the lines of:

"..I know it's not, I just want to know how insecure it is.."

As if security is measured on a 1 to 10 scale..Security is not a scale, but a total philosophy, a set of tools and actions. Yes, it can be measured, but taking Joomla and singling it out is foolish. Looking at Joomla as part of your total site security makeup IS the right answer. You must measure security holistically. Any part of your security that is weak,weakens the entire infrastructure.

So how do you answer it? To begin with, Joomla is only as secure as the platform it is on, the extensions installed on it and the proper safeguards that are put in place. In fact, many times if a Joomla site is hacked, it could be any number of things. But here's the part that is hard for some to swallow...It's not typically Joomla's fault. it's many times the administrators fault for failing in some basic areas. Now to be fair to the admin, security is an entire practice itself, and in this article I will lay out some basic concepts both Joomla and non-joomla to help you understand how to secure your site.