Top Ten Stupidest Joomla! Administrator Tricks

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
User avatar
rliskey
Joomla! Guru
Joomla! Guru
Posts: 828
Joined: Tue Jun 06, 2006 7:41 am
Location: California, Germany, Norway
Contact:

Top Ten Stupidest Joomla! Administrator Tricks

Post by rliskey » Mon Nov 27, 2006 7:06 am

10. Go with the cheapest hosting provider you can find, preferably a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites. Don't check the list of recommended hosting providers.

9. Don't waste time with regular backups. Maybe the hosting provider will help you.

8. Don't waste time adjusting PHP and Joomla! settings for increased security. Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.

7. Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.

6. Install your brand new beautiful Joomla!-powered site, celebrate a job well done, and don't worry about it again. After all, if you don't make any more changes, what can go wrong?

5. Do all upgrades and extension installations right there on the live site. Who needs a development and testing server anyway? If an installation fails, you'll just uninstall it again. That will hopefully also undo any damage the installation caused.

4. Trust all third-party extensions, and install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing.

3. Don't worry about updating to the latest version of Joomla!. Hey, nothing's gone wrong so far! Same plan for the third-party extensions. Too much work anyway.

2. When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: "Help! My Site's Been Hacked!" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions were installed.

1. Once your site's been cracked, fix the defaced file and then assume all is well. Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming actions. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.
Last edited by rliskey on Thu Nov 30, 2006 5:05 pm, edited 1 time in total.

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by infograf768 » Mon Nov 27, 2006 7:35 am

Thanks for this.

Hard for some to be exposed to true facts, but a very necessary list.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

steve4j
I've been banned!
Posts: 143
Joined: Sat Sep 03, 2005 3:37 pm

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by steve4j » Mon Nov 27, 2006 11:26 am

rliskey wrote: 10. Go with the cheapest hosting provider you can find, perferably a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites.

^^ Only have TWO PROBLEMS with this.
1. Most or Many users have NO CHOICE in the hosting provider. They werent just sitting around thinking, HEY! LETS MAKE A WEBSITE! and then start planning which quality host to use.  Few can afford or justify a DEDICATED SERVER to host their little league website or Crochet/Knitting community group. Many people ALREADY had some pokey HTML or POSTNUKE site and were CONVERTED by Joomla Evangelists like myself. Switching to another host leads them to the bryzantine world of DOMAIN and hosting contracts which often mean they have to have a dead or unavailable site while the DNS gets rerouted :(

2.As for "high traffic porn sites"? -an inflammatory interjection into an otherwise logical debate (hey most of us were made with a little bit of mom & dad porn anyway, what do I care? :P,
....though I would guess such sites rank a wee bit higher  on the totem pole than Phishing sites, Jhihad sites, Neo-Nazi & Anarchy forums, high traffic or otherwise :) )




8. Don't waste time adjusting PHP and Joomla! settings for increased security. Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.

Here I feel Joomla JUST HAS TO STEP UP AND DO MORE
The three tiered login security in the backend is a good start, and the REGISTER GLOBALS security check is even better! now, if Joomla could provide a 'code/site snapshot' module that you could upload periodically and run to generate a md5 hash of all your site files for comparison with earlier runs, that would be a BIG PLUS.

Implementing the .HTACCESS protection rules could be a little more clearly documented and separated from the SEO/SEF stuff, good steps are in place, just needs a bit more noobie friendliness...
Maybe the install could do an initial backup for the user?
Or a save initial/current settings option?



5. Do all upgrades and extension installations right there on the live site. Who needs a development and testing server? If an installation fails, you'll just uninstall it again. That will hopefully undo any damage the installation caused.
:( true. But this is often unavoidable, especially with AJAX code and server settings/version numbers, there's just no substitute for just doing it live on your running site ... just backup first and DOCUMENT WHAT YOU ARE DOING

4. Trust all third party extensions, and install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing.

3. Don't worry about updating to the latest version of Joomla!. Hey, nothing's gone wrong so far! Same plan for the third party extensions. Too much work anyway.

2. When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: "Help! My Site's Been Hacked!" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions were installed.

A little bit of OUR FAULT HERE.
The SITE SHOWCASE FORUM has all KINDS OF RULES governing posts in that forum (indeed I was banned for three days for 'rating' presented site :P see offending post here ->http://forum.joomla.org/index.php/topic ... #msg576504

There should be a rigid template for entering hack reports.
I agree,there's just too darned much "I BEEN HACKED BY ****" followed by three or four posts of obligatory teeth pulling to get the prerequisite information :grrr:



1. Once your site's been cracked, remove the file the attackers defaced, and assume that all is now well. Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming actions. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.

Can we help here? maybe add a rudimentary -log file checker to the joomla backend? and maybe a little link to some log file format documentation? Maybe just enough functionality and information to whet the appetite and encourage them to search for more?
mant of the hacked NEVER looked at logs till the hack

:laugh: LMBO @ 'PARANOID' I've been accussed of being paranoid HERE on this forum by .... oh well... all considered, a very thought provacative post ...too bad most people wont even read it until the day after their hacked..

maybe the New Joomla in the  control panel could have a link to RECOMMENDED READING to encourage click through to this section??

maybe SECURITY, BAD 3PD COMPONNENTS and similar thread could be 'stickied' in the Joomla backend??

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by brian » Mon Nov 27, 2006 12:34 pm

just a thought but perhaps something along the same lines as this thread could be included as sample content. it MIGHT mean that more people read and take notice
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

bradfordhill
Joomla! Apprentice
Joomla! Apprentice
Posts: 31
Joined: Thu Sep 07, 2006 2:09 pm
Location: Dallas, TX
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by bradfordhill » Mon Nov 27, 2006 5:29 pm

rliskey wrote: 7. Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.
I've heard from many reputable sources that it's more secure to use different usernames for everything than it is to use different passwords (and far safer information to write down/store), provided your standard password is not an unmodified real-word derivative...though different passwords will help, but only nominally so.

Personally, I use location-based passwords to go along with whatever set of usernames I'm working with, and I take care to change them bi-monthly.

Great post, though...a must read for anyone, not just site admins.
Last edited by bradfordhill on Mon Nov 27, 2006 5:31 pm, edited 1 time in total.

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1366
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by RobS » Mon Nov 27, 2006 5:41 pm

brian wrote: just a thought but perhaps something along the same lines as this thread could be included as sample content. it MIGHT mean that more people read and take notice
On it :)
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by brian » Mon Nov 27, 2006 6:11 pm

great
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

Asphyx
Joomla! Hero
Joomla! Hero
Posts: 2454
Joined: Sun Aug 28, 2005 5:03 pm

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by Asphyx » Mon Nov 27, 2006 8:21 pm

I am just so guilty on #5! LOL

But at least I knew I was wrong about that before this list came out! LOL

As for Joomla doing more I agree on the hash list but considering how many people hack files there would need to be some way to incorporate user changes to the check...

As for HTACCESS, I just don't see how J! could possibly take into account every server situation it might come accross....
not without including it's own PHP.INI and an HTACCESS that overrides every setting in apache irregardless of if it needs to be overwritten or not...

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9347
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by RussW » Tue Nov 28, 2006 5:29 am

This has got to be the best post for weeks...! 

Sorry, Brian, Hackwar,  your security posts come nowhere near as good at this one 

Thanks for the laugh and touch of reality.... within minutes of reading, I went back out in to the fray and managed to identify 6 out of the 10 points in new posts  LOL
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

User avatar
brad
Joomla! Master
Joomla! Master
Posts: 13272
Joined: Fri Aug 12, 2005 12:38 am
Location: Australia
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by brad » Tue Nov 28, 2006 5:45 am

Ron, can I post this to my blog and reference your thread? I love it!
Last edited by brad on Tue Nov 28, 2006 5:50 am, edited 1 time in total.

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9347
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by RussW » Tue Nov 28, 2006 5:49 am

Thats cheating Brad...!    :P


Having now been through a few more of the daily posts,  I gotta tell yer, rliskey's sense of humour is certainly coming out on top today, gotta appreciate that  ;)
Last edited by RussW on Tue Nov 28, 2006 5:53 am, edited 1 time in total.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

User avatar
Aris Ntatsis
Joomla! Guru
Joomla! Guru
Posts: 866
Joined: Thu Aug 18, 2005 11:18 pm
Location: Athens - Greece
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by Aris Ntatsis » Tue Nov 28, 2006 7:22 am

I will translate it and post it at Greek Joomla sites!
Joomla Volunteer & Certified Joomla Administrator: https://volunteers.joomla.org/joomlers/ ... is-ntatsis
Υποστήριξη και Υπηρεσίες Joomla από το https://www.onscreen.gr

User avatar
rliskey
Joomla! Guru
Joomla! Guru
Posts: 828
Joined: Tue Jun 06, 2006 7:41 am
Location: California, Germany, Norway
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by rliskey » Tue Nov 28, 2006 7:12 pm

Ha! Glad most of you liked the post. I was a little worried. Before anyone's feelings get hurt, let me say that I've been guilty of every one of these "tricks", and am still guilty of a few. But I'm learning...
;)

"Slowly, slowly climbs the snail.
Up the slope of Mt. Fuji."

                                          -Basso

Humor is a touchy thing, especially cross-culturally. (Assuming of course that we all have a culture. Mahatma Gandhi, as you know, wisely differed with the dominant paradigm on this point. And recent political events seem to confirm his observation.)

Re: the reference to porn
My reason for mentioning porn was to give a typical example of the kinds of high-traffic/low cost sites that can and often do bog down a shared server. Porn sites are notorious producers--and targets--of spam, an activity that most people don't want on their server for purely technical reasons:
  1) server runs slowly or crashes (think 100% CPU load) and/or,
  2) all IPs on that server get black listed and/or,
  3) server gets shut down, reorganized, moved, or worst of all,
  4) server is simply ignored by the host and left to flounder.

Re: Is it okay to cross-post?
Absolutely! I don't have a copyright on stupid tricks, although sometimes it feels like I do have the corner on them.  But then I read the forums and feel better again.
:D

Hey, an idea! I'll copyright stupid tricks! From now on, you need to send me 5% of anything you lose because of a stupid trick. Oh! Looks like Microsoft already grabbed that copyright!
Last edited by rliskey on Fri Dec 01, 2006 7:16 am, edited 1 time in total.

User avatar
brad
Joomla! Master
Joomla! Master
Posts: 13272
Joined: Fri Aug 12, 2005 12:38 am
Location: Australia
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by brad » Tue Nov 28, 2006 7:24 pm


User avatar
Aristocrat
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 207
Joined: Thu Aug 18, 2005 5:50 am
Location: Vancouver, BC, Canada
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by Aristocrat » Tue Nov 28, 2006 10:54 pm

That was a great post thank you!

:)
Rastin Mehr - Founder/Web Application Architect
http://www.rmdstudio.com - Social People Building Social Web Solutions ™
http://www.Anahitapolis.com - The Anahita Social Engine ™ project

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9347
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by RussW » Wed Nov 29, 2006 11:06 am

Ron

You just made my day again.....  ;D
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

Geoff
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3173
Joined: Sun Apr 16, 2006 12:20 am
Location: 127.0.0.1

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by Geoff » Fri Dec 01, 2006 12:33 am

Gotta love #10 on the list.  :D

I am guilty of #5 though. I mean, it's just SO much faster to upgrade/install on a live site. I mean after all I do have backups when things go wrong. :)
Backup, backup, backup!
The "Master" .htacess file by Nicholas http://snipt.net/nikosdion/the-master-htaccess

User avatar
elkuku
Joomla! Intern
Joomla! Intern
Posts: 97
Joined: Sat May 13, 2006 11:51 am
Location: Atacames
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by elkuku » Sat Dec 02, 2006 12:45 pm

I would like to translate it for the germans.

Very nice, and more funny than just saying "you have to do this and that"  ;)

User avatar
rliskey
Joomla! Guru
Joomla! Guru
Posts: 828
Joined: Tue Jun 06, 2006 7:41 am
Location: California, Germany, Norway
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by rliskey » Mon Dec 04, 2006 2:54 am

I would like to translate it for the germans.
Very nice, and more funny than just saying "you have to do this and that"
Danke, und ich wuenche Dir viel Spass dabei.  :D
Last edited by rliskey on Fri Dec 29, 2006 3:57 am, edited 1 time in total.

User avatar
bascherz
Joomla! Explorer
Joomla! Explorer
Posts: 257
Joined: Mon Jan 16, 2006 1:33 am
Location: Vienna, VA
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by bascherz » Thu Dec 28, 2006 6:13 pm

Guilty on all charges (well, almost all).  :-[

Great stuff. One more thing that maybe didn't make it onto the original list is actually believing the following: "Hey, I'm just the little guy. Who would want to take advantage of my site?"

The really scary thing about what's happening here is that at some point these people have full access to your server account. They could easily do a lot more damage than they typically do.
Bruce Scherzinger

HH
Joomla! Guru
Joomla! Guru
Posts: 605
Joined: Fri Dec 29, 2006 11:57 pm
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by HH » Wed Jan 03, 2007 7:56 pm

Hi rliskey,

Thanks a lot for this informative thread.

May I suggest updating this to be introduced into the Security FAQ's forum?
http://forum.joomla.org/index.php/board,322.0.html

Thanks,
Me = Wonder + Ponder
http://www.hichamaged.net/

User avatar
rliskey
Joomla! Guru
Joomla! Guru
Posts: 828
Joined: Tue Jun 06, 2006 7:41 am
Location: California, Germany, Norway
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by rliskey » Thu Jan 04, 2007 11:18 pm

Searching before asking, however sometimes cannot find answer. Any Insight?
The only insight I can think of comes from Picasso...
"Computers are stupid. They can only give you answers."

HH
Joomla! Guru
Joomla! Guru
Posts: 605
Joined: Fri Dec 29, 2006 11:57 pm
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by HH » Fri Jan 05, 2007 12:14 am

rliskey wrote:The only insight I can think of comes from Picasso...
Hey, give me a break! Picasso is already working somewhere else right now! (username + password = undefined)
8)
rliskey wrote:"Computers are stupid. They can only give you answers."
Very Stupid indeed, however, sometimes it depends on the user's input
:laugh:
Me = Wonder + Ponder
http://www.hichamaged.net/

hanzahar
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed May 09, 2007 5:36 am
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by hanzahar » Wed May 09, 2007 12:42 pm

this is tough since i'm not really a computer guy  :'(

hinesw
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 175
Joined: Mon Sep 26, 2005 10:36 am
Location: Ballarat - Australia
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by hinesw » Fri May 11, 2007 12:28 am

Does this mean I have to change my user name of "admin" and password of "admin"?

My kids could not work it out?

matthewhayashida
Joomla! Ace
Joomla! Ace
Posts: 1618
Joined: Sat Feb 10, 2007 8:26 pm

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by matthewhayashida » Fri May 11, 2007 2:05 am

Awesome post.

User avatar
Basetballjones
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 230
Joined: Sat Jan 06, 2007 5:43 pm
Contact:

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by Basetballjones » Fri May 11, 2007 2:45 am

Truth always hurts a little, but it's good for us!
I've been guilty of every item on that list save the "OMG I've been haxed!" thread

If I report an issue that big and infuriating, it's going to look like a friggin nuclear reactor user's manual before I am done with it.  :pop

My favorite though, is when someone asks me to help them design a site, afterwards I instruct them on how to make changes and then afterwards, close up the holes- and they never do.  Simple CHmods  oh no!
After a month or so when the turkish cyber army or whoever put's pretty pictures all over their homepage they blame me for lousy coding or setting them up with flawed software I ask them what the permissions on their config php is or was before it was deleted...

their answer "umm..  locked?"  :D
http://www.fraganoob.com&nbsp; Putting Gamers in Control!

hewbie
I've been banned!
Posts: 53
Joined: Wed May 09, 2007 11:34 am

Re: Top Ten Stupidest Joomla! Administrator Tricks

Post by hewbie » Sun May 13, 2007 11:30 pm

Basetballjones wrote: Truth always hurts a little, but it's good for us!
I've been guilty of every item on that list save the "OMG I've been haxed!" thread

If I report an issue that big and infuriating, it's going to look like a friggin nuclear reactor user's manual before I am done with it.  :pop

My favorite though, is when someone asks me to help them design a site, afterwards I instruct them on how to make changes and then afterwards, close up the holes- and they never do.
I modify their code so that if any file (on the secure list) is writable (and it should not be) the site wont run until the permissions are set appropriately. I got the idea from the Joomla install, which wont allow you to continue if the install files are still present.

IMHO Joomla should do something like that as well for security/file  settings it has the ability to SEE are a vulnerability issue.
It should be a Joomla default behaviour -but it isnt - It would be similar in practice to the "Fasten Seatbelt light and image, also the little 'chirp' you get every 2 minutes if you insist on running the car with it on!

Joomla should have it by default, IMHO, but wont.. oh well...

User avatar
DocMartin
Joomla! Intern
Joomla! Intern
Posts: 69
Joined: Thu Sep 15, 2005 9:06 am
Location: Hong Kong
Contact:

Joomla easy to manage - hahaha

Post by DocMartin » Mon May 14, 2007 5:58 am

Good thread.

But surely gives the lie to claim Joomla is "easy to manage"!

Who wrote that, I wonder.  ???
(Claim maybe true if you're regular human who installs, does a little with J and moves on; or if you're some kind of cyberbeing. Otherwise, "easy" is just plain wrong.)
http://www.hkoutdoors.com - Hong Kong's wildest travel site.
http://www.drmartinwilliams.com - Conservation, travel, inspiring people; guff re Joomla

User avatar
Basetballjones
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 230
Joined: Sat Jan 06, 2007 5:43 pm
Contact:

Re: Joomla easy to manage - hahaha

Post by Basetballjones » Mon May 14, 2007 6:24 am

DocMartin wrote: Good thread.

But surely gives the lie to claim Joomla is "easy to manage"!

Who wrote that, I wonder.  ???
(Claim maybe true if you're regular human who installs, does a little with J and moves on; or if you're some kind of cyberbeing. Otherwise, "easy" is just plain wrong.)
To be perfectly factual, on a comparative basis, Joomla is very easy.

Firstly- Joomla takes nearly thousands of web design functions and maps them to simple buttons.  Point and click web design.  It is a CMS, and as such, it takes over 80% of the work out of building,  deploying, maintaining, and securing a web site.  I can simply mention the amount of time I have save not typing this out in full:

Code: Select all

<p style="center">Joomla does it for me, as well as hundreds of other things.</p>
I have probably saved 50 man hours on HTML elements alone.. And that is just one tiny example, overrall, Joomla has saved me countless  hundreds of hours in design and maintenance time. Joomla is the best damned employee I've ever had ;)

Secondly- Any website has to be secured, and Joomla makes much of this ready integrated and the rest is fairly easy to implement if you read a little.  I don't care what you find to build websites, they all have to be secured, and without the benefit of the assistance Joomla, or other CMS' offer, you have a long days work ahead doing it all yourself.

I have worked with and on a few commercial/ enterprise grade CMS systems, and they don't offer much more than Joomla other than Oracle databases and ASP encoding, but you still have to go through all the steps of securing your property against attack as anything else.
http://www.fraganoob.com&nbsp; Putting Gamers in Control!


Locked

Return to “Security - 1.0.x”