Joomla 1.5.20 security on cPanel shared servers

Portal Home > Knowledgebase > Articles Database > Joomla 1.5.20 security on cPanel shared servers

Posted by Lanny, 08-06-2010, 02:45 PM
I have been creating my static web sites with M$ FrontPage 2000, which is very long in the tooth. I am contemplating learning a CMS. Either Joomla! v.1.5.20 (probably) or possibly WordPress 3.0 (which apparently is also very good for small web sites). Questions: (1) For web sites based on a CMS, on cPanel Shared servers, do you find one of those (Joomla or WordPress) has more security problems than the other CMS, for static web sites? (2) I have another domain name which I can use for learning/evaluating/testing and I have two (2) accounts on cPanel Shared servers. One of those accounts, has the M$ FrontPage Server Extensions installed. Am I correct that installing a CMS for an Add On Domain on that account might/would cause serious problems, with the .htaccess file and the M$ FrontPage Server Extensions? TIA! Lanny
Posted by Patrick, 08-06-2010, 03:02 PM
We personally find that WordPress has more security problems than Joomla. Whether it be to people not upgrading their software to the latest version, installing vulnerable / bad plugins, or whatever reason, seven times out of ten when someone puts in a ticket regarding a "hacked" website it is always WordPress. The CMS should have no ill effect on the .htaccess file containing the MS FrontPage extensions. Lots of mod_rewrite rules and htaccess directives can work together in the same .htaccess file.
Posted by SPaReK, 08-06-2010, 03:13 PM
We probably have the opposite. More Joomla! hackings than Wordpress hacks. Wordpress has a nice function to upgrade itself in it's admin panel with a click of a button. Joomla! I do not believe has this. Joomla! also has more extensions/addons and keeping those up-to-date is also imperative. Joomla! and Wordpress provide different features and really cater to different sets of people. Both have a strong community and following. The key thing, regardless of what script you use, is to keep it up-to-date. Keep any extensions/addons/components up-to-date as well. It may seem like a hassle to always keep it up-to-date, but if you are serious about keeping your website secure, then the least you can do is insure that the software on your website is up-to-date.
Posted by brianoz, 08-07-2010, 06:45 AM
I'm in agreement with Sparek; I think that Wordpress is probably preferable for simple site development - the auto-upgrade buttons for the core code and for the plugins is a huge win in my opinion. In any case, the host should have mod_security and CSF which serves to further reduce hacks. Wordpress seems to have a growing developer community and seems to be producing updates a little more regularly than Joomla. The issue here isn't just security and being hack free - it's how easy it is to update the software itself so it stays secure. With Wordpress it's just bone easy (click a button) and with Joomla it requires manual reinstallation of the entire site. It's about time the Joomla core team made a simple way to apply at least security updates, and until they do I'd think twice about using Joomla for smaller sites. Frontpage server extensions are widely considered insecure and outdated; I'm surprised you could even get a host offering them. I'd want to think twice about how current that host is, given most hosts are now refusing to offer Frontpage at all! When you sell a CMS, you should be able to build sites quickly using the many good and flexible templates out there. You also need to work out which plugins/components are trustworthy and good quality for the various needs you have. This will take you about half the time in Wordpress. Provide a cheat sheet explaining the basics and train your users; you should also be able to charge more for sites that can be maintained by the user as it's a big saving for them (and makes the site much more useful and relevant for their business marketing).
Posted by Lanny, 08-07-2010, 09:38 AM
Thanks to each of you, for replying and for all of the information you provided to me! I understand that keeping things up to date and backing up will be a little more difficult, but I can handle that. At the moment, I believe I will try this with WordPress 3, since it is easier to keep things up to date and it may be more responsive on the server, with the WPSuperCache plug in. The documentation I have seen about making web sites with Joomla! is better, but some excellent comments about WordPress.
Posted by FM-Jack, 08-07-2010, 05:55 PM
Lanny, Have you had a chance to visit the Wordpress Codex yet? It's about the most thorough -- and thoroughly newbie-friendly -- documentation I've ever come across in an open source project. Good luck with your new approach to site building.
Posted by MikeTrike, 08-07-2010, 06:19 PM
Having used both on many occasions, I personally favor WordPress over Joomla! any day. WordPress is much easier to upgrade, just click upgrade from the dashboard. Joomla! is also a bit clunky compared to WordPress. Theme's are also easier to work in WordPress and there are plenty of plugins to make your life easier. Granted Joomla! also has a boatload of plugins as well.
Posted by Dregond Rahl, 08-08-2010, 07:50 AM
I absolutely agrees, also Joomla once it gets larger is a memory hog, also a lot of plugins for joomla have poor queries. I adore WP and its simple system.
Posted by Lanny, 08-08-2010, 05:00 PM
FM_Jack: Yes, I have spent some time reading on the WP Codex. I am gradually picking things up. The problem for me with the WP Documentation is that the vast majority of users use WP for blogging, so most of the documentation is about blogging and I am going to use it for static web pages. Same thing when I look at WP books on books.google.com Most of the content is about blogging with WP. MikeTrike and Dregona Rahl: Probably, I am going to go with WP 3. Although the primary mission of WP is blogging, it does seem to have a bunch of advantages for small static web sites, in comparison to Joomla! The M$ FrontPage Server Extensions were EOL, several years ago, but they are included in cPanel. I have 3 sites (smallest to largest) that do not have the Server Extensions installed; but my oldest site has something in it that does use the Server Extensions. I'd like to get away from that and M$ FrontPage and find something that my wife can also use and understand, in the process. Thanks to each of you for replying!
Posted by MikeTrike, 08-08-2010, 05:17 PM
Our site is definitely not a blog, and I've done plenty of non-blog WordPress sites. WP over the last couple of years has exploded way beyond a simple blogging platform. It is very powerful and can go just about any direction you need.