Using Joomla to build a website

[davidst01]

I have been asked to help out at work building a website for our dept using Joomla

https://www.joomla.org/

How do you rate this website for building a url? Any tips?

A few years ago I built a site using Wordpress and it took me a few months to slowly do it. I should thus be able to cope with joomla one would think???

Any suggestions are appreciated.

[Inn Between]

Joomla is cool in many ways. I tried Wordpress after getting familiar with Joomla and was quickly back to Joomla, but according to some sources, Wordpress was the way to go at that time.

Use Xampp to setup a self-contained hosting platform and development can go quickly (that was also an option for Wordpress, I believe, so you probably know that already). I forget the best template sources as I haven't been at it for a while -- just did a few sites for some friends' businesses a while back, but there are some good forums to help you out. Good luck with it. Lots of cool extensions and components to make a site up-to-date and pretty slick.

Edited February 9, 2016 by Inn Between

[ukrules]

Both Joomla and Wordpress are a security nightmare, they're full of holes and require constant updating.

The extensions and plugins are often much worse than the core code from a security point of view as they're often written by complete amateurs.

[Inn Between]

Both Joomla and Wordpress are a security nightmare, they're full of holes and require constant updating.

The extensions and plugins are often much worse than the core code from a security point of view as they're often written by complete amateurs.

Sure, we know that banks and Walmart don't use these actual CMS products, but they do use CMS, and for building a site with non-sensitive data, Joomla or Wordpress can do a fine job. Any site needs to be concerned with security issues and updates, regardless of the method they're constructed. Banks and major sellers obviously have security experts.

It's fine that you point out a negative aspect of the OP's approach that should be considered, but it would be much more helpful if you made some specific references or suggested a better way.

[momtaz]

As i heared that wordpress is fit with SEO, in case to promote or do e-marketing,

However, you can chech this further.

[davidst01]

Thanks for the comments

[JSixpack]

Both Joomla and Wordpress are a security nightmare, they're full of holes and require constant updating.

The extensions and plugins are often much worse than the core code from a security point of view as they're often written by complete amateurs.

Sure, we know that banks and Walmart don't use these actual CMS products, but they do use CMS, and for building a site with non-sensitive data, Joomla or Wordpress can do a fine job. Any site needs to be concerned with security issues and updates, regardless of the method they're constructed. Banks and major sellers obviously have security experts.

It's fine that you point out a negative aspect of the OP's approach that should be considered, but it would be much more helpful if you made some specific references or suggested a better way.

Good 'nuff for Ebay, Barnes & Noble, Ikea, Heathrow Airport shoppers, High Court of Australia, UK Ministry of Defence, and General Electric; good 'nuff for the OP.

http://community.joomla.org/labels/joomla-portfolio.html

[JSixpack]

The OP make some implication that the site may be a small one: "for our dept." Or maybe it's a big company-wide site and you're working on your department's share of it.

If it's a small site, then the biggies like Joomla, Wordpress, and Drupal are overkill. Better to use a lightweight CMS: http://smashfreakz.com/2015/07/lightweight-cms/. Maybe you don't even a database: http://get-simple.info/. Or even a CMS at all, in which case just use, say, Bootstrap 3 ("mobile first").

Just thought I'd throw that in.

[IMHO]

Both Joomla and Wordpress are a security nightmare, they're full of holes and require constant updating.

The extensions and plugins are often much worse than the core code from a security point of view as they're often written by complete amateurs.

Sure, we know that banks and Walmart don't use these actual CMS products, but they do use CMS, and for building a site with non-sensitive data, Joomla or Wordpress can do a fine job. Any site needs to be concerned with security issues and updates, regardless of the method they're constructed. Banks and major sellers obviously have security experts.

It's fine that you point out a negative aspect of the OP's approach that should be considered, but it would be much more helpful if you made some specific references or suggested a better way.

Good 'nuff for Ebay, Barnes & Noble, Ikea, Heathrow Airport shoppers, High Court of Australia, UK Ministry of Defence, and General Electric; good 'nuff for the OP.

http://community.joomla.org/labels/joomla-portfolio.html

Yep, but every name you just mentioned will have deployed Joomla behind $10,000/mth worth of security infrastructure

[JSixpack]

Good 'nuff for Ebay, Barnes & Noble, Ikea, Heathrow Airport shoppers, High Court of Australia, UK Ministry of Defence, and General Electric; good 'nuff for the OP.

http://community.joomla.org/labels/joomla-portfolio.html

Yep, but every name you just mentioned will have deployed Joomla behind $10,000/mth worth of security infrastructure

Which they would have deployed no matter what framework they used. Nor would that be any iron-clad guarantee. Needless to say, the admin password isn't "password."

Joomla, Wordpress, and Drupal are quite secure as is (assuming standard precautions) and can be significantly hardened, inexpensively.

Hacks almost always occur (from the outside) if everything isn't kept up-to-date and standard precautions aren't followed. OP may need to read up on those.

Ran across a hacked Drupal site recently, wiped out and replaced with a jihad message. Well, it hadn't been updated in 6 years. Nor had it even been backed up. So whaddya expect? 'Bout the same with everything. Don't tell me: you're using Windows, Linux, or MacOS w/o spending 10,000/mth on security infrastructure.

Next.

[MrTee]

You can get pretty good protection for your site by using services like Cloudflare.
If you are just running a single site, and you do not have a load of A records for your domain, its pretty simple to set up and gives you some protection for free, or advanced "web application firewall" for $20 per month.

[IMHO]

Which they would have deployed no matter what framework they used. Nor would that be any iron-clad guarantee. Needless to say, the admin password isn't "password."

Not entirely true - these popular open source CMS systems are one vulnerability after another, increasingly so with every community plugin used. There are much more solid (and expensive) CMS systems that have smaller security footprints... But nothing beats free right?

But yes - no matter what, if you want a secure website the front end goes via a CDN, WAF, Load balancer, Firewall and then web server(s). The backend/admin section is only accessible via a VPN, firewall, and a non-routable IP.

Either way, not $3/mth hosting

[casualbiker]

The OP make some implication that the site may be a small one: "for our dept." Or maybe it's a big company-wide site and you're working on your department's share of it.

If it's a small site, then the biggies like Joomla, Wordpress, and Drupal are overkill. Better to use a lightweight CMS: http://smashfreakz.com/2015/07/lightweight-cms/. Maybe you don't even a database: http://get-simple.info/. Or even a CMS at all, in which case just use, say, Bootstrap 3 ("mobile first").

Just thought I'd throw that in.

Which lightweight one do you suggest?

[JSixpack]

Which they would have deployed no matter what framework they used. Nor would that be any iron-clad guarantee. Needless to say, the admin password isn't "password."

Not entirely true - these popular open source CMS systems are one vulnerability after another, increasingly so with every community plugin used. There are much more solid (and expensive) CMS systems that have smaller security footprints... But nothing beats free right?

But yes - no matter what, if you want a secure website the front end goes via a CDN, WAF, Load balancer, Firewall and then web server(s). The backend/admin section is only accessible via a VPN, firewall, and a non-routable IP.

Either way, not $3/mth hosting

You don't know how true it is, come down to it. Questioning sounds good though, esp. to vendors of proprietary software or those being paid to work on it.

• The open source CMS systems are far more widely used than the expensive proprietary systems and so are just a much larger target. This is rather like the Windows vs. Mac situation. Even so, millions more systems reduces the chances greatly that any one system will be hacked. And any hack probably is owing to amateurish security precautions and lack of prompt updating. All systems constantly need updating. If you've got the dosh, you can pay a premium to have others do it for you. I bet Ashely Madison did that.
• Propriety systems are expensive to customize or upgrade. They may not keep up with latest developments, or fix vulnerabilities promptly, having limited staff compared to the thousands working on open source all over the world. Choice of add-on modules is much greater w/ open source and can be customized by yourself. Yeah, I know.
• You don't really know the hacking stats for proprietary systems as the companies keep them secret. Most of the time they manage to keep their names out of the headlines. Recent high profile hacks would have mentioned the systems if they were open source. You can't find that the Ashley Madison, Friend Finder, Target, Home Depot, Kmart, or TJX were using open source CMS systems when they were hacked. "Social engineering" hacks are often involved. Sounds like "one vulnerability after the other" in ALL CMS systems--as with Windows, and Linux, and MacOS.
• Companies spend lots on marketing their proprietary systems touting their supposed advantages, and the cost of that is borne by the customers. The propaganda is easy to swallow.

Reasonable, standard precautions with Joomla are normally sufficient. Further hardening is relatively inexpensive and in some cases free. It comes down to a tradeoff of need vs. expense. If the site has a lot of sensitive info, it'll have to take more precautions and spend more on security concerns--but no guarantees. If it's not particularly sensitive then there's really no need to go overboard.

But let's not confuse me w/ somebody who gives a shit. OP says he's been asked to use Joomla for a department. That doesn't sound like an unlimited budget. Yeah, Joomla's fine. Go for it.

Edited February 13, 2016 by JSixpack

[JSixpack]

The OP make some implication that the site may be a small one: "for our dept." Or maybe it's a big company-wide site and you're working on your department's share of it.

If it's a small site, then the biggies like Joomla, Wordpress, and Drupal are overkill. Better to use a lightweight CMS: http://smashfreakz.com/2015/07/lightweight-cms/. Maybe you don't even a database: http://get-simple.info/. Or even a CMS at all, in which case just use, say, Bootstrap 3 ("mobile first").

Just thought I'd throw that in.

Which lightweight one do you suggest?

It does depend on your needs. You'd have to consider the extensions, the templating, multilingual capability if needed, support (usually a forum--check how active the forum is), whether you need a database, etc. I did one with GetSimple that didn't need a database but needed to be multilingual, mobile-friendly (with some templates) and have some basic extensions; and it turned out well. So easy to add new pages, deal w/ the menu, and handle different languages. Modest tech skills required. Active forum.

For a landing page, maybe with a few more pages, with basic components, I like Bootstrap just because it's SO well known all over the internet. I don't like digging or working out custom solutions if I don't have to. Some Bootstrap templates on http://themeforest.net/ will blow you away. But your HTML5 and CSS need to pretty decent and you'll have to mumble javascript. Monstra (http://monstra.org/) is based on Bootstrap but has extensions and looks to require much less coding.

Lot of new flat file systems out thre that I don't know anything about.

Going up a notch w/ databases, http://www.cmsmadesimple.org/ has been around a while. I've considered https://www.cushycms.com/en, http://www.concrete5.org/, http://www.silverstripe.com/. I like concrete5 a lot but the extensions are mostly payware--which has some advantages. Look for responsive templates. Suggest you load these onto an XAMPP installation and play around, see which does it for you

And then you have simple, easy, but good-looking (if a bit standardized) web-based sites, mobile friendly, in which maintenance isn't an issue for you. http://www.websitesmadesimple.org/wix-vs-weebly-vs-squarespace/.

Good luck!

[JHolmesJr]

Both Joomla and Wordpress are a security nightmare, they're full of holes and require constant updating.

The extensions and plugins are often much worse than the core code from a security point of view as they're often written by complete amateurs.

Sure, we know that banks and Walmart don't use these actual CMS products, but they do use CMS, and for building a site with non-sensitive data, Joomla or Wordpress can do a fine job. Any site needs to be concerned with security issues and updates, regardless of the method they're constructed. Banks and major sellers obviously have security experts.

It's fine that you point out a negative aspect of the OP's approach that should be considered, but it would be much more helpful if you made some specific references or suggested a better way.

Good 'nuff for Ebay, Barnes & Noble, Ikea, Heathrow Airport shoppers, High Court of Australia, UK Ministry of Defence, and General Electric; good 'nuff for the OP.

http://community.joomla.org/labels/joomla-portfolio.html

Hell…..even Leonardo di Caprio uses Joomla!