A little while ago I wrote an article on my blog about Joomla. I have had a few off-line comments about the article and as they were not written here I have decided to treat them as private responses and not publish the author’s names and their comments. But there were some very valid suggestions made that I believe others may benefit from so I would like to include some of these comments as well as my take on them.

A number of people have pitched Drupal to me as a competitor to Joomla. One person wrote:

“When we surveyed content management systems …, Joomla was one of the ones we looked at, but on balance Drupal won out. I recently converted my … site to Drupal and brought up two other sites … on the same code base, but with very different appearance and different features on each. I am very impressed.”

I have spent some time evaluating both of these content management systems and while I have chosen to go with Joomla myself, Drupal could probably have done the job I wanted to get done. My initial post was in no way meant to imply that Drupal was not equaly as capable. There were a couple of things that swayed my vote to Joomla.

1. By the time I looked into Drupal, I already understood how Joomla worked. The argument that Drupal is easier to use therefore did not carry the water for me that it would for others and I felt like Joomla’s flexibility was probably better than Drupal’s provided I was willing to make the investment;
2. I am not scared of getting my hands dirty with PHP, MySQL, CSS and XHTML. That means that if I find an obstacle with Joomla, I have the flexibility to get into it with these technologies if I need to; and
3. I like what Joomla has done to address and caution against security issues within Joomla itself. Security is a very real consideration for any web-site and I think the Joomla team understand this. They may not have all the answers but they definitely understand the issues. You should at least look at the Joomla security site and their security forum before you implement a site using Joomla.

In fact, it is the latter point that made me realize I needed to take down my family site while I work on making sure that I have dealt with any potential security threats. It will be back up in a couple of weeks. 

In a discussion on the issue, someone I was talking to made the statement that they did not want a content management system that required a database because of the administration issues associated with it. To me, that argument does not make any sense because if you go with static HTML instead, you still have the complexity of managing the content and determining what the broken links are. With a good content management system, that process can be easily automated. So although you may not have the expense of the database maintenance, you do have the expense of the static HTML management. Most of the maintenance stuff around my 4 Joomla installations is all automated anyway and I simply check the e-mail that I get on a nightly basis to verify that the backup verification process worked. Moreover, there is so much functionality that you simply get for free that I would hate to have to write manually.

Finally, a gentleman by the name of Jeff Pilant pointed me at a web site that is absolutely invaluable on the security side of things. The site calls itself “Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types” and it enumerates 25 of the most dangerous mistakes that developers make that can create serious security threats in their code. This is a highly recommended read. The information is also available in PDF form and although a lot of this information is available in a number of the security books that are already out there, this is a very valuable and concise reminder.