This blog post is a small guide regarding Joomla extensions. We will show you how to pick the right Joomla components, modules and plugins without putting into risk your site and your reputation.
For those who do not even know what Joomla is, you can think of it as an alternative to WordPress (you know what this is, right?). So, Joomla is an extensible content management system that you can use to build a website. It comes with some standard features and if those are not enough, you have the option to install extensions (that's how are called in the Joomla ecosystem) to extend its functionality. Pretty much like WordPress or any other CMS.
So you might think that this is pretty cool right? You have all the tools you need to build your dream website! The truth, however, is slightly different. When you add a plugin to a CMS you actually add someone's code into your site and your server. If you still do not get what this means, here are some ways third-party Joomla extensions can destroy your site:
A bad-written piece of code from someone who never tested it in a real high traffic website can make your site struggling to load a single simple page. Unfortunately, there are many developers out there who do not have the technical knowledge to build Joomla extensions that can perform well when site's traffic is high. There is no need to mention how your site's speed affects its SEO score.
According to Sucuri's Website Hacking report for the first quarter of 2016, 25% of WordPress hacks were accomplished due to plugin's vulnerabilities. The numbers should be more or less the same for Joomla extensions.
Adding extra code through extensions to your site increases the chances to have conflicts with other extensions. For example, code from component A might be incompatible with code from module B. Even if the developer of the extensions are good, there are cases that simply cannot be predicted.
The problems described above affect almost every extendable CMS. Since our preferred CMS is Joomla we will now focus on things you can do in order to choose the right Joomla extensions for your site. Note that the order is intended! Here we go:
Check the official Joomla Vulnerable Extensions List at https://vel.joomla.org. If you have never heard of it, this website includes all the extensions that have been reported as vulnerable. The guys there are doing a remarkable job. They provide two extensions lists. The one includes Joomla extensions that have an unresolved vulnerability. The second one includes that have reported as vulnerable in the past but have resolved the issue with an update. What you need to do here is make sure that the extension you are going to add to your website is not on the list with the unresolved vulnerabilities.
We also recommend checking the second list to see how many (if any) vulnerabilities the extension had in the past. In general, good extensions should have zero vulnerabilities currently or in the past.
Always check the reputation of the extension developer. Use your favorite search engine and search for the developer's name (or brand). First, check his experience with Joomla. Then check if he has ever contributed anything back to the core by looking at the developer's GitHub account. In general, evaluate the developer's reputation in the community. Finally, check his portfolio, if available, to get an idea about the Joomla projects he has built in the past.
Check the official Joomla Extensions Directory at https://extensions.joomla.org. This page is something like an "App Store" for Joomla. In order to have an extension listed there, it has to meet some requirements. So, if the extension you are thinking to add to your site is in the directory, that's a good start. The second thing you need to check there is how many days (or months) have passed since the extension got updated for the last time. Extensions with regular updates should be preferred.
Finally, you can check the extension reviews by the users. If the extension has a good rating this means that most of the users are satisfied with it. However, keep in mind that security is a different thing! You should always give priority to the security and the performance of the Joomla extensions you are using.
We hope that you found this guide helpful. It contains really basic but important things when it comes to picking the right Joomla extensions for your site so you can start building a great Joomla site without risking!