Some people prefer the open source, PHP-based Joomla! Web CMS because it is relatively simple to install and run. But just as complexity can bring unexpected problems, so too can simplicity. In this case, Joomla!'s default installation has never been considered very secure. So it was good to stumble upon a very nice primer for securing a Joomla! installation.

To be fair, other Web CMS tools are similarly exposed upon install, and although I haven't done a scientific study, I've sensed over the years that the PHP-based systems have been particularly troublesome in this regard. More generally, you need to be especially careful about open-source CMS tools -- not because they are inherently less secure than commercial offerings (in fact, holes are typically found and patched faster by open source communities) -- but because they are downloaded and installed (at least tested) in such great numbers that they make attractive targets, especially for bots.

One of the first articles we published on this site was about security, and I don't think the Web CMS landscape has gotten much better in this regard during the intervening 6 years. So when you install a new system (even just to try it out), and it is facing the public web, be sure to read the security docs first...