DJ Extensions CEO advises how to choose a right Joomla extension for your new website
There is plenty of extensions for Joomla out there. How to choose the one that will fit you best? Tomasz Kowalski, DJ Extensions CEO, reveals the way he picks extensions for his website.
Nowadays, extensions play the biggest part in making websites vulnerable to hacking. Almost 90% of the known entry points are badly written extensions. What do you do to make sure that DJ Extensions products are a secure choice?
It’s all about quality. We keep our development process well organized, focus on extensive testing before the release, and rely on the good practices. This attitude, together with our experience, worked very well so far. We have been developing extensions for many years, serving hundreds of thousands of web developers and for a very long time we haven’t had any security issues.
So how to pick the right extensions for a website?
Commercial or not, I always go for popular, widely used extensions. There are several reasons for that. First of all, if many people use it, there must be a reason for it. Secondly, popularity usually means someone makes good money out of it, so they will be more eager to continue supporting the extension, test it against new version of Joomla and patch it when necessary. Finally, from my experience, the more users use it the more the extension is tested on different websites, different use cases and different devices and browsers, which usually makes it a better product.
Choosing the right extension is also crucial in terms of security. Once a vulnerable extension is installed, the whole website could be compromised. This is why it is so important to make a right decision.
So how do you check extensions’ popularity?
Usually, I start with extenions.joomla.org and I look at the number and quality of the reviews. I also find rankings, like the one that you provide, very useful because they are based on a number of real websites using certain extension. Moreover, on joomla.org there is a list of unpatched or insecure extensions which may be helpful in crossing out extensions that are no longer supported.
Some people download commercial extensions or templates from torrents or other similar sources. Are such extensions safe to use?
In my opinion, it is very risky. It’s free, but you never know whether there is a hidden malicious code inside an extension or a template you download from an unofficial source.
People sometimes don’t realize that a secure download is, apart from the support, the main thing they buy, when paying for an extension.
Even the biggest extension developers, not to mention Joomla core, had had security issues in the past. What’s the best way to release a security patch?
The priority should be a clear message about what happened and what steps users need to undertake. Hiding security loophole patches which is tempting for some devs' shouldn’t be an option. A responsible developer should inform his customers about security patches using all available channels, like his website, newsletters, or social media.
You can see a true quality of extension developer by looking at how they handle security patch releases.
Speaking of updates, users often complain that it is difficult to update extensions that have been customized to their needs as a new version overrides all changes in the original files. What can you advise in such situation?
When it comes to templates, layout overrides in Joomla are quite easy and shouldn’t be impacted by any future updates. With extensions it depends on the extension developer and sometimes is more complicated. In DJ Extensions customers can easily customize the layout or configuration on their own using controls in settings which won’t be affected by the future updates. Additionally, customers can ask us to make some changes if they don’t feel confident with their developing skills.
Customizing the Joomla core is a completely different undertaking. Editing Joomla's files directly in the core is always the wrong way as you will lose all your changes after updating the CMS. Usually the best way to extend the core is to use plugins.
We also often develop plugins and triggers. They come with full documentation of course. Our developers make some important comments too. It’s very helpful, because every feature is clearly explained and commented upon.
You’ve mentioned you do customizations for your clients. How does it work exactly?
Customers often ask us to customize extensions or templates for them. Many times they have great ideas that are worth implementing, so we just add these ideas as new features in the next release. This is profitable for both sides - customers get what they want and our products are getting better and better. It’s a win-win situation.
Extension and template development isn’t all you do, is it?
Yes, the third area is web development. Both, our resources and experience, make us ready for even the most advanced projects. We believe that Joomla is a flexible tool that allows building varied, complex solutions.
Let’s talk about Joomla’s future. There is a big discussion about Joomla 4 right now. What’s the best direction of Joomla project development right now?
Very good question. I must admit I often think about it. In my view Joomla 3 took a right direction, making this CMS more flexible and lighter. Next step should definitely be making user interface even more friendly. In many cases, less means more.
Joomla is super-powerful, has a lot of extensions available and great community support. Now it’s time to take advantage of it.
What are DJ Extensions plans for the nearest future? Any surprises for the users?
I can’t tell you if we have any surprises for our users, otherwise it won’t be a surprise. I can only reveal that we are working on a completely new extension. But this is all I can say right now.
We also listen closely to what users have to say. To collect suggestions we use feedback.dj-extensions.com where customers can give us some suggestions, vote on those already added and comment about others ideas regarding development of our products. This communication channel really works.