On 11 October 2025, JUG043 Maastricht (The Netherlands) hosted the Pizza JUG & Fun Day, bringing together 11 Joomla enthusiasts for a day of learning, networking, and fun! 

The Pizza JUG & Fun Day is inspired by the international Pizza BUGS & Fun Day, with the goal of collaborating on Joomla websites together. This event focused on upcoming Joomla versions and website security. Participants received updates on Joomla 5.4 and the upcoming Joomla 6.0, along with insights from the Joomla 8 sprint attended by community member  Tom van der Laan. He shared key points from the roadmap for future releases, based on Sigrid Gremlinger’s presentation named Joomla 8 What?

Security

Security and information protection are essential elements for websites. Even with Joomla’s built-in security measures, information security remains crucial. Every website is vulnerable to attacks such as hacks, malware, or data breaches. Additional security helps prevent data loss, reputational damage, and downtime. By actively focusing on security, you keep your site safe, reliable, and future-proof.

Last year, Luca Congiu demonstrated our JUG mebers how relatively easy it is to hack a poorly maintained website (presentation: How a Hacker Works). During the JoomlaDagen Netherlands, Luca and I had the opportunity to present How Secure Is Your Joomla Website? A Hacker's Perspective! Luca also demonstrated how quickly you can hack a Joomla website, exploiting a known vulnerability.

Http Security Headers

Before we got started, everyone was given a safety helmet as a joke, a link to protecting (security) everyone's heads (headers).

HTTP Security Headers are a series of instructions that the web server gives to the browser. In short, HTTP Security Headers are the security rules that the server uses to tell the browser how to behave in order to protect the website and the visitor.

To demonstrate this, Peter started the presentation somewhat differently than usual: by showing slides from another presentation (unexpected, as it had not been announced in advance) and by literally standing on the table (undesirable behavior, as it had not been explicitly permitted in advance).

The practical workshop on HTTP Security Headers, led by Peter Martin (from DB8), guided attendees through securing their Joomla sites using the core HTTP plugin, including Content Security Policy and X-Frame-Options. Hands-on exercises and tools such as SecurityHeaders.com and the Chrome Console allowed participants to significantly improve their website security.

Before you start configuring, it is wise to first measure how your site is currently performing. You can do this with SecurityHeaders.com and Internet.nl, for example. Turn off all cache during testing, otherwise you will not see the effect of your changes.

During the workshop, Peter helped attendees achieve an A or A+ score on SecurityHeaders.com with their sites.

The day concluded with Limburgse vlaai (tart), pizza lunch, networking, and open-source cookies, reinforcing both community spirit and practical learning. The open-source cookie recipe can be downloaded via GitHub.

The event successfully combined technical knowledge, community engagement, and fun, leaving participants better equipped to develop and secure their Joomla websites.

Stay safe and secure,
Securely yours,
Stay cyber-safe!

About the author Johan van der Velde, coordinator of Joomla User Group Maastricht, has been working with Joomla since the release of version 1.0, and since Joomla 2.5 all of his websites have been built with Joomla. He considers it the most flexible CMS available. Check out Johan's volunteer profile here