Community Magazine

In January 2026, a small but focused group of Joomla contributors - Martin Kopp, Stefan Wendhausen, Niels Braczek, and David Jardin - came together for a discovery sprint to explore how the Joomla CMS could be enhanced with an MCP (Model Context Protocol) server.

With the release of Joomla 5, the reCAPTCHA plugins were removed from Joomla core, for a number of good reasons. The downside was that the Joomla core was left without a captcha integrated by default, meaning that forms could only be protected against spam using third-party plugins. The good news is: that is going to change again. We’re introducing a better, native and user-friendly solution, built in Joomla’s core and not depending on third-party services.

With the release of Joomla 5.4 and Joomla 6.0 on 14 October 2025, the Joomla project introduces a significant innovation: automatic updates for the core system. This feature makes it possible to keep Joomla installations up to date reliably and without manual intervention – an important step towards increasing the security and maintainability of Joomla websites.

Joomla is built by many talented individuals, carefully reviewing every code contribution made to the project to ensure that a secure system is built.

But what would happen if an attacker is able to manipulate the Joomla update server? Or if a successful attack is made against the CDN that Joomla uses for update distribution? Or to ask a more generic question: how can we be sure that an update presented in Joomla backend is actually legitimate?

August 17, 2023 marks an historic date for the Joomla project: after more than 10 years, the project’s support for the 3.x version comes to an end. However there are still plenty of 3.x sites in the wild, some of them unable to migrate to 4.x in the remaining time frame. Do these sites need to be switched off in a couple of weeks?

Have you ever heard the story of the ancient city Troy? It had massive walls, keeping attackers outside and the city safe. However, the greek army, attacking the city, had a genius idea: they pretended to stop their attack and travel back home, while leaving a gift for the people of Troy: a huge wooden horse. The people of Troy were thankful for that gift and pulled the horse inside the city's walls - not knowing that greek soldiers have hidden themselves in the horse, crawling out at night, opening the doors for the rest of their army and thereby dooming the city.

When our team kicked off organizing an international Joomla conference in May 2020, we had no idea that a global pandemic would ruin all our plans. However, as a community born in the online world, nothing seemed more obvious than turning our beloved family meeting into an online event, bringing people from around the globe together in these crazy times.

After JandBeyond, the international Joomla conference, took a break in 2019, finally having a JAB on the horizon again in 2020 was an extremely enjoyable thought.

The Joomla Security Strike Team, JSST, is working tirelessly to keep the Joomla CMS secure and protect the millions of sites around the globe that are based upon it.

Joomla Security Team Sprint, Cologne, May 2018. I guess we all agree that it's one of Joomla's key priorities to offer a software that is as secure as possible, as this plays a crucial role in the user's experience running Joomla - a hacked user, is a very unhappy user.