Evolving Joomla - Joomla CMS MCP Server: Opening the Door to AI-Powered Administration

In January 2026, a small but focused group of Joomla contributors - Martin Kopp, Stefan Wendhausen, Niels Braczek, and David Jardin - came together for a discovery sprint to explore how the Joomla CMS could be enhanced with an MCP (Model Context Protocol) server.

Evolving Joomla: User-friendly, Privacy-first, Independent Built-in-Captcha coming to Joomla Core

With the release of Joomla 5, the reCAPTCHA plugins were removed from Joomla core, for a number of good reasons. The downside was that the Joomla core was left without a captcha integrated by default, meaning that forms could only be protected against spam using third-party plugins. The good news is: that is going to change again. We’re introducing a better, native and user-friendly solution, built in Joomla’s core and not depending on third-party services.

Automatic core updates in Joomla

With the release of Joomla 5.4 and Joomla 6.0 on 14 October 2025, the Joomla project introduces a significant innovation: automatic updates for the core system. This feature makes it possible to keep Joomla installations up to date reliably and without manual intervention – an important step towards increasing the security and maintainability of Joomla websites.

Tamper-Proof core updates for Joomla - TUF making it into 5.1

Joomla is built by many talented individuals, carefully reviewing every code contribution made to the project to ensure that a secure system is built.

But what would happen if an attacker is able to manipulate the Joomla update server? Or if a successful attack is made against the CDN that Joomla uses for update distribution? Or to ask a more generic question: how can we be sure that an update presented in Joomla backend is actually legitimate?

Securing the Joomla updater - by making open source even better

If you are a loyal reader of the Joomla community magazine, you surely remember the project to secure the Joomla updating process by using “The Update Framework”. Even though it has been a little quiet on the project in the last couple of months, work has continued in the background - finally leading to another code sprint at the end of June 2023.

Extended Security Support for Joomla 3.x - giving an old friend another chance

August 17, 2023 marks an historic date for the Joomla project: after more than 10 years, the project’s support for the 3.x version comes to an end. However there are still plenty of 3.x sites in the wild, some of them unable to migrate to 4.x in the remaining time frame. Do these sites need to be switched off in a couple of weeks?

Joomla TUF sprint june 2022 - Keeping the trojan horse outside of Joomla’s walls

Have you ever heard the story of the ancient city Troy? It had massive walls, keeping attackers outside and the city safe. However, the greek army, attacking the city, had a genius idea: they pretended to stop their attack and travel back home, while leaving a gift for the people of Troy: a huge wooden horse. The people of Troy were thankful for that gift and pulled the horse inside the city's walls - not knowing that greek soldiers have hidden themselves in the horse, crawling out at night, opening the doors for the rest of their army and thereby dooming the city.

J and Beyond 2020 - Bridging the Corona Gap

When our team kicked off organizing an international Joomla conference in May 2020, we had no idea that a global pandemic would ruin all our plans. However, as a community born in the online world, nothing seemed more obvious than turning our beloved family meeting into an online event, bringing people from around the globe together in these crazy times.

J and Beyond 2020 will take place online

After JandBeyond, the international Joomla conference, took a break in 2019, finally having a JAB on the horizon again in 2020 was an extremely enjoyable thought.

Security Strike Team - 2019 Report

The Joomla Security Strike Team, JSST, is working tirelessly to keep the Joomla CMS secure and protect the millions of sites around the globe that are based upon it.

Secure all the things - Joomla Security Team Sprint, Cologne, May 2018

Joomla Security Team Sprint, Cologne, May 2018. I guess we all agree that it's one of Joomla's key priorities to offer a software that is as secure as possible, as this plays a crucial role in the user's experience running Joomla - a hacked user, is a very unhappy user.

CMS-Garden 2014 - It's growing!

Today the first "Christmas Market" in my hometown opened its doors – and each and every year that's the time when I realize, that another year is almost over. 2014 was a very successful year for Joomla – and I want to show you what the CMS-Garden has contributed to this success.

Joomla! at CeBIT 2014 - Big Business!

From March 10 - 14, CeBit, the world's largest IT fair opened its doors in Hannover, Germany. CeBIT is by far the most important IT related fair in Europe and also has a big international impact, which is underlined by the fact that this year’s CeBIT was visited by people from more than 100 different countries. Like last year, the Joomla! project, represented by a team of well known volunteers from the local community, was part of the CMS Garden booth in Hall 6 at the event.

CMS-Garden - Why Open Source CMS's Are Not Opponents

Every so often I have some tweets in my timeline where I can watch people from Joomla! talking really bad about Wordpress. Or Drupal. Or another CMS. And most of the times, people do this because they see all the opensource CMS as opponents on something that they call "the CMS market". Now, take a seat, because here comes a shocking truth: neither Drupal nor Wordpress nor any other opensource CMS is an opponent for Joomla. 

Behind the Scenes - How to Technically Manage a Joomla!Day

During the last years I got more and more involved in the organisation of two large Joomla! events that are hosted by the German Joomla! Association. Those two events, the Joomla!Day Germany and the international Joomla! conference J&Beyond are held once a year and attended by 200-250 people from all around globe, so it seems to be reasonable to call them "quite big". Since this year, I'm basically "in charge" of all things related to the technical realisation and with this post I want to give you a look behind the scenes, share some lessons that I had to learn, and tell you some best practices that developed over the past few years.