Joomla

Joomla 6.1 adds three new media custom field types (audio, video, documents) on top of 6.0's additions, bringing total field types to ~23. Core content types remain Articles, Categories, Contacts, Banners, Newsfeeds — true custom content types still require extensions. No schema-as-code, no polymorphic unions, no JSON field type. Incremental but steady improvement in field type variety.

Joomla 6.1 still relies on categories, tags, and Related Articles for content relationships. No native reference fields between content types, no bidirectional linking, no graph-style relationships. Custom fields don't include a 'reference to another content item' type in core. No change from Joomla 6.0.

Joomla 6.1 adds a responsive subform grid layout with CSS grid display and groupByFieldset improvements, but this is a UX/rendering improvement, not a structural capability change. Still no reusable content blocks/components in core, no portable structured rich text, no block-based editing. Subform field remains the only composition mechanism.

Custom fields support basic validation — required, min/max for numeric types, list constraints. No regex validation in UI, no cross-field validation, no custom validator hooks for content editors. Joomla 6.1 focused on workflow and media improvements, not validation. No meaningful change.

Joomla 6.1 extends versioning to modules, allowing version history tracking and rollback for module instances — previously only articles had versioning. Combined with 6.0's custom fields and tags versioning, the versioning system now covers a broader range of content entities. Still no visual diff, no content branching, no programmatic API access to version history.

Joomla 6.1 ships with TinyMCE 8 (from 6.0) and adds WCAG 2.2 AA accessibility improvements, but there is still no true in-context visual page builder in core. Editing remains form-based in the admin backend with separate preview. Extensions like SP Page Builder provide visual building but are third-party. The editing paradigm is fundamentally unchanged.

TinyMCE 8 in Joomla 6.x provides standard formatting, media embeds, tables, and improved accessibility. Output remains HTML — no structured AST, no portable rich text format. No custom marks/annotations, no embedded entry references within rich text. No rich text changes in 6.1.

Joomla 6.1 adds native audio, video, and document media custom fields and a new root-level 'files' folder in the Media Manager for better organization of non-image assets. This meaningfully expands media handling beyond images. Still no focal point cropping, no URL-based image transforms, no WebP/AVIF auto-conversion, no CDN pipeline, and limited metadata/tagging.

Joomla 6.1 continues to use article checkout/locking — only one user can edit at a time. No real-time co-editing, no presence indicators, no automatic conflict resolution, no inline commenting. Action logs provide audit capability but not collaboration. No changes in Joomla 6.1 to address this gap.

Joomla 6.1 introduces a Visual Workflow Editor (Workflow Graph Editor) built with Vue.js and VueFlow, providing an interactive graphical view to drag, connect, and edit workflow stages and transitions in a single view. This significantly improves workflow management usability and brings it closer to enterprise-grade tools. Underlying workflow engine still lacks conditional routing and advanced notification rules, but the visual editor is a major UX leap.

Joomla 6.1 mentions 'improved webservices' for better machine-to-machine communication but no specific new API endpoints or GraphQL support documented. JSON:API-based Web Services API continues with filtering, sorting, pagination, and sparse fieldsets for core content types. REST only. Extension content still requires custom API endpoints.

Self-hosted with no built-in CDN. Joomla 6.1 adds a Lazy Load Plugin for performance but no CDN integration. Page caching via core cache plugin. CDN integration entirely user-managed. No granular cache invalidation tied to content publishing, no edge computing. Expected for a self-hosted open-source CMS.

Joomla 6.1 retains the webhook system and mature internal plugin event system. Webhook configurability remains basic — limited event filtering, basic retry logic, minimal debugging tools. No HMAC signing documented in core. Internal event system comprehensive but external webhook exposure is still simple. No webhook improvements noted in Joomla 6.1.

Joomla's JSON:API enables headless delivery, but content architecture remains fundamentally coupled to web rendering. Articles are HTML blobs, not structured content, making multi-channel repurposing difficult. No official SDKs for mobile, IoT, or other platforms. No structured rich text output format. Headless use is possible but Joomla was not designed for it.

Joomla has no built-in audience segmentation. User groups exist for access control purposes but not for content targeting or behavioral segmentation. No CDP integration, no segment builder, no behavioral targeting. Any segmentation requires third-party extensions or custom development.

No native content personalization in Joomla 6.1. Access-level-based content visibility exists (registered/special/public) but this is access control, not personalization. No component-level personalization, no rule engine, no A/B content variants. Extensions exist but the ecosystem for personalization is thin.

No built-in experimentation or A/B testing capability. Third-party extensions like DM A/B Test and VWO integration exist but are not native. Testing would require external tools with manual integration.

No recommendation engine in Joomla core. Related articles are manually curated or based on simple category/tag matching. No algorithmic recommendations, no ML-powered suggestions. Would require entirely custom or third-party solutions.

Joomla has Smart Search (com_finder), a full-text search with basic indexing, auto-complete suggestions, and taxonomy filters. Functional but not competitive — no typo tolerance, limited relevance tuning, no faceting beyond taxonomy, and no search analytics. Performance degrades with large content volumes. Adequate for small to medium sites.

Integrating external search (Algolia, Elasticsearch) requires custom development or rare third-party extensions. No first-class integration points for external search. The Smart Search plugin architecture allows custom content indexing but not external search replacement without significant work.

Joomla has no built-in commerce capabilities. No PIM, no cart, no checkout, no order management. Commerce relies entirely on extensions like VirtueMart, HikaShop, or J2Store. These are third-party, not native to the platform.

No pre-built connectors for modern commerce platforms (Shopify, commercetools, BigCommerce). Integration requires custom middleware. Extensions like VirtueMart are self-contained commerce solutions within Joomla rather than integrations with external platforms.

Through extensions like VirtueMart, product content management is possible with variants, pricing, and media. However, these are extension-dependent, not purpose-built into the CMS content model. Product content modeling via core Joomla articles and custom fields requires significant workarounds for variants and attributes.

No built-in content analytics in Joomla 6.1. No performance dashboards, no content lifecycle tracking, no author productivity metrics. Action logs provide audit trail capability but not analytics. Third-party extensions exist for basic statistics but nothing competitive with modern platforms.

Analytics integration is possible via template modifications, custom HTML modules, or extensions that inject GA/GTM scripts. Extensions exist for Google Analytics integration. However, there are no platform-specific event helpers, no CDP connectors, and no analytics middleware. Essentially manual script injection with some extension assistance.

Joomla does not have native multi-site management in version 6.1. Each site is a separate installation with no shared content across sites and no centralized governance. Compared to WordPress Multisite or Drupal's multi-site capabilities, Joomla is behind.

One of Joomla's genuine strengths, further improved in 6.1. Built-in multilingual support with language associations, content language filtering, and per-language menu structures. Joomla 6.1 adds multilingual module associations, allowing module instances to be linked across languages similar to articles. Document-level localization via associations rather than field-level, but comprehensive and fully native.

No native TMS integrations. Translation is a manual process — create content in one language, then create the translated version and associate them. Some extensions exist for XLIFF export/import workflows, but there's no in-platform translation UX, no machine translation integration, and no translation memory.

No multi-brand concept in Joomla 6.1. User groups and access levels provide some separation, but there are no brand-level permissions, no shared component library with brand overrides, and no centralized design system support. Multi-brand requires separate instances or heavy customization.

Joomla's Media Manager provides folder-based organization with per-asset metadata (title, alt text, description, author, copyright), file filtering, drag-and-drop uploads, and basic image cropping/resizing. No asset versioning, no usage tracking across content, no rights/expiry management, and no bulk operations beyond move/copy. Joomla 6.1's expanded media custom fields (audio, video, documents) improve content-to-asset linking but don't change the DAM itself.

No built-in CDN integration in Joomla 6.1. Image resizing on upload is possible via the Media Action plugin but limited and not automatic. No native WebP/AVIF conversion, no focal point, no responsive image delivery pipeline. CDN requires third-party Cloudflare or Cloudinary setup external to Joomla.

Joomla 6.1 adds audio, video, and document media custom fields, allowing these media types to be attached to content via custom fields. However, there is still no native video hosting, transcoding, adaptive streaming, or thumbnail generation. Videos uploaded to the Media Manager have no playback pipeline. The custom field improvement makes it easier to reference rich media but doesn't add processing capabilities.

Joomla core provides form-based article editing with TinyMCE. There is no native drag-and-drop page builder or live in-context layout editing. Third-party extensions (SP Page Builder, YOOtheme Pro, Quix, JPageBuilder, Gridbox) are popular and capable but are commercial add-ons, not core. Out-of-box authoring experience is form-only.

Joomla 6.1 significantly enhances the Publishing Workflow component with a new Visual Workflow Editor built on Vue.js/VueFlow. This interactive diagram allows drag-and-drop creation of workflow stages and transitions, centralizing workflow management in a single view. Custom workflow states, configurable transitions, condition checks, and role-based routing remain. Still no SLA/due-date enforcement, no parallel approval paths, but the visual editor makes complex workflows much more accessible.

Joomla articles support Start Publishing and Finish Publishing date/time fields, enabling scheduled publishing and auto-expiry. Per-article featured scheduling is also supported. No visual content calendar, no bulk scheduling, no release bundles. Timezone is set at the site level. Functional but purely item-level with no editorial planning view.

No real-time collaboration in Joomla 6.1. No simultaneous multi-author editing, no presence indicators, no inline commenting, and no @mentions. Article and now module versioning tracks changes with author attribution. Checkout/check-in locking prevents concurrent editing but is pessimistic locking, not collaboration.

Core Joomla has com_contact providing a basic contact form with email notification and CAPTCHA support. Joomla 6.1 adds a new privacy-friendly Proof-of-Work CAPTCHA that operates silently without requiring user accounts or APIs, improving spam protection. Still no conditional logic, no multi-step forms, no submission storage in core. Third-party extensions (Convert Forms, RSForm!Pro) deliver advanced capabilities but are not bundled.

No native email marketing in Joomla. JED lists ESP integration extensions: Mailjet Email Marketing (official Mailjet plugin), Brevo integration with real-time contact sync and automation workflows, and Mailchimp extensions. These provide subscriber sync and triggered sends but require extension installation and third-party accounts. No in-platform email preview or list management.

No native marketing automation in Joomla. Brevo's Joomla integration provides some automation (welcome series, drip campaigns) but depends on a third-party platform and extension. No behavioral CMS event triggers, no native lead scoring, no multi-channel campaign management.

No native CDP or deep CDP integration in Joomla 6.1. User groups track registered users but there is no behavioral profiling, no unified customer profile, no identity resolution, and no audience sync with Segment, mParticle, or similar. Custom middleware would be required for any CDP integration.

The Joomla Extensions Directory (JED) lists over 6,000 extensions across all major categories. The breadth is genuine — commerce, forms, SEO, security, workflow, analytics, page builders, and more are represented. However, many extensions are outdated (targeting Joomla 3/4 only), curation and quality standards are inconsistent, and first-party official integrations are rare. Volume is high; freshness and quality are uneven.

No native webhook infrastructure in Joomla 6.1 core. A community extension 'Content Sharing - Webhooks' (JED) provides basic content event notifications. Convert Forms sends form-submission webhooks conditionally. No signed payload support, no retry logic, no webhook logs, and no event streaming alternative. Coverage is sparse and extension-dependent.

Joomla offers a frontend preview of unpublished articles for logged-in editors via the Preview button in the article editor. No shareable draft preview links, no branch/staging environments, no headless decoupled preview integration, and no multi-channel preview. The Joomla API enables headless delivery but has no built-in preview surface for external frontends.

Joomla's ACL is one of its strongest features: unlimited hierarchical user groups, per-component/per-category/per-article permission overrides, and configurable viewing access levels. Supports create, edit, edit own, edit state, and delete actions per group/context. No field-level permissions, no native SSO (SAML/OAuth via extensions only), and no SCIM provisioning.

Joomla's Web Services API (available since J4, carried through J5/J6) uses JSON:API specification for consistent response formatting, error handling, and pagination. Documentation on manual.joomla.org has improved but remains incomplete — many endpoints lack examples and usage patterns. No GraphQL support, no interactive playground. The API still feels bolted-on rather than API-first designed, and extension content coverage is inconsistent.

Self-hosted platform with no published API SLAs, response time benchmarks, or rate limiting documentation. Pagination follows JSON:API conventions but no batch operations exist. Joomla 6 includes better caching internally, but API performance remains entirely dependent on hosting infrastructure. No CDN-backed delivery layer.

No official client SDKs for the Joomla API in any language. Developers interact via raw HTTP requests following JSON:API spec. Generic JSON:API client libraries work but nothing Joomla-specific exists. No type-safe SDKs, no code generation. The PHP framework is well-structured internally but external consumption tooling is completely absent through Joomla 6.

The Joomla Extensions Directory (JED) has thousands of extensions but quality and maintenance vary widely. With Joomla 6 released Oct 2025, many extensions face compatibility concerns — a compatibility plugin was included to ease migration. Major extension vendors (DJ-Extensions, RSJoomla) have updated for J6, but the long tail of community extensions is shrinking. The marketplace was once vibrant but has contracted significantly.

Joomla has a mature five-type extension architecture: Components, Modules, Plugins, Templates, and Languages. The plugin event system provides lifecycle hooks across the application. Joomla 6 continues the modernization from J4/J5 with namespaced code, dependency injection, service providers, and PSR-12 standards. Custom field types, server-side hooks, and custom UI are all possible. The model is powerful but requires deep PHP and Joomla MVC knowledge.

Joomla supports native MFA and WebAuthn/passkeys (core since J4.2, carried through J6). LDAP integration available via plugin. SSO (SAML, OIDC) requires third-party extensions — not native. API authentication uses token-based auth. Note: a 2025 CVE revealed a 2FA bypass vulnerability (CVE patched in J5.3.4/J4.4.14), slightly undermining confidence in auth implementation quality.

Joomla's ACL system supports granular permissions at global, component, category, and individual article levels. Custom user groups with inheritance, permissions for create, edit, edit own, edit state, delete, and more. The system is genuinely powerful and one of Joomla's strongest features. However, the UX of the permissions matrix remains notoriously confusing to configure correctly — a persistent community complaint unchanged in J6.

As self-hosted open-source software, Joomla carries no platform-level compliance certifications — no SOC 2, no ISO 27001. GDPR tooling has been in core since J3.9 (privacy consent, data export/deletion requests), which is a notable positive. But enterprise compliance (SOC 2, HIPAA) is entirely on the implementer's infrastructure. This is structural to all self-hosted OSS platforms.

Joomla has a dedicated Security Strike Team and responsible disclosure process. In 2025, 8 CVEs were published including XSS in checkAttribute filtering (CVE-2025-54476), SQL injection in database package, Media Manager file extension bypass, and 2FA bypass. Early 2026 brought another XSS (CVE-2025-63083, patched in J6.0.2/J5.4.2). The cadence of critical vulnerabilities remains steady, though patches are released promptly.

Joomla is self-hosted only with no official SaaS offering. Runs on standard LAMP/LEMP stack, supports Docker and containerization, and works with most managed PHP hosting providers. The low infrastructure requirements (PHP 8.2+ and MySQL/MariaDB/PostgreSQL) make it broadly accessible. Joomla 6 added automatic core updates, reducing maintenance burden. Per the rubric, self-hosted platforms score 65–75 for flexibility.

No platform SLA exists — uptime is entirely determined by hosting infrastructure. No official status page for Joomla as a service. Incident communication is limited to security announcements for software vulnerabilities. Operational reliability is fully the implementer's responsibility. This is expected for self-hosted platforms but represents a significant gap versus SaaS competitors.

Joomla can scale with infrastructure investment (load balancers, read replicas, caching layers) but the application is not architecturally designed for horizontal scaling. No auto-scaling, no multi-region support in the application layer. Joomla 6 includes improved caching and performance optimizations, but the fundamental PHP monolith architecture is unchanged. No documented scale limits or enterprise-scale reference cases.

Backup is self-managed but Akeeba Backup is a mature, widely-used solution that's effectively part of the ecosystem. Full site backups including database and files are well-supported. Content stored in standard MySQL/MariaDB ensures data portability. No documented RTO/RPO from the project. Joomla 6's automatic core updates help with security patch currency but don't address DR directly.

Joomla runs locally via XAMPP, MAMP, Docker, or Lando (dedicated Lando plugin exists). The Joomla CLI handles basic operations but lacks development scaffolding. No hot reload, no dev environment parity tooling, no sandbox environments. Local development works because it's standard PHP — but developer tooling is minimal compared to modern platforms. Joomlatools provides some third-party dev tooling.

No built-in CI/CD support, no environment management, no content migration tooling, no deploy previews, no branch-based environments. Joomla deployments are typically manual or use generic tools (rsync, Git). Database migrations require careful handling. Community articles claim J6 'fits into CI/CD workflows' but the platform provides no native tooling for it. Entirely custom and unsupported.

Joomla's documentation has two main portals: docs.joomla.org (wiki-based, mixed quality) and manual.joomla.org (newer developer documentation for J4/5/6, maintained on GitHub). The developer manual has improved significantly but coverage remains incomplete in many areas. Code examples exist but are not comprehensive. Getting-started experience is adequate but not guided. No interactive playground.

Joomla is a PHP platform with zero TypeScript support. No official SDKs in any language (let alone typed ones), no type generation from content schemas, no schema-to-type tooling. The admin interface uses vanilla JavaScript. Consuming the Joomla API from a TypeScript frontend requires manually defining all types. This remains unchanged in Joomla 6.

Joomla 6.1.0 GA shipped April 14, 2026 exactly on the published schedule, alongside 5.4.5 — confirming active dual-track maintenance. The vendor changelog shows 10 releases in 6 weeks (6.1.0 GA, RC1–RC3, Beta 2–3, 6.0.4, 5.4.4, 5.4.5, 5.4.5 RC1). This is strong cadence for a volunteer-driven project, though still below SaaS-level frequency.

The 6.1 GA announcement at joomla.org clearly describes each major feature (Proof-of-Work CAPTCHA, Visual Workflow Editor, Media Custom Fields, Module Versioning) with context and user benefit. Migration and backward compatibility docs continue to be maintained. However, changelogs still lack structured per-item categorization of breaking vs. non-breaking changes in a machine-readable format.

Joomla 6.1 GA shipped on the exact published date (April 14, 2026), matching the milestone calendar from Alpha1 (Nov 2025) through RC1 (Mar 31) to GA. This is the second consecutive on-time major delivery (after 6.0), building real credibility for published schedules. Public roadmap and GitHub milestones remain active. Still no formal community voting tool like Canny.

Joomla 6.1 is a feature-minor release that defers all breaking changes to the next major release, consistent with the pattern established in 6.0. Backward compatibility documentation for 6.1 is published. The Backward Compatibility 6 plugin continues to enable J5 extensions on J6. No automated codemods, but the sustained commitment to backward compat across two major cycles is notable.

GitHub shows 5.1K stars and 3.8K forks on joomla/joomla-cms. Market share at ~2.2–2.7% with ~930K+ live websites; the long decline appears to be stabilizing. Community forum has 740K+ registered users and ~8,000 extensions. Still a contracting community relative to its peak, but the raw size remains substantial for an open-source project.

Joomla 6.1 involved over 130 pull requests from a global community of developers, testers, and translators — a significant increase from the 49+ contributors cited for 6.0.x releases. The beta/RC cycle had clear community testing calls. However, the core maintainer team remains thin, and Stack Overflow activity for Joomla continues to decline. The 6.1 release cycle shows the community can still mobilize for major releases.

Joomla has a Service Providers Directory at community.joomla.org and an official Partners page. DesignRush lists 1,682 Joomla development companies. However, there is no formal certification or training program. No major SIs (Accenture, Deloitte) list Joomla as a practice area. The partner ecosystem exists but lacks the structure and quality assurance of commercial CMS partner programs.

The 6.1 GA release is generating fresh content — YouTube walkthroughs, blog posts, and migration guides are appearing. The Joomla Community Magazine publishes regularly. However, mainstream tech education platforms (Udemy, Pluralsight) have minimal current Joomla content. Sustained third-party output remains limited compared to WordPress, Drupal, or headless CMS platforms.

ZipRecruiter shows 38 Joomla developer jobs ($87K–$148K), SimplyHired lists 123 positions. Freelancer platforms (Upwork, Toptal, Fiverr) have active Joomla developer pools. Talent exists but is concentrated in freelance/contract work rather than full-time enterprise roles. No certification program or meaningful training pipeline.

Market share has declined from 10.9% (2011) to ~2.2–2.7% (2026) per W3Techs, though the rate of decline appears to be stabilizing. No notable new enterprise logo wins found in 2025–2026. The 6.1 release with meaningful features (Visual Workflow Editor, Proof-of-Work CAPTCHA) may help retain existing users but is not driving new adoption at scale.

Open Source Matters FY2024/2025 budget shows projected income of $65K vs estimated expenditures of $103K — a ~$38K funding gap. Revenue comes from sponsorships, advertising, commissions, and Google Summer of Code. The January 2026 community magazine acknowledged 2025 'was not an easy year.' The project can't be acquired (community-owned) but faces real sustainability pressure from chronic underfunding.

Joomla remains absent from Gartner MQ and Forrester Wave evaluations for CMS/DXP. It continues to lose ground to WordPress (simpler, larger ecosystem) and Drupal (more enterprise-oriented) in the open-source space, and to headless CMS platforms in modern architecture. The 6.1 release adds modern features but hasn't changed analyst or market perception.

G2: 4.0/5 with 386 reviews (46% 5-star, 33% 4-star, 12% 3-star). Per scoring guidance, G2 4.0 with 300+ reviews maps to 45–55 range. Positive themes: stability, flexibility, extensibility, full control. Negative themes: outdated interface, steep learning curve vs WordPress, stressful updates. The loyal base rates it adequately but the 'outdated' narrative persists.

Joomla is free and open source under GPL v2+. Zero licensing cost, no tiers, no hidden fees. The pricing model is maximally transparent — $0 for the software. All costs are hosting, development, and maintenance, fully within the buyer's control.

Free software scales perfectly in licensing terms — no per-seat, per-API-call, or usage-based charges. Unlimited users, content, and API calls. Only hosting infrastructure and development labor scale with usage. This is the most predictable pricing model available.

All core features are available in the free open-source distribution. No premium tiers, no enterprise-only features, no upsell gating. Joomla 6.1 (April 2026) adds Proof-of-Work CAPTCHA, Visual Workflow Editor, and Media Custom Fields — all free in core. Some third-party extensions are commercial, but the core platform has zero feature restrictions.

No vendor contracts — download and use freely under GPL. No annual commitments, no exit clauses, no lock-in periods. Start, stop, and restart at will. Hosting contracts are independent and switchable. Maximum flexibility inherent to the open-source model.

Joomla is fully free GPL software with no usage limits or commercial restrictions. launch.joomla.org provides free hosted sites for instant evaluation. CloudAccess.net offers free Joomla hosting with subdomain. Self-hosting on shared hosting costs $5-10/month. The hobby path delivers full platform capabilities at near-zero cost.

launch.joomla.org and CloudAccess deliver a working site in seconds. One-click installers on shared hosting take minutes. First published content is achievable within an hour. However, customization to production quality takes days to weeks — template selection, extension configuration, and content modeling add significant time before a real project delivers value.

Simple Joomla sites can be built in 2-4 weeks. Medium complexity with custom templates and extensions takes 1-3 months. Complex sites with custom components and integrations run 3-6 months. Comparable to other traditional CMS platforms but longer than modern headless CMS projects. Joomla 6.1's new features (workflow editor, media fields) may slightly accelerate content modeling but don't fundamentally change timelines.

Joomla specialists command a moderate-to-high premium driven by talent scarcity rather than platform complexity. Market share has declined to 2.2% (from 8.7% in 2013), and the developer pool continues shrinking. General PHP developers can learn Joomla but finding experienced Joomla 6.x developers is increasingly difficult. This scarcity-driven premium partially offsets the zero licensing cost.

Joomla runs on cheap shared hosting — basic sites cost $5-20/month. Infrastructure requirements are modest (PHP + MySQL/MariaDB). CloudAccess.net offers managed Joomla hosting from $7.50/mo with free tier available. For higher-traffic sites, standard VPS or cloud hosting works at $20-100/month. Hosting costs are among the lowest of any CMS. The trade-off is that you manage everything yourself (unless using CloudAccess).

Self-hosted means full ops responsibility — updates, security patches, backups, monitoring, server maintenance. Joomla 6.1 introduces automatic minor version updates (6.0.4→6.1.0), reducing update burden for minor releases. However, parallel maintenance tracks (5.4.x and 6.x) persist. CloudAccess.net provides managed hosting but the ecosystem remains limited compared to Drupal's Acquia/Pantheon. For larger deployments, dedicated ops attention is still needed.

Content is stored in MySQL, accessible and exportable. Joomla's Web Services API provides programmatic content access. Migration tooling has improved: FG Joomla to WordPress plugin is maintained and tested with Joomla 6.0, and an Advanced Migration Tool (GSoC 2025) was released for WordPress-to-Joomla migration. However, content uses Joomla-specific table structures requiring transformation, and extensions create proprietary data structures. Lock-in is moderate but improving.

Joomla 6.1 retains the same conceptual model: articles, categories, menus, modules, components, plugins, templates, and ACL levels are all distinct concepts. The new visual workflow editor adds a concept but simplifies understanding publication pipelines. The menu-content relationship remains confusing for newcomers. Still more complex than WordPress, simpler than Drupal.

The developer manual at manual.joomla.org covers getting-started guides, local environment setup (WAMP/XAMPP), IDE guidance, Git/Composer/NPM setup, and a module development tutorial. A YouTube video 'How Joomla Works' exists for extension developers. However, there is still no certification program, no interactive tutorials, no sandbox environment, and no structured learning paths. Joomla 6.1 did not introduce new onboarding resources.

Joomla 6.x uses modernized PHP with namespaces and DI as standard, but remains Joomla-specific MVC rather than Symfony or Laravel. Template development requires Joomla knowledge. Frontend framework support (React, Vue, Next.js) is not first-class. Joomla 6.1 did not change the framework architecture. Skills are partially transferable from modern PHP but Joomla-specific patterns persist.

Joomla provides the Cassiopeia default template and sample data for quick starts, plus basic extension scaffolding guidance in the developer manual. No official framework-specific starters exist (no Next.js, Nuxt, or Astro starters), no TypeScript boilerplates, and no CI/CD config in starters. Joomla 6.1 did not introduce any new starter templates or scaffolding tools. Per the rubric, this remains community-only/no framework starters territory.

Joomla 6.1's Global Configuration still covers many settings with reasonable defaults. The new Proof-of-Work CAPTCHA eliminates external service configuration for spam protection (no API key needed), a minor simplification. Per-component configuration adds surface area. The configuration system remains GUI-based with no config-as-code in core. Environment management requires manual configuration.php edits. Manageable but limits automation.

Joomla 6.1 added Media custom fields supporting audio, video, and document types beyond images, expanding modeling flexibility on top of 6.0's Date/Datetime fields. Adding custom fields remains safe and low-risk. However, schema evolution for custom components still requires manual database migration management with no built-in migration tooling. The core article-category-menu data model remains rigid compared to headless CMS platforms.

Joomla 6.1 added module versioning, bringing version history consistency across content types and improving the editing workflow. The visual workflow editor helps visualize publication pipelines. Combined with 6.0's view transitions and TinyMCE 8 upgrade, the coupled editing experience is incrementally better. However, there is still no headless preview setup, no deploy previews, and no preview API for decoupled frontends.

PHP developers can learn Joomla basics relatively quickly, and the modernized framework makes patterns more recognizable to modern PHP developers. However, advanced extension development still requires understanding Joomla-specific MVC structure, event system, and ACL. The platform-specific knowledge takes weeks to months to master. No certification required but Joomla experience remains essential for efficient development. Joomla 6.1 did not change this dynamic.

A solo developer can build and deploy a complete Joomla site — the coupled architecture means one person handles frontend and backend. For production sites, 2-3 people is typical. Self-hosted nature requires some ops capability but standard LAMP stack knowledge suffices. The PoW CAPTCHA in 6.1 removes one external service dependency that previously might require additional setup. Per the rubric, solo-viable platforms with some ops needs score 60-70.

Content authors can create and publish articles, manage media, and use custom fields without developer involvement. Joomla 6.1's visual workflow editor lets content teams visualize and manage publication pipelines without developer help, and multilingual module associations reduce the need for developer intervention on multilingual sites. However, creating new page layouts, modifying templates, or configuring complex ACL rules still requires developer involvement.

Joomla 6.1 introduced automatic minor version updates (6.0→6.1 auto-update for sites with the feature enabled), a significant operational improvement proven across the 6.0.x series. Major version upgrades (5→6) still require manual intervention and extension compatibility remains the primary friction point. Not higher because major upgrades still lack codemods and extensions/templates break across major versions.

Six CVEs patched in Joomla 6.0.4/5.4.4 (March 2026) including SQL injection (CVE-2026-21630), arbitrary file deletion (CVE-2026-21629), XSS vectors (CVE-2026-21631/21632), and ACL issues (CVE-2026-23898/23899). Patch cadence remains regular. Auto-updates for minor versions now help apply security patches faster for sites that enable the feature, reducing the window of exposure. Not higher because critical CVEs like arbitrary file deletion still appear and major version patches remain manual.

The parallel release strategy continues — Joomla 5.4.5 released alongside 6.1.0 on April 14, 2026, confirming ongoing security support for the previous major version. As open-source self-hosted software, teams cannot be forced to upgrade. EOL timelines remain reasonable with 2+ years of security support per major version. Not higher because unsupported versions still become security liabilities and Joomla 4 is now EOL.

Joomla 6 requires PHP 8.3+ minimum (recommended 8.4), MySQL 8.0.13+, and Composer-based dependency management. PHP 8.5 deprecation warnings have been fixed in recent releases showing proactive compatibility work. The dependency tree remains significant with Joomla Framework packages, third-party libraries, and extension dependencies. Not lower because Composer tooling is mature and PHP version compatibility is actively maintained.

Joomla 6.1 still provides no built-in monitoring, health check endpoints, or observability features. Production monitoring requires standard LAMP stack tools (Nagios, Datadog, New Relic) configured entirely by the operations team. The admin panel shows basic system information but nothing suitable for automated monitoring or alerting. Everything remains fully DIY.

Joomla 6.1 introduces a visual workflow editor that lets administrators see and manage the entire publication process as an interactive diagram, reducing the complexity of content workflow management. Module versioning (previously articles-only) and multilingual module associations also reduce operational overhead. Still no automated orphan detection, broken link scanning, or content expiry workflows in core. Not higher because content hygiene remains manual.

Performance management still requires standard PHP application optimization — opcode caching, database query optimization, CDN configuration, and Joomla cache plugin tuning. Joomla 6.1 includes article list performance improvements for large sites. PHP 8.3/8.4 provides baseline performance benefits. No auto-optimization or built-in performance monitoring. Not higher because the caching system still requires understanding of cache levels and manual invalidation.

No commercial support from the Joomla project — this remains unchanged. Support is entirely community-based (forums, Stack Exchange) or from third-party consultants. No SLA, no guaranteed response times, no escalation paths. Enterprise support must be procured from independent agencies. The project's recognition as a UN Digital Public Good adds credibility but no support infrastructure.

The Joomla community remains active with 800K+ forum members, experienced moderators, and the Joomla Stack Exchange. Over 130 volunteers contributed to the 6.1 release across development, testing, translation, and documentation. However, the community continues to be smaller relative to its peak and much content still references older versions. Joomla 6.1 knowledge is just beginning to build. Not lower because the core community remains dedicated and well-organized.

Release cadence has been strong: 6.0.1 (Nov 2025), 6.0.2 (Jan 2026), 6.0.3 (Feb 2026), 6.0.4 (Mar 2026), and 6.1.0 (Apr 2026) — five releases in six months. Six security CVEs were patched in the March release. The 6.1 release went through Alpha, Beta, and three RC stages showing disciplined quality process. Not higher because volunteer-driven nature means non-security bug fix times can still vary and moderate-severity CVE turnaround has historically been slow.

No visual page builder in Joomla core. Landing page creation requires template customization and module arrangement. SP Page Builder, Quix, and JA Page Builder (all third-party) add drag-and-drop page building for Joomla 6, but these are extension dependencies. Without extensions, creating marketing landing pages requires developer involvement. Marketer self-service is not possible in core Joomla. No changes in Joomla 6.1.

No campaign management features in Joomla 6.1. No content calendaring, no multi-channel scheduling, no campaign analytics. Scheduled publishing exists at the article level (publish up/down dates), but there is no campaign concept. jInbound (third-party) provides landing pages and lead nurturing but is not a native capability. Marketing teams would need external tools for campaign coordination.

Joomla has decent built-in SEO capabilities. Meta title and description are configurable per article and menu item. SEF URLs are built in. Redirect management exists as core component (com_redirect). Canonical URL handling exists. Sitemap generation still requires an extension. OG/Twitter card meta tags require SEO extensions (e.g., 4SEO, EFSEO). Joomla 6.1 adds schema.org for webservices API layer only — not frontend page markup — so the structured data gap for SEO purposes remains. The SEO foundation is reasonable but not comprehensive.

No built-in form handling beyond basic contact form. Joomla 6.1 adds a native Proof-of-Work CAPTCHA (PR #46514) — privacy-friendly spam protection that requires no external account or API — improving native form security for the basic contact form and any extension forms that use the CAPTCHA API. However, forms still require extensions (RSForm, BreezingForms) for anything beyond basic contact. No CTA management, no conversion tracking, no lead capture integration. Landing page optimization requires external tools.

No native personalization engine in Joomla. Access-level-based content visibility (registered/special/public) provides role-based content restriction but this is access control, not behavioral personalization. No geo-targeting, no ML-driven segmentation, no rule-based targeting beyond manual user group assignment. No new personalization features in Joomla 6.1.

No native A/B testing in Joomla. DM A/B Test extension exists in JED but shows no evidence of active maintenance or Joomla 6 compatibility. VWO can be integrated via JS tag but is fully external. No statistical significance tracking, no auto-winner selection, no experimentation framework in core or via maintained extension. No changes in Joomla 6.1.

Once templates are set by a developer, content editors can create and publish articles relatively quickly through the admin UI. Article duplication (save as copy), category-based organization, and scheduled publishing reduce some cycle time. However, new page layouts require developer involvement, there is no true inline frontend editing, and bulk operations are limited. The article editor (TinyMCE 8.0.1 in Joomla 6) is competent but not optimized for marketing velocity workflows. No content velocity improvements in 6.1.

Joomla has a JSON:API (REST) for headless content delivery, technically enabling distribution to external channels. However, the content model stores HTML blobs rather than structured channel-agnostic content, limiting utility. No native email publishing, no push-to-social, no SMS or push notification integration. Channel-specific content variants are not supported. Multi-channel delivery requires significant custom development around the API.

No native analytics dashboards within Joomla. Standard tag-based integration with GA4 and similar tools is possible via extensions or manual script injection in templates. No pre-built connectors to GA4, Adobe Analytics, or Mixpanel with content performance metrics surfaced in the CMS. Content decay and engagement data remain fully in external tools. No analytics changes in Joomla 6.1.

Joomla templates provide some consistency enforced at the theme level. Joomla 6 introduced Cassiopeia child templates with extended color and font customization via template parameters. However, there are no locked style tokens, no approved component palettes, and no platform-level enforcement preventing off-brand content. Marketers can override styling via HTML modules or article content. No brand guardrail tooling in 6.1.

Open Graph and Twitter Card meta tags are not built into Joomla core — they require SEO extensions (4SEO, EFSEO, Advanced SEO). Social sharing buttons are available via multiple extensions (JA Social Share, Fast Social Share, AMPZ supporting 50+ networks). No push-to-social scheduling or social workflow capability exists. Joomla 6.1 schema.org addition applies to the API layer only, not OG markup.

Joomla's Media Manager provides folder-based file organization with per-asset metadata (title, alt text, description, author, copyright). Basic image cropping and resizing via the Media Action plugin in core. Joomla 6.1 adds Media Custom Fields for audio, video, and documents (PR #45013), expanding the content model to natively reference non-image media types in custom fields — a meaningful improvement for marketing asset workflows. However, still missing: no asset versioning, no usage tracking across content, no rights/expiry management, no focal point cropping, no CDN integration, no WebP auto-conversion.

Joomla has robust built-in multilingual support with separate content per language and language-specific menu items. Joomla 6.1 adds multilingual module associations (PR #46671/46772), enabling modules to be linked across language versions the same way articles are associated — improving consistency of localized marketing content including sidebars, banners, and promotional modules across languages. However, no transcreation workflows, no locale-specific campaign variants, no market-level scheduling, and no regional compliance tooling natively.

Some MarTech integrations exist via extensions: Agile CRM, Mailchimp, ActiveCampaign, HubSpot, Constant Contact. However, these are third-party extensions of varying maintenance quality — not pre-built native connectors. No event-based triggers for orchestration. No CDP integration. No ad platform connectors. Marketing automation requires jInbound or external tools. The MarTech ecosystem for Joomla is thinner than most competing platforms. No changes in 6.1.

No native PIM or product content modeling. There is no variant/SKU support, no attribute management, no product relationships in core. VirtueMart, HikaShop, J2Commerce, and EShop (updated March 2026 for Joomla 6) provide product content through their own models separate from the CMS content layer. The new media custom fields in 6.1 (audio, video, documents) could enrich product descriptions but don't address the fundamental lack of product content modeling.

No merchandising tools in core Joomla. Commerce extensions provide basic category management and some promotional content support, but sophisticated merchandising (search merchandising, cross-sell/upsell content management, content-driven discovery) is not available. This is not a use case Joomla was designed for. No changes in Joomla 6.1.

No pre-built integrations with modern commerce platforms (Shopify, commercetools, BigCommerce). The commerce story remains VirtueMart, HikaShop, or J2Commerce — self-contained e-commerce solutions within Joomla, not integrations with external commerce platforms. Connecting Joomla to headless commerce would require entirely custom development. No changes in 6.1.

No native shoppable content or editorial commerce capability. Commerce extensions (VirtueMart, HikaShop) operate in their own content layer separate from Joomla articles. No inline product references within editorial content, no lookbook templates, no buying guide patterns. Creating shoppable content requires custom template development to bridge the CMS and commerce extension layers.

No CMS-managed content in transactional flows. Commerce extension templates (VirtueMart, HikaShop) control cart and checkout pages independently from the Joomla article/module system. There is no mechanism to inject CMS-managed trust badges, upsell banners, or promotional content into checkout without modifying the commerce extension templates directly.

Post-purchase content (order confirmations, delivery tracking, review solicitation) is handled entirely within the commerce extension layer, not the CMS. VirtueMart and HikaShop manage their own transactional email templates. No CMS-managed post-purchase sequences or order-event-triggered content delivery.

Joomla's ACL system can be used to gate catalog sections by user group, providing rudimentary B2B access control. HikaShop has customer group pricing tiers. Sellacious offered multi-vendor B2B capability but shows no evidence of active maintenance or Joomla 6 compatibility. No native contract management, no quote-request flows, no spec sheet management. B2B use is possible via ACL+commerce extension but requires significant customization.

Smart Search (com_finder) provides full-text search with indexed content but no faceted search filtering for product discovery. No blended content-product search results — commerce extensions maintain separate search from the CMS search index. No search merchandising, no synonym management, no search landing pages. The gap between CMS content search and product content search is unbridged.

Joomla supports publish up/down dates for articles and modules, enabling time-activated promotional banners and content scheduling. The core Banners component provides basic ad placement with scheduling. However, there are no countdown timers, no tiered pricing tables, no promo code messaging managed from the CMS, and no channel-specific promotional targeting. Scheduled publishing exists but as a content management feature, not a purpose-built promotions tool.

No native multi-storefront architecture. Serving multiple storefronts would require separate Joomla installations per brand/region with separate commerce extension instances. JMS Multi Sites has limited Joomla 5 support and no confirmed Joomla 6 support. MightySites is positioned as a Joomla 6 multi-site alternative but shares content across instances via shared hosting, not true multi-storefront content management.

VirtueMart and HikaShop support multiple product images and basic galleries. Video embeds are possible via HTML in product descriptions. Joomla 6.1's new media custom fields (audio, video, documents) make it easier to attach video and other media types to content via structured fields rather than HTML embeds — a modest improvement for product media richness. Still no 360-degree views, no AR/3D model support, no image hotspots, no zoom feature in core Joomla or its major commerce extensions.

HikaShop has multi-vendor capabilities. Quick2Cart and jMarket also offer marketplace-style functionality. However, these are not purpose-built marketplace content platforms — they provide basic seller product submission and category management without sophisticated content quality moderation, seller profile management, or review aggregation systems. Sellacious, which had more B2B/marketplace features, appears to be unmaintained.

Joomla's native multilingual system provides generic localization that can be applied to product content in commerce extensions. Joomla 6.1's multilingual module associations improve cross-language consistency for modules used alongside commerce content. However, currency-aware content blocks and regional regulatory content (EU labels, CA Prop 65) are not natively supported. Commerce extensions handle their own currency display separately from CMS localization.

No connection between CMS content and commerce outcomes. Revenue attribution to content pages, content-assisted conversion tracking, and product content performance measurement are not available natively. GA4 e-commerce tracking can be set up via third-party extensions but requires custom configuration and produces data entirely in Google Analytics — not surfaced within the CMS.

Joomla's ACL provides hierarchical user groups with inheritance, per-article and per-category permissions via the assets table, and configurable viewing access levels that restrict content to specific user groups. Built-in MFA and passwordless login strengthen authentication for intranet use. SSO possible via extensions. The system goes beyond simple RBAC — it is genuinely audience-based content visibility — but no field-level security exists. No ACL changes in Joomla 6.1.

Categories, tags, and Smart Search provide basic taxonomy and discovery. Joomla's workflow system (since J4) enables custom content stages and approval transitions for knowledge updates. Joomla 6.1 adds a Vue.js-based graphical workflow editor with drag-and-drop stages, keyboard shortcuts, undo/redo, and mini-map navigation, making knowledge lifecycle configuration more accessible. Module versioning (new in 6.1) extends version tracking beyond articles to modules. Extended versioning tracks custom fields, tags, and categories. However, no automated review reminders, no archival workflows beyond manual unpublishing, and no knowledge base templates exist.

Joomla can serve as a basic portal but lacks employee experience features. No notification system for content updates without extensions. No social features (likes, comments require extensions). No employee directory integration in core. No personalized dashboard. JA Intranet template exists as a third-party offering but relies on multiple third-party components (EasySocial, EasyBlog, DocMan). It is a website CMS being repurposed as an intranet, not built for the purpose. No employee experience changes in 6.1.

Joomla's ACL-based access levels enable department-specific news publishing by restricting article visibility to relevant user groups, providing basic targeted internal communications. The workflow system supports approval-gated publishing. However, there are no read receipts, no acknowledgment tracking, no mandatory-read workflows, and no audience segmentation beyond manual user group assignment. It is a basic news publishing model, not a purpose-built internal comms platform.

No native employee directory or org chart in Joomla core. The user management system tracks login accounts but not employee profiles, skills, or team hierarchies. miniOrange LDAP/Active Directory integration plugin enables AD-synced user lists but does not provide directory browsing or org chart visualization. EasySocial (third-party, separate product) provides social profiles. Building a functional employee directory requires custom content types or third-party extensions.

Joomla's article versioning and workflow system provide rudimentary content version control and approval stages. Joomla 6.1 extends versioning to modules (PR #46772) and adds document-type media custom fields (PR #45013), making it easier to manage document attachments via structured fields rather than file upload links. DocMan (third-party extension) adds document management with folder structure and access control. However, there is no mandatory acknowledgment tracking, no automated review/expiry reminders for policies, and no audit trail specifically for compliance.

No structured onboarding journey features in Joomla. Articles and categories can be organized into an onboarding section with ACL-restricted access, and scheduled publishing could approximate staged content delivery. However, there is no progressive disclosure framework, no task checklists, no HR-system integration for new-hire triggers, and no completion tracking. Building a functional onboarding experience requires extensive custom development.

Smart Search (com_finder) provides indexed full-text search with a map of indexed terms. It supports boosting and filtering by category, author, and date but lacks advanced faceted filtering for intranet knowledge volumes. No federated search across external systems (SharePoint, Confluence, Drive). No AI-powered relevance ranking. Search analytics (failed queries) are not surfaced in the admin panel. Adequate for small sites but not enterprise intranet scale. No search changes in 6.1.

No official Joomla mobile app for content access. Joomla sites use responsive templates (Cassiopeia is mobile-responsive by default) providing adequate web-based mobile access. No offline support, no push notifications, no native app distribution, no kiosk/shared-device modes. Frontline workers would access via a mobile browser on a responsive site — functional but not purpose-built for deskless access.

No built-in LMS capability or dedicated learning content management in Joomla. Learning content can be hosted as articles with ACL-restricted access, but there is no course assignment, no completion tracking, no certification management. Third-party LMS extensions exist in JED but are not well-maintained for Joomla 6. Integration with enterprise LMS platforms (Cornerstone, Workday Learning) would require entirely custom development.

No native social or collaboration features in Joomla core. Comments require extensions. Discussion forums require Kunena (third-party, actively maintained for Joomla 4/5, Joomla 6 compatibility not confirmed at time of scoring). Likes, reactions, polls, and community spaces all require third-party extensions. EasySocial provides a full social layer but is a separate commercial product with its own stack.

Some workplace tool integrations exist via extensions: Microsoft Teams Call extension (OAuth 2.0 via Azure), Slack live chat integration, Microsoft 365 Mail Connect (OAuth 2.0). These are thin integrations — call launching and email connection — not deep embedded content cards, bot-driven notifications, or single-pane employee experiences. No Microsoft 365 document embedding, no Teams channel posting from CMS, no Slack content alerts.

Joomla supports publish up/down dates for automatic content expiry and unpublishing. The graphical workflow editor in Joomla 6.1 (PR #46021) makes it easier to configure content lifecycle stages including review and archive states with a visual drag-and-drop interface. Module versioning in 6.1 extends lifecycle tracking to modules. However, there are no automated review date reminders, no stale content flagging based on age, and no ownership assignment for freshness accountability. Content expiry is possible but requires manual configuration per article — there is no global freshness policy enforcement.

No native internal analytics in Joomla admin. Basic page view tracking available via GA4 integration through extensions, but this provides aggregate site data rather than department-level engagement analysis. No failed search term reporting in admin, no content engagement heatmaps, no intranet adoption dashboards. Analytics for internal content performance require full external analytics setup. No analytics changes in 6.1.

No multi-tenant architecture in core. JMS Multi Sites extension provides some multi-site capability but is only partially compatible with Joomla 5 and has no confirmed Joomla 6 support. MightySites is positioned as a Joomla 6-compatible alternative but provides shared-hosting multi-site management, not true application-level tenant isolation. Each brand/tenant realistically requires a separate Joomla installation.

No mechanism for sharing content components across separate Joomla installations. Within a single installation, modules and articles can be shared across pages, but there is no cross-instance sharing, no global templates with brand overrides, no design system support. Multi-brand content reuse requires manual duplication across separate instances.

No cross-brand governance capabilities. Each Joomla instance is independently managed. No central admin across instances, no approval hierarchies spanning brands, no global policy enforcement. Multi-brand governance would require custom tooling or manual processes. The graphical workflow editor in 6.1 improves per-instance workflow management but does not address cross-instance governance.

Zero licensing cost means each additional brand costs only hosting and development — no per-brand licensing increment. Shared hosting can run multiple Joomla instances cheaply. However, there are no shared infrastructure efficiencies within the application — each instance is fully separate. Operational overhead per brand is significant since each requires independent maintenance, updates, and monitoring.

Joomla 6 introduced Cassiopeia child templates with extended color and font customization via template parameters, reducing the need for CSS overrides for basic per-brand theming. 900+ third-party templates are available. Per-brand theming is achievable through template assignment per-instance. However, this is basic CSS/config-level theming — there are no design tokens, no centrally maintained component library with brand extensions, and no version-controlled brand theming across instances.

No brand-locale governance model. Each Joomla instance manages its own multilingual content independently. There is no per-brand translation approval workflow, no shared vs. isolated translation workflow configuration, and no regional legal content governance spanning brands. Multi-brand localization governance requires entirely manual coordination across separate instances.

No cross-brand analytics capability. Each Joomla instance would have its own GA4 property or analytics setup. Portfolio-level content performance reporting requires manual aggregation from multiple analytics accounts. No platform-level reporting across the brand portfolio, no content velocity comparisons, no publishing cadence benchmarking across instances.

Each separate Joomla instance has its own workflow configuration, meaning brands with separate installations can independently configure their publishing workflows using the graphical workflow editor in Joomla 6.1. However, there is no central audit across brands, no cross-brand visibility into publishing activity, and no workflow templates enforced from a central parent configuration. Workflow independence exists only as a byproduct of separate instances.

No content syndication mechanism between Joomla instances. Corporate-to-brand content distribution requires manual copy/paste or custom scripted migration. No syndication feeds between instances, no controlled override points, no push update capability from a parent brand to child brands. Content sharing across the brand portfolio requires entirely custom tooling.

No per-brand/region compliance rule enforcement. Cookie consent is handled via extensions (e.g., Joomla Privacy Tool Suite in core since J3.9 for GDPR cookie consent). Each instance manages its own compliance settings. No guardrails preventing non-compliant publishing, no centralized data residency controls, no per-brand accessibility enforcement. Generic compliance tooling available per instance but not multi-brand aware.

No federated design system in Joomla. Each instance manages its own template independently. There is no centrally maintained component library with brand-level extensions, no design token versioning, and no update propagation across instances. Maintaining design consistency across multiple Joomla brand instances requires manual template synchronization or a custom build process.

Fully isolated user management per Joomla instance. No central admin console managing users across multiple brand installations. No cross-brand contributor roles, no SSO across Joomla tenants natively (SSO within a single instance is possible via extensions). Each brand team manages its own user accounts and permissions independently.

Fully separate content models per Joomla instance. No shared base content type that brands extend with per-brand fields. Custom fields must be recreated independently per installation. There is no parent content model framework that child brands inherit or extend without forking. Multi-brand content consistency requires manual schema duplication.

No portfolio-level reporting capability. Each Joomla instance is a fully independent CMS with no awareness of sibling brand installations. Content freshness by brand, publishing SLA adherence, cost allocation per tenant, and capacity planning would all require custom-built external tooling aggregating data from multiple independent systems.

Joomla 3.9+ Privacy Tool Suite provides consent management, data access/deletion request handling, and privacy controls. Joomla 6.1 added a built-in PoW CAPTCHA (ALTCHA) that is privacy-friendly with no external services or data flows. The Joomla Project has a DPO and publishes a privacy policy with GDPR rights. However, no DPA is available for deployers — the project is not a data processor. No sub-processor list (self-hosted, N/A). Score reflects genuine but basic GDPR tooling without a DPA.

No HIPAA BAA available from Joomla Project or any affiliated entity. No HIPAA-specific features in core. Joomla is a volunteer-run OSS project with no healthcare compliance positioning. Technically deployable on HIPAA-compliant hosting but zero platform-level support or documentation.

No FedRAMP, CCPA tooling, LGPD, PIPEDA, or sector-specific compliance features. The GDPR Privacy Suite is the only regulatory feature. No use in regulated enterprise sectors requiring formal compliance programs. Score reflects near-absence of regional regulatory tooling beyond basic EU privacy.

Open-source volunteer project — SOC 2 does not apply. Joomla Project (Open Source Matters) is not a service organization and holds no SOC 2 attestation. No managed hosting ecosystem comparable to Drupal/Acquia that provides Joomla-specific SOC 2 coverage. All SOC 2 compliance is the hosting provider's responsibility.

ISO 27001 is an organizational certification. Open Source Matters (Joomla's nonprofit) is not ISO 27001 or 27018 certified. The Joomla Security Strike Team (JSST) handles vulnerability disclosure but operates without a formal ISMS certification framework.

No PCI DSS, FedRAMP, CSA STAR, Cyber Essentials, or any other formal compliance certifications exist at the project or software level. Joomla is not positioned for enterprise compliance contexts requiring these certifications.

As self-hosted software, Joomla gives operators complete control over data residency. All data location decisions are determined by the hosting environment. Joomla 6.1's PoW CAPTCHA reinforces this by eliminating external service dependencies. No CDN or SaaS data flow concerns.

Joomla's Privacy Tool Suite enables data access and deletion requests with manual admin fulfillment. Privacy Consent plugin supports configurable consent expiration periods. Database export is possible via standard tools. However, no automated retention policies, data classification, systematic erasure workflows, or API-based erasure exist.

Action Logs component (Joomla 3.9+/4+/5+/6+) logs admin actions including content changes, user management, and configuration changes. Provides basic who-did-what audit trail with CSV export capability. However, no SIEM integration, no external log shipping, no tamper-evident logging, no configurable retention, and no compliance-grade reporting.

Joomla's accessibility statement claims WCAG 2.1 and ATAG 2.0 conformance starting with Joomla 4, stating 'The Joomla Backend ensures full accessibility.' Dedicated Accessibility Team exists. Joomla 6.1's PoW CAPTCHA is described as 'fully accessible.' However, no formal third-party conformance audit published, and the statement (last updated Dec 2022) acknowledges joomla.org itself doesn't fully meet the standard. Score reflects stated commitment stronger than most OSS peers but unverified.

No VPAT or ACR published for Joomla. The accessibility statement exists but is not a formal conformance report suitable for procurement. No Section 508 formal conformance statement. The Joomla Accessibility Team maintains documentation but not procurement-grade artifacts. Slightly above minimal due to the public accessibility statement and team existence.

No native AI text generation in Joomla 5.4/6.0/6.1 core. Third-party plugins provide the only delivery path: 4AI (Gemini 2.0/OpenAI, DALL-E, editor integration), AI Content Assistant by Technodrome (GPT, Gemini, Claude, DeepSeek with tone/length controls), JA AI Assistant (Joomla editor integration), and miniOrange AI Assistant (chatbot + content generation). The GSoC 2025 AI Framework provides a provider-agnostic abstraction layer but remains in feature branches with uncertain core-merge status. No brand voice guardrails, bulk generation, or human review workflow in core.

No native AI image generation in Joomla core, but the third-party ecosystem now includes meaningful coverage: 4AI supports DALL-E 2 and DALL-E 3 image generation (square, horizontal, vertical; JPG/WebP output), SP Page Builder Pro has an integrated AI image generator, and AutoAlt.ai provides automatic AI-powered alt text generation for Joomla Media Manager, Articles, and K2. No native smart focal-point crop or AI DAM processing. Score reflects third-party plugin coverage for both image generation and alt text, within the 20–35 band for no native media AI.

No native AI/MT translation is built into Joomla core. A December 2025 Joomla Community Magazine case study demonstrates building a multilingual AI content factory using Joomla with n8n automation pipelines, but this is external orchestration. No dedicated in-platform MT engine or AI-TMS integration. Joomla 6.1 (April 2026) adds no translation AI. Score reflects minimum band for no native AI translation.

Third-party plugin ecosystem provides growing AI-assisted metadata automation: System - AI Meta plugin generates meta descriptions and keywords using AI models (Ollama, OpenAI-compatible APIs) with an 'AI Generate' button in the editor. Auto Meta Article SEO auto-populates metadata from content. JSitemap Pro features the AI Engines Indexing System with LLMS.txt support for AI search engine visibility. Route 66 provides AI-powered SEO tools with smart crawling and metadata optimization. 4SEO automates optimization workflows. All plugin-based, not built into core Joomla.

No native AI-assisted content operations exist in Joomla core (auto-tagging, smart scheduling, AI routing). Joomla 6.1 adds a Visual Workflow Editor for publication process visualization, but this is a UI improvement for manual workflows, not AI-driven automation. The December 2025 case study demonstrates AI content operations via external n8n orchestration. No built-in editorial AI workflow tooling.

No named agentic platform, agent marketplace, or autonomous workflow product exists for Joomla. The GSoC 2025 AI Framework provides a developer abstraction layer but no production agentic product has shipped. Relevance AI lists Joomla as an external agent template target, not native. Joomla 6.1 introduces no agentic capabilities. Score reflects no agentic support.

No built-in AI content intelligence dashboard, content gap analysis, topic clustering, or editorial priority recommendations in Joomla core. Standard analytics relies on external tools (Google Analytics, Plausible). The extension ecosystem has not produced a dedicated AI content intelligence product. Joomla 6.1 adds no content intelligence features.

No AI-powered content audit tools, brand voice compliance checking, or AI-driven quality scoring are available in Joomla core or as established extension-directory products. Standard accessibility and SEO audit extensions exist (non-AI). Route 66 detects common SEO issues but uses rule-based analysis, not AI. Score reflects minimum band for no AI auditing capability.

No native vector or semantic search in Joomla core. Joomla's Smart Search remains keyword/boolean-based. Expertrec offers AI-powered semantic search as an external paid service. No native RAG-ready content indexing, embedding generation, or hybrid search. Joomla 6.1 adds no search AI. Any semantic search requires fully external integration.

No ML-driven personalization engine exists in Joomla. Native personalization is limited to user-group-based access levels — structural targeting only. No AI/ML predictive segment assignment, next-best-content recommendations, or cold-start handling. Joomla 6.1 introduces no personalization features. Score at the low end reflecting Joomla's weak personalization foundation.

The Joomla MCP ecosystem has expanded significantly: nasoma/joomla-mcp-server (community, article CRUD via Web Services API), genr8r/plg_mcp (installable Joomla system plugin with no external dependencies, task-based API for content management), and nikosdion/joomla-mcp-php (PHP MCP server for Joomla 5+). The official Joomla PoC from the January 2026 discovery sprint includes backend UI for client connections, token management, and a functional MCP endpoint using Streamable HTTP transport — but still requires cleanup before production readiness. Multiple functional community implementations plus an official PoC in progress. Score reflects upper announced/beta band with growing community momentum.

The GSoC 2025 Joomla AI Framework is explicitly provider-agnostic, supporting OpenAI, Anthropic, and Ollama with user-provided API keys. Third-party extensions similarly enable BYOK: 4AI (Gemini 2.0/OpenAI), AI Content Assistant (GPT, Gemini, Claude, DeepSeek), System - AI Meta (Ollama/OpenAI-compatible APIs). The GSoC framework remains in feature branches with uncertain core-merge status. BYOK exists via extensions and the emerging framework but is not a shipped, governed core feature.

Joomla offers a REST-based Web Services API consumable by AI agents and LLM tooling. The GSoC 2025 AI Framework provides provider-agnostic developer interfaces. The growing MCP ecosystem (3+ implementations including an installable plugin) demonstrates the API's suitability for AI agent consumption. The genr8r/plg_mcp plugin explicitly targets AI agents and automation workflows as use cases. No dedicated AI SDK, official LangChain/LlamaIndex guides, or RAG-ready delivery endpoints exist in core.

No AI-specific governance infrastructure exists in Joomla: no AI audit trails, prompt template governance, hallucination detection, brand safety controls, IP indemnification, or AI-specific privacy controls. Joomla's Action Logs extension tracks general admin activity but predates and does not cover AI usage. The nascent AI Framework and third-party AI extensions provide no governance layer. Joomla 6.1 adds no AI governance features.

No AI observability tools exist in Joomla core or as established JED extensions: no LLM token consumption tracking, AI credit/cost dashboards, per-user AI usage metrics, or model performance analytics. AI usage via third-party plugins remains completely opaque to administrators. Joomla 6.1 adds no AI observability. Score reflects the lowest band for complete opacity.