joined:July 25, 2006
How secure, in general, Joomla 2.5.7 is IF a Joomla admin took all the necessary measures to protect his site?
Latest version of Joomla? Kept continually up to date, with all recommended protective measures? = sufficiently secure.
Install only really needed, popular, time-tested extensions/mods. Don't use mods on the VEL list. Be aware that mods can be incompetently written or written to be vulnerable/malicious on purpose and that your best defense is your own vigilance and research.
Study the very good security recommendations on the Joomla site, and its wiki, and in their forum. Use strong passwords. Lots of Joomla sites have gotten hacked, but plenty of others never have. Often when a site gets hacked, the question is hardly "what was the cause?" The owners didn't do something wrong; they did everything wrong, and the hackers had plenty of avenues to choose from. Bad passwords, outdated Joomla version, use of vulnerable extensions...
To put it simple, without paying a hacker to try to break into the site, is there a way to make sure it's safe?
Study the security info at the Joomla website.
I'm not talking about FBI or some wunderkind hackers here (those would surely crack any site), I'm asking about an average hacker (though not just some kid who only pretends to know all about hacking).
Most hacks are automated -- they throw standard hacks against common vulnerabilities at thousands of websites and successfully hack a percentage of them. The lone, dedicated, hacker targeting your site in particular and keeping at it for days isn't the common scenario.
Last, but not least...I'm not asking general public about their personal opinions (they vary), but only those who knows the subject well enough.
I have never used Joomla myself, so I'm in the general public on that measure.
P.S. Almost forgot...Hosting environment vs. self-hosting at home, security-wise?
Unless you are an expert already, use an external webhosting company. Basically, the fact that you need to ask the question is sufficient evidence that you should not host the site yourself, unless you're willing to run the security risk of doing it yourself just for the education of learning how. Otherwise, IMO, there really is no reason to host a site yourself, as web hosting is so cheap and the inconvenience (and risk) of doing it yourself is so great.