What's worth to know?
Fortunately, there's enough of stats.
- 1.) There's a correlation between a popularity (CMS usage) and discovered security vulnerabilities, there's a threat of between the security and popularity of the main CMSes like WordPress, Joomla! and the Drupal. The most exploited CMS is WordPress. Accordingly to some sources, more than 70%+ of WordPress websites are vulnerable.
WordPress became the most popular CMS (Content Management System), most of the websites are powered by one of the WordPress versions and it's taking a lot of focus of the hacker community. If they have really found a vulnerability, then, usually, the people tend to share their results publicly.
Although, there's too much people speaking that Drupal is safety. This impression is here, because govt institution chose Drupal as the CMS for their own websites, however, they've created their own extensions making it more safety and manually fixed a lot of bugs in the Drupal core. These extensions and hard fixes are not available for anyone else.
- 1. && 2.) One of the impressive things about these 3 content management systems are their free extensions. Obviously, it's really true. That's what makes them such vulnerable. Check out it here: WordPress vulnerability database.
- 3.) All of these three CMSes (WordPress, Joomla! and Drupal) run approximately on the half speed of the pure and some short PHP7 code (if the versions are powered by PHP7, other way it's even slower). It's because of their templating, exceedingly coded PHP files ("million" (rather unusable) variables and comments), amount of the files and unnecessary calls.
- 4.) If you've asked about a price of an open source software, then, deductively, someone could interpret it for oneself that you mean a price of a human power (work) on some stuff around it and here it is.
It's rapidly changing as the WordPress took over. The market offers less and less work for Joomla! and Drupal developers, thus they become cheaper than it was in the past.
It's geographically diverse. For example, Joomla! developers can be paid better than WordPress developers in the Germany, or France, whereas the Drupal and WordPress developers are paid more in the USA.
Also, It changes seasonally. Around the Christmas, Halloween and whatsoever very rapidly jumps the demand for new e-shop websites. The demand is shared mainly between PrestaShop and Magento, secondary Shopify and some other participants of the e-commerce market, however, it can slightly involve the the most popular blogging software having available a lot of free e-commerce extensions - WordPress.
I think that Wordpress offers more flexibility than Joomla, because of the amount of Wordpress themes and extensions. It does not matter whatever it is for. If it is for a business site, or just a blog, any way, you can make it easier on Wordpress than Joomla. It is simpler to get cheaper and more variations of anything what you want.