Content Management System Comparison: Security

Content Management Systems (CMS) are popular for their functionality and their growing developer support communities. While the system is technically free, there may be unforeseen security costs associated with running a website and database within an open source system.

Security continues to be a growing concern for everyone. As identity theft proliferates, it’s important for websites to employ the safest security measures when storing and processing data. According to Javelin Strategy & Research, 11.1 million adults were victims of identity theft in 2009, for a total fraud amount of $54 billion. With security at the forefront of your mind, remember that an open source system is just that…open to everyone!

Given the latest figures for identity theft, how are the various CMS platforms equipped to ensure you and your customers are not the latest victims?

Security: Patches and Version Updates

Popular CMS platforms go to great measures to ensure security. The three most popular platforms – WordPress, Joomla and Drupal – all make efforts to educate users about the importance of secure data. Additionally, each is vigilant about issuing new patches when potential security threats arise. The responsibility, however, ultimately falls on the user to maintain those patches and new releases.

WordPress is arguably the user-friendliest for novice developers. Upon releasing new versions of patches, WordPress places a notification on the dashboard of the admin panel. Users cannot login without seeing the notification. Additionally, installation of these new releases is as simple as a point-and-click.

The popularity of WordPress, though, does pose its own security issue. Just as viruses are most common for PCs, the volume of users and installs make WordPress a larger target of hackers. WordPress does a great job locating and addressing these potential threats in a timely manner, but developers who are building a robust, data-heavy website may want to opt for a different website that not only is the object of less attacks, but also offers a more complex environment in which to develop custom codes and scripts (our cross-comparison chart offers more insight).

Both Joomla and Drupal are more advanced in functionality – they were developed with web developers in mind, rather than the general consumer looking for blog functionality. Like WordPress, these two platforms take security extremely seriously, and release patches and upgrades when security issues come to light. Unlike WordPress, however, installation of these patches does require technical know-how. A point-and-click installation feature is not available. In other words, using either of these platforms would require a knowledgeable programmer to be on hand at least part-time for ongoing maintenance.

Weak Links in the Network: Security Beyond the CMS

We would be negligent to not mention that security all ties back to your hosting provider, too. Vulnerabilities can arise if your server is not secure or encrypted properly. Shared servers pose an additional risk if someone else on your server is compromised. Just as it’s important to have an open source platform that’s serious about security, a proactive hosting provider is equally critical. Additionally, if you opt to outsource payment processing, your third party vendor needs to also maintain a high level of due diligence with regard to security.

Overall, CMS platforms offer a great framework in which to build websites that are relatively easy to update and maintain. Just like any other website, though, security is an issue that must not be overlooked. It’s advisable to assign a web programmer to maintain the system’s security, or to budget for the assistance of a contractor or service on an ongoing basis.

In the coming weeks we will explore additional CMS cross-comparison topics, including performance optimization and search engine optimization (SEO).

Rack Blogger is our catchall blog byline, subbed in when a Racker author moves on, or used when we publish a guest post. You can email Rack Blogger at



Please enter your comment!
Please enter your name here