the BDI (german "federal agency for information technology security") released an interesting study where they compare different CMSs in context with security. it's not about "how secure is the CMS by its general architecture", they compare the number and severity of flaws found in the past.
the compared CMSs are:
- Wordpress
- Joomla
- TYPO3
- Plone
- Drupal
the study is in german language, so I have picked the most interesting graphs and attached the whole study to this post in case someone is interested.
the types of flaws:
the percentage of flaws of the core (blue) and of add-ons (red):
absolute number of flaws:
CMS security comparison
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
CMS security comparison
- Attachments
-
- Studie_CMS.zip
- (2.19 MiB) Downloaded 75 times
Re: CMS security comparison
Highly interesting data this!
I will take this into consideration during my work.
I will take this into consideration during my work.
"The best place to hide a tree, is in a forest"
Re: CMS security comparison
i use drupal. does it mean its not the most secured?
Re: CMS security comparison
Nice find. Looks like Wordpress isn't so bad after all.
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
Re: CMS security comparison
Good information buddy, thanks for sharing
The devil can cite Scripture for his purpose.
-- William Shakespeare, "The Merchant of Venice"
https://tshirt-memes.com
-- William Shakespeare, "The Merchant of Venice"
https://tshirt-memes.com
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: CMS security comparison
well, it's not that easy, "not many flaws found so far" doesn't mean it's generally secure (and vice versa), you also have to see it in context with how widely used the software is.intern3t wrote:i use drupal. does it mean its not the most secured?
Plone for example seems very secure when you look at the absolute numbers of flaws found....but Plone is used by only a very limited number of people compared to Wordpress and Joomla, and so it's not that interesting for potential attackers/exploiters who want to get access to as many sites as possible at the same time.
security is also not depending on the used platform alone, because a CMS is no "install and forget" thing...you always have to be after the latest updates and pick add-ons wisely (there are plenty of Wordpress plugins out there which are abandoned since years already, VERY bad idea to use such a plugin for example).
personally I made no bad experiences with WP yet, and I have developed a LOT of WP sites and host even more of them....of course I provide an environment which offers extra security (I even host a few Joomla 1.0 sites which would be pwnd within 5 minutes without the server-level security features), so my experience of course differs from WP sites on poopy standard mass hosting.ph0bYx wrote:Looks like Wordpress isn't so bad after all.
Re: CMS security comparison
From this graph, I'd say Drupal actually stands pretty firm. Most of it's security flaws were found in addons and in absolute number of flaws only plone scores better, though plone is of course a lot less used.
You cant spell slaughter without laughter.