Open-Source CMS Platforms

Too many times I've heard the argument that open-source CMS platforms are not secure because they requrie security patches, or because security holes are publicized.
An open-source CMS does not place your website in greater danger than any other platform. It comes down to the quality of the platform being used.

A closed-source/proprietary website can have just as many security holes, the problem there is... who knows about it? Did a change to the server software create a new security hole in the website software? Is anybody patching these holes?

Open-source CMS platforms have large communities that probe the platforms for issues, warn users of possible threats, report the found threats and even create fixes for them. 
Some open-source platforms also have designated security teams to ensure the security of the infrastructure.

I've also seen website maintainers install numerous plugins/extensions as if they were candy at a gift shop, without even thinking about the security of the extension, the background of the extension or the extension developer, or how it is going to interact with other extensions already in the system. For example, just because a piece of software is listed in the Wordpress Plugin Directory, or the Joomla Extension Directory, does not guarantee it's safety.

Your website is only as secure as your weakest link

There are many factors that come into play when it comes to website security. Is the hosting platform secure, who has access to the systems (ie. website, hosting account, database), what are their permissions, are they using secure passwords, do they have the ability to "accidentally" create a security breach? YES, simply using an insecure password is the fastest way to "accidentally" create a security breach.

The bottom line is, it doesn't matter if it's open-source or proprietary, all website software and platforms are susceptible to security breaches. What matters is who is maintaining your website and do they have the knowledge and experience to ensure it's security.

 

 

© 2019 Shannon Davenport - DBD