Joomla, Drupal, and Wordpress are three of the most popular content management systems, and each has strengths and advantages for users. While the CMS’s core applications are relatively safe, the plugins created for them can have vulnerabilities. According to the latest figures by HP, 70 percent of applications have some sort of security vulnerability, and half of those were identified as “serious.”
HP DVLabs manager of advanced security intelligence, Mike Dausin, says, “A lot of the vulnerabilities in the Content Management Systems have shifted away from the core applications themselves and have shifted to the plugins in those applications. This is actually an even broader security trend which we have also seen on the desktop.”
So which CMS was deemed the least secure? Dausin says that Wordpress has “very few vulnerable installs.” Joomla installs, on the other hand, were nearly all vulnerable to security threats. “In the case of Joomla, it’s mostly the plugins that are vulnerable.”
Joomla, Wordpress, and Drupal run fairly secure core systems, and Joomla’s release of 1.6 tackled several security issues; plugin developers, though, do not always hold themselves to these standards. Joomla’s security center allows users to report security vulnerabilities, and the “Strike Team” is continually working to resolve them.
To protect your site, keep up-to-date with the latest risks: Joomla, for instance, has a Vulnerable Extensions List that you can check. Also be sure that your CMS is updated to the latest version, so you can add another layer of protection.