Not sure whether to use WordPress or Drupal as the CMS platform for your website? Well before you commit to a platform consider the long-term costs of maintaining your website by viewing our comparison article.
In recent years open source code has become the preferred option for many businesses investing in a new website, and WordPress and Drupal are two of the most popular choices of content management system (CMS).
An advantage of open source code is you have access to a large developer community who can be asked to update and maintain your website, so you are not tied to any one supplier. Or you can carry out routine maintenance in house. But it is essential this is done.
Open source code is viewable to all – both developers and hackers - and security vulnerabilities regularly get found and exploited. The open source community than work hard to fix and publish patches which need applying or your website is open to attack.
There are a surprising number of security vulnerabilities found each year in these very popular and well-used products.
Above: Vulnerabilities by year in WordPress (source is from the CVE website)
In WordPress, in 2014 there were 29 different security issues found and patches issued. Many impacted core code, some just impacted specific plugins. This represents a significant ongoing bit of maintenance work to ensure your website remains fully patched against known threats.
Above: Vulnerabilities by year in Drupal (source is from the CVE website)
Drupal had fewer instances of security issues – just 14 in 2014, but this is still more than one a month on average. These were mostly XSS (cross site scripting) vulnerabilities or Dos (Denial of Service) vulnerabilities and two could have been used to gain sensitive information.
So if you used open source software (such as WordPress or Drupal) then thought must be given to a maintenance contract to ensure your website is regularly updated with security patches.
Why are there so many vulnerabilities in these well-known systems?
There are three answers – firstly with open source, some code will be good, but some will be poor, and it is possible for sub-standard (insecure) code to become part of the code base. Secondly, as the actual code is viewable by programmers, any weak points in the code can be identified and exploited. And lastly, as these are popular systems used by many, once you can hack into one website you have access to very large numbers of other sites, so the reward value is very high.
Bespoke systems have an inbuilt security advantage, and if created to a high standard by programmers trained in website security will be more secure and robust than open source solutions.
WordPress and Drupal Maintenance
ExtraDigital design, develop, maintain and market websites using many different CMS systems – including both WordPress and Drupal. Our maintenance service includes regular checks for security updates and ensuring all patches are applied.
The image below - a selection of WordPress websites designed, built and maintained by ExtraDigtal.