CMS Recommendation
- Started
- Last post
- 7 Responses
- ArmandoEstrada
Hey everyone. Bidding on a job and the client doesn't want to use Wordpress because of security concerns. While I'm not tied to WP, their argument can be applied to most CMS's. This is true for most open source CMS.
So my questions are:
1- Am I correct in my assumption that security concerns are misguided since the same argument is true for most open source CMS?
2- What alternative CMS would you recommend aside from the usual where security is a concern.
Thank you!!
- monNom1
Most security issues result from neglect. Security is a process, not a deliverable.
You can harden wordpress, but it requires somebody to be on top of things, monitoring, keeping updated, etc. That's an ongoing labour cost, which is very different from a static website that you can set and forget.Open-source software tends to be vulnerable simply because it's easy to see poor code practices in the source-code, and because it's free and anyone with a youtube tutorial can install wordpress, so you have a lot novice installations that might not consider security.
Any CMS you choose is going to be somewhat insecure. Reduce your surface area by limiting plugins and keep on top of updates. If you want to be really secure, make it a static website.
- Thank you, thats what I was thinking...ArmandoEstrada
- These words exactly.nocomply
- noneck0
Build in an annual fee to maintain and back up the WP install.
However, if they're already of the mindset that WP = bad, you might be better off going with a different solution anyways.
- vaxorcist0
an interesting read:
https://github.com/xeraa/cms-sec…to some people, "wordpress security" is like saying "ford pinto safety" but that's often a misreading of things.... neglecting basic security practices is like driving with no seatbelts....
if I was concerned about CMS being hacked, I'd use Cloudflare.
- Continuity0
I think there's probably also a direct relationship between security and popularity. Which is to say: WordPress always gets attacked because it's one of the most (if not *the* most popular) plaforms out there. Much in the same way most viruses attack Windows, instead of Mac OS, because of the fact most machines on the planet are running Windows.
So yeah, there's a statistically higher likelihood of a WP-based website being attacked, but I suppose it doesn't mean that WP is any more or less secure than c5, Drupal, Typo3, et cetera. As monNom said, you can harden your WP installation.
- numero12
Sometime ago some guys here posted http://buildwithcraft.com
- +1
We have shifted to mostly WP at work but Craft is awesome.estetic
- +1
- ArmandoEstrada0
Thanks for everyone's Input.
- nocomply0
What everyone has said is pretty much spot on.
I've noticed a trend with known vulnerabilities in popular WordPress plugins being exploited (Yoast SEO, Gravity Forms, etc...)
There's nothing that can be done to make a dynamic website 100% secure. That's just the nature of the web.
I make regular backups, stored securely in an off-site cloud, that can be restored from in the event of any malicious activity. To me that's even more important than keeping the website software up to date. If you don't have backups, you're screwed.
As mentioned above, I've also started implementing an annual "WordPress maintenance package" for all of my clients, which covers my time to apply all necessary core and plugin updates, and test the site to confirm functionality afterward. The price of that package varies based on the size, scale, and complexity of the site.
IMO, WordPress is inherently secure... if it's kept up to date. But it's huge market share does make it an attractive target.
- Do you have a starting package price? Just to get an idea how you work it out. Cheersnumero1