How to Identify and Address CMS Vulnerabilities

January 25, 2019 8:27 am

Have you ever stopped to consider just how many websites there are around the globe? You may be surprised to learn just how many there are and how fast the rate of growth truly is. Let the following information sink in for just a moment. In 2014, there were approximately one billion active websites.

CMS vulnerabilities

However, by 2018, that number skyrocketed to 1.8 billion. Of those, a great percentage was developed with open source Content Management Systems like WordPress, Drupal, and Joomla.

Private vs. Commercial Websites

In the greater scheme of things, very few sites were developed as proprietary systems and usually, these were for corporate concerns. WordPress is the leading open-source CMS for private websites whereas the open-source CMS of choice for many commercial sites is Drupal. Logically, open source Content Management Systems are more vulnerable than those which were coded by developers from scratch. This fact alone is why it is imperative to recognize these vulnerabilities.

A Recent Example of Open Source Vulnerabilities

With an open source CMS, all the basic code is available to anyone who understands how to work with it. Themes are developed using code specific to the CMS and it is this fact that allows hackers to gain access and potentially take over your website! This was actually what happened with Drupal in March of 2018, making it necessary for Drupal developers to write a patch to keep hackers out of Drupal CMS sites.

Addressing Open Source CMS Vulnerabilities

This is not to say that proprietary Content Management Systems can’t be breached, but it would take longer to crack the code and unless you are talking about a major global corporation or government website, most hackers won’t spend the time trying to crack proprietary code. With all this in mind, it is good to know that WordPress, Drupal, and Joomla are on the watch for vulnerabilities.

All Content Management Systems Are Vulnerable

Unfortunately, code is code and so all Content Management Systems are vulnerable if a hacker is proficient in coding. Actually, they would need to be proficient in code or they wouldn’t be able to breach built-in or added security layers. This is where a team of expert forensic investigators is in great demand. The pros from Secure Forensics can track the ‘hole’ through which hackers gained access to the site, block their path, and follow them back to their location – their system.

With so many customizable free themes for each of the three leading open source CMS platforms, it’s very possible that a line of code was inadvertently left out – thus the vulnerability. It may take that team of forensic pros to route out the bad guys to give you back control of your site. If you want to maintain a high level of security on your site, do what you can to keep your security software intact, but also be ready to do some good old-fashioned detective work as well to track down the cyber thieves. That would be the job for forensic specialists and this is why you need to keep their contact info handy. You never know when you might become the next Ashley Madison.