We are

  • Expert

Open and Closed Source CMS Security

We often hear from potential clients that they're considering opting for an open-source Content Management System (CMS). Although cheap, and often free, you might want to think twice when you're aware of the security issues that occur with open-source software.

Open-source CMS solutions such as WordPress, Joomla and Drupal, have become popular among many developers. Open-source CMS solutions are seen as affordable, flexible and quick solutions to building a web presence. Unfortunately, the security of this type of software is very average and can result in users having to rebuild their websites, patch up problems that may recur, or even opt for the safer approach of using a closed or proprietary source CMS solution.

Initially, opting for a closed or proprietary CMS, such as Expert's product MoST, may seem costly and perhaps unnecessary in comparison to open-source software. We can assure you that your investment in a system that safeguards your website against security breaches, avoids exploit attacks, SQL injections, password locating processes and disallows hackers direct access to login areas is money well spent.

So what is the difference between an open and closed-source CMS system? Open-source means that there are lots of developers working on the software and it is open to the public, sometimes for free. Due to the nature of the code and the number of communities working on it, the software can evolve quickly and offer new improvements to the product. On the other hand, due to the familiarity of the code among developers, the risk of hacking is very high.This vulnerability to hackers requires website developers to devote a lot of time and effort to try to prevent external tampering or access. 

Closed-software almost always provides better security and support. Closed-software eliminates the need for developers to spend time preventing hackers accessing the data and back-end of their site. The company that owns the software ensures the security of their product by restricting access to the original source code. The support available from the manufacturer reduces the time and money spent on development costs that open-source users would need to create custom applications and to also fix problems with the product. Closed-source solutions are generally created in a fashion that makes adding and editing content on a website very easy.

Frequently new versions of products are released which developers must apply patches to their product to avoid security breaches. Hackers are quick to jump at the opportunity to identify the updates and changes made between the two versions of the products. Exploit attacks then occur.  An exploit attack is a piece of malicious code dispensed to exploit a weakness in existing code. It seems totally ludicrous that every time an update occurs, developers are needed to quickly avoid potential hazards by 'patching up' problems. Our proprietary source CMS, MoST, removes the need for such hassles and automatically protects the business's website against potential security breaches.

Open-source software is vulnerable to SQL injections. An SQL injection involves the hacker attempting to pass SQL code via a website script which, if successfully accepted, the hacker will have access to data from the database. The data could be anything, including email addresses, but what they will really be in search of are usernames and passwords, allowing them access for other attacks. Although the hacker will still have access to all of your data, backing up the database will combat losing all the information. This is a major problem that open-source users are susceptible to that closed-source software mitigates.

It is possible for hundreds of machines to try many password attempts to log into a website. The machines automatically attempt every password available. Starting with 'aaaaaa', then 'aaaaab' and so forth until the process reaches '000000' or it works out the correct password. There is security available to mitigate this problem, but these safeguards still don't provide peace of mind. Closed-source solutions combat these issues through safeguarding against numerous password attempts as well as ensuring access to the login page of a website is hidden. Open-source software isn't as sophisticated with direct access to a website's login location generally not being too difficult to find.

Sometimes websites cannot tell if they've been infected or hacked. They can only find out when it's too late and the information is being used elsewhere, or by running certain tools to scan the site to see if it's infected. Again, MoST removes any headaches for its users by taking precautionary steps to restrict access to its original source code, safeguard its property with the appropriate software and procedures, as well as backing up all its clients' websites and data in multiple places in case of emergency.

A frequent problem that occurs with open-source software is the different interfaces required in order for different plugins or product systems to talk to the software. Every time an update, or new version of a product or plugin is released, the communication between the software and the products is broken. This causes the websites' developers to have to recreate the interfaces to allow communication between the products and software.

Although more time consuming and initially costlier, our product MoST provides peace of mind due to your site design and content being completed by the experts, as well as the reassurance of ultimate security and efficient on-going support at a low cost.

Talk to us.

Let's start a conversation about your web presence today
Phone: +64 4 384 9833 | Email: us@expert.services
Address: 19 Tennyson Street, Te Aro, Wellington 6011, New Zealand
Postal address: PO Box 6474, Wellington 6141, New Zealand

To send us an email, please complete the form below...