For years, content managers (CMS) such as WordPress, Joomla, Drupal or Prestashop facilitate the presence on the internet. They are the basis of webs, e-commerce or blogs. When deciding for one, or simply seeing the differences, security scales positions in the list of determining factors. Which of these web content managers is more secure? WordPress for being the most famous? Or who has a larger community?
Really both WordPress, Joomla, Drupal or Prestashop do a good job at security level. All fix their vulnerabilities or bugs in a very short time. When do the problems come? In the version updates. It takes time to update your theme, plugin or content manager is key to avoiding infections or hacking. You always think that it will not happen to you, but if you do not follow a basic security maintenance, it is more than likely to infect your web. And it is not only that they attack it if not that they use it to do phising or worse things.
WordPress, Joomla, Drupal and Prestashop vulnerabilities per year
The Common Vulnerabilities and Exposures (CVE) system provides a reference method for vulnerabilities and exposures of information security.
From there you can get data on the vulnerabilities of each of the content managers in all their years. Seeing the evolution of each, you can draw some conclusions:
Since 2004 there have been years where security has been more compromised in WordPress. It should also be noted that almost 40% of WordPress vulnerabilities were due to cross-site scripting (XSS). The main purpose of this type of attacks is to redirect your users to malicious sites or download malware by sequestering your web.
The 54% of vulnerabilities in Joomla are mainly composed of code execution errors. They are vulnerabilities that allow the execution and injection of shellcode so that the attacker can manipulate a system granting him administrative privileges. The next percentage (40%) in Joomla is for SQL injection attacks. In this case the attacker inserts SQL statements to do basically what he wants.
46% of the total vulnerabilities found in Drupal consisted of cross-site scripts (XSS), similar to WordPress. Although the volume of annual vulnerabilities of Drupal is much lower. In both cases, Drupal and WordPress, it is reflected that they are better to defend against code execution and SQL injection attacks.
Prestashop is the CMS from which we have less data. Despite having a lower number of vulnerabilities per year, most of the detected in Prestashop were also XSS.
Why does WordPress have so many security vulnerabilities or bugs?
It’s a pretty simple reason. If you look at the graph below:
Most used CMS
You can see how, by far, WordPress is the most used content manager. The project is increasingly encompassing. More users, more uses, more plugins and therefore more vulnerabilities detected. This does not mean that WP is the most insecure. Simply the most used, and therefore the logically more difficult is to keep 100% safe.
It is true that by analyzing the data in depth, Drupal seems to ‘worry’ more about security. However, in the context of each CMS they do a great job to maintain the security of their projects. In addition it should be taken into account that security can not be fully guaranteed and constant updates are vital and the use of a firewall as a preventive protection.
How to detect malware and vulnerabilities in every WordPress, Joomla, Prestashop or Drupal
The first step to find out what’s happening on your site is to analyze your domain. To do so you can use our free website scanner, our plans to analyze deeper your site or count on our specialists to do it for you.
0 Comments Leave a comment