We are

  • Expert

Open and Closed Source CMS Security

We hear it every day from potential clients that they're opting for an open-source Content Management System (CMS). Although cheap, and often free, you might want to think twice when you're aware of the security issues that occur with open-source software.

Open-source CMS solutions such as WordPress, Joomla and Drupal, have grown very popular amongst many developers. Open-source CMS solutions are seen as affordable, flexible and quick solutions to building a web presence. Unfortunately, the security of this type of software is very average and can result in users having to rebuild their websites, patch up problems that may reoccur or even opt for the safer approach of using a closed or proprietary source CMS solution.

Initially, opting for a closed or proprietary CMS, such as Expert's product MoST, may seem expensive and unnecessary in comparison to open-source software. We can assure you that your money is being well spent in safeguarding your website against security breaches, avoiding exploit attacks, SQL injections, password locating processes and disallowing hackers direct access to login areas.

But first of all, what is the difference between an open and closed-source CMS system? Open-source means that there are lots of developers working on the software and it is open to the public, sometimes for free. Due to the nature of the code and the number of communities working on it, the software can evolve quickly and offer new improvements to the product. On the other hand, due to the familiarity of the code among developers, the risk of hacking is very high.This vulnerability to hackers requires website developers to devote a lot of time and effort to prevent external tampering or access. 

Closed software almost always provides better security and support. Closed-software eliminates the need for developers to spend time preventing hackers accessing the data and back-end of their site. The company that owns the software ensures the security of their product by restricting access to the original source code. The support available from the manufacturing company reduces the time and money spent on development costs that open-source users would need to account for to create custom applications and to also fix problems with the product. Closed-source solutions are generally created in a fashion that makes adding and editing content on a website very easy.

Very often, new versions of products are released which developers must apply patches from to their product to avoid security breaches. Hackers are quick to jump at the opportunity to identify the updates and changes made between the two versions of the products. Exploit attacks then occur; an exploit is a piece of vicious code dispensed to exploit a weakness in existing code. This seems totally ludicrous that every time an update occurs, developers are needed to quickly avoid potential hazards by 'patching up problems'. Our proprietary source CMS, MoST, removes the need for such hassles and automatically protects the business's website against potential security breaches.

Open-source software is vulnerable to SQL injections. An SQL injection involves the hacker attempting to pass SQL code via a website script which, if successfully accepted, the hacker will have access to data from the database. The data could be anything, including email addresses, but what they will really be in search of are usernames and passwords, allowing them access for other attacks. Although the hacker will still have access to all of your data, backing up the database will combat losing all the information. This is a major problem that open-source users are susceptible too that closed-source software mitigates.

It is possible for hundreds of machines to try many password attempts to log into a website. The machines automatically attempt every password available. Starting with 'aaaaaa', then 'aaaaab' and so forth until the process reaches '000000' or it works out the correct password. There is security available to mitigate this problem, but these safeguards still don't provide peace of mind. Closed-source solutions combat these issues through safeguarding against numerous password attempts as well as ensuring access to the login page of a website is hidden. Open-source software isn't quite as sophisticated with direct access to a websites login location generally not being too difficult to find.

Sometimes websites cannot even tell if they've been infected or hacked. They can only find out when it's too late and the information is being used elsewhere, or by running certain tools to scan the site to see if it's infected. Again, MoST removes any headaches for its users by taking precautionary steps to restrict access to its original source code, safeguard its property with the appropriate software and procedures, as well as backing up all its clients websites and data in multiple places in case of emergency.

A frequent problem that occurs with open-source software is the different interfaces required in order for different plugins or product systems to talk to the software. Every time an update or new version of a product or plugin is released, this breaks the communication between the software and the products. This causes the websites developers to have to recreate the interfaces to allow communication between the products and software.

Although more time consuming and costlier, our product MoST provides peace of mind due to your site design and content being completed by the experts, as well as the reassurance of ultimate security and efficient support at a low cost.

Contact us.

Let's start a conversation about your web presence today
Phone: +64 4 384 9833 | Email: us@expert.services
Address: 19 Tennyson Street, Te Aro, Wellington 6011, New Zealand
Postal address: PO Box 6474, Wellington 6141, New Zealand

To send us an email, please complete the form below...