WordPress Update Fixes Security Flaws

Posted on Jun 2, 2011 by Taylor to General, Web Development

Manufacturer HP recently released figures on the security of the most popular content management systems, as well as their plugins. While they found that the core applications of the CMSs themselves are relatively safe, they discovered that about 70 percent of the applications they tested were “vulnerable” to security risks. One of the best ways to keep your website safe is to regularly update your CMS to the latest version. WordPress has released an update that resolves several pressing security issues.

If you use WordPress, it is time to update to 3.1.1. The updated version makes 30 fixes, including three patches for serious risks (preventing PHP crashes, a cross site scripting vulnerability, and tightening up SCRF prevention). Downloading 3.1.1 is essential; WordPress is one of the most popular CMSs, managing everything from personal blogs to sophisticated commercial sites. Because of its popularity, it is a target for hackers, who work on security vulnerabilities in older versions.

As to technical details, the WordPress 3.1.1 developers released a little haiku: “Only the geeks know/ what half this stuff even means. /Don’t worry – update.” Easy enough. You can do this from WordPress’s website, as well as directly with your WordPress Dashboard. Other features of the update include:

• Security hardening to media uploads.
• Improvements in performance.
• IIS6 support fixes.
• Taxonomy and PATHINFO permalinks fixes.

You can download the updated version, WordPress 3.1.1 here.

Tags: cms, plugins, wordpress

Which Content Management System is Right for You?

Posted on May 29, 2011 by Joey to Web Development

Would you rather have sashimi or sushi? Do you need a shampoo for scalp eczema or dandruff? And what does this have to do with your Content Management System? Not much. Only this: sometimes in life you are faced with choosing between two things that are very similar but do impact your final outcome. Which is right for you? When you are trying to choose a CMS for your website, do you want to go with an open source CMS or closed source? What’s the difference, and which will be the more effective platform for your site?

Open source software is that which is worked on by a variety of people. They check codes to make sure that the specific program is easy to use and effective. Mozilla Foxfire is an example of an open source program; third party add-ons allow for great customization. Open source CMS options have another big advantage: they’re typically free. “Free” is the keyword for a lot of users, and this is why they opt for open source CMSs, like Joomla or WordPress. Here are a few more advantages:

• There are typically a lot of users, so you can find documentation and support much more easily than with a closed source CMS. You will find forums, how-tos, and more devoted to open source CMSs, which makes it easier to use.
• You have the benefit of advances from the variety of people working on the program.
• You can often change the program to accommodate for your unique needs.

There is a drawback, however. Because open source programs are tremendously popular, they are better targets for hackers and security vulnerabilities. HP tested a variety of applications from Joomla and WordPress and found a great deal of vulnerability (not necessarily in the core application but in the add-ons). While it may be quicker or cheaper to develop a site with an open source CMS, you will have to spend more on security and support.

The benefit of closed source CMSs, like Telerik or Sharepoint, is that while they are not necessarily more secure, they do handle vulnerabilities and issues for you. You don’t have to spend development time and money on these, which can be a huge advantage for some companies. The downside to closed source CMSs, though, is that they are typically more expensive, and fewer people are working on them. This means you may find less support and information readily available.

Which is right for you? That depends on your needs and development budget. Both can be excellent options.

Tags: cms

Which CMS is More Secure?

Posted on May 27, 2011 by Taylor to Web Development

Joomla, Drupal, and WordPress are three of the most popular content management systems, and each has strengths and advantages for users. While the CMS’s core applications are relatively safe, the plugins created for them can have vulnerabilities. According to the latest figures by HP, 70 percent of applications have some sort of security vulnerability, and half of those were identified as “serious.”

HP DVLabs manager of advanced security intelligence, Mike Dausin, says, “A lot of the vulnerabilities in the Content Management Systems have shifted away from the core applications themselves and have shifted to the plugins in those applications. This is actually an even broader security trend which we have also seen on the desktop.”

So which CMS was deemed the least secure? Dausin says that WordPress has “very few vulnerable installs.” Joomla installs, on the other hand, were nearly all vulnerable to security threats. “In the case of Joomla, it’s mostly the plugins that are vulnerable.”

Joomla, WordPress, and Drupal run fairly secure core systems, and Joomla’s release of 1.6 tackled several security issues; plugin developers, though, do not always hold themselves to these standards. Joomla’s security center allows users to report security vulnerabilities, and the “Strike Team” is continually working to resolve them.
To protect your site, keep up-to-date with the latest risks: Joomla, for instance, has a Vulnerable Extensions List that you can check. Also be sure that your CMS is updated to the latest version, so you can add another layer of protection.

Tags: cms, Drupal, Joomla, plugins, wordpress

Open Source CMS or Creating One

Posted on Sep 10, 2007 by Taylor to Technology Trends

Ok, so I have been teetering with the idea of whether using a open-source CMS (Content Management System) or creating one from scratch. Here at THAT Agency we have many clients that we do constant maintenance for their content, SEO and more. So when do we as developers feel the need to actually create a private label standardized CMS instead of the plethora of open-source one’s currently available on the market.

One place i found with a ton of open source Content Management System applications was ta da www.opensourcecms.com This site breaks down many of today’s CMS applications and shows you their features; even side by side comparisons. But wait one second. What if you can’t find one that meets all your personal needs that you need and you really don’t want to have a developer tweak an open source one? Then obviously the solution is to create your own right?

In my personal developer opinion, I would much rather create my own and use THAT; then tweak an already existing one. Here is why:

1. With tweaking or adding to an already existing project, you run that risk of your changes being screwed up if a patch is developed for something in the actual application.

2. You can have more control of your application if you develop it yourself.

3. It is easier to tweak your own code than tweak someone else’s.

So what to do?

If your plan is to develop a complete system for your clients, why not create your own CMS (Content Management System) and have it ready as an addition to the great work you do!

Tags: cms, content management systems