- Published: Wednesday, 27 January 2016 16:11
- Written by Alan Langford
When you ask a simple question, there isn't always a simple answer. Asking which CMS is the most secure seems like a reasonable question, but it's one with no easy answer.This question is particularly vexing because it is usually posed by senior management, and it's particularly difficult to answer in a concise, non-technical way.
I have heard it in every possible variation. Is Joomla more secure than Wordpress; is Wordpress more secure than Drupal; is open source more secure than closed-source proprietary code; and so on. Here's the best non-technical answer I have:
Every web facing application will have vulnerabilities at one point or another. The most critical factor in the security of a web application isn't the application itself, but rather the security and maintenance of the software and the server environment on which it is running. The next most important factor is how the developers of the application respond to security issues. The quality of the application software is also important, but surprisingly far less critical than the first two factors.
That answer is pretty unsatisfying when someone wants to hear "X is certainly more secure than Y", but it's the best I've been able to come up with. Here's why: