Articles about security in other CMS

Events happening in the community are now at Drupal community events on www.drupal.org.
You are viewing a wiki page. You are welcome to join the group and then edit it. Be bold!
Posted by greggles on November 2, 2011 at 8:01pm
Last updated by greggles on Wed, 2011-11-02 20:01

(re-posting from some docs that were private but can be public).

Let's look at other systems and what they do (or don't do) that we can learn from.

http://lorelle.wordpress.com/2008/04/28/wordpress-security-prevention-re...
http://ma.tt/2008/04/securityfocus-sql-injection-bogus/

Good list of reasons why people do not want to upgrade

Comments

From my experience, Wordpress

Posted by proindustries on November 4, 2011 at 4:54pm
proindustries's picture

From my experience, Wordpress is significantly harder to secure than Drupal. A few months ago I responded to a client's compromised WP site. When I went looking for how to lock down a WP site, the docs I found seemed to be fairly dated and more complicated than they should be.

When I started looking for security plugins to add to the site, several of the popular ones had been abandoned by their developers and didn't support the latest WP releases.

Part of the problem with WP being so popular, the signal/noise ratio on discussion boards is really low, so you really need your BS filter working well to filter out useful information.

I came away with the impression that security of a complete WP installation wasn't a high priority to the core development team - they did a OK job of keeping core secure, but there's very little effort (that I see) to foster developers to release secure code.

Protected Industries

Security

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.