{"id":51949,"date":"2019-03-05T13:00:09","date_gmt":"2019-03-05T19:00:09","guid":{"rendered":"https:\/\/blog.cpanel.com\/?p=51949"},"modified":"2019-03-05T13:00:09","modified_gmt":"2019-03-05T19:00:09","slug":"wordpress-joomla-drupal-a-security-comparison","status":"publish","type":"post","link":"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/","title":{"rendered":"WordPress\/Joomla!\/Drupal- A Security Comparison"},"content":{"rendered":"\n

One of the more popular methods of publishing content on a website is a CMS (Content Management System). A CMS generally has a graphic user interface where a user can log in, create or upload content, update existing content, design how they would want their website to appear, and other related tasks. The three most popular<\/a> CMS choices by usage are WordPress, Joomla, and Drupal. A cursory glance at these three different pieces of software shows that they are somewhat similar- a PHP framework interacting with a database. However, looks are deceiving. Each of these has its own user experience, add-on management, and working process.<\/p>\n\n\n\n

WordPress, Joomla, and Drupal are very different, and as such their benefits and disadvantages are discussed ad nauseam throughout the online community. Instead of comparing every single attribute these CMS choices have to offer, we wanted to provide a guide of a sort that allows reader to review information and come to their own conclusion. For the sake of simplicity and clarity, we will be focusing on the base installation and common plugins and themes.<\/p>\n\n\n\n

WordPress<\/h1>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Launched in 2003, WordPress<\/a> is the most commonly used CMS, has a marketshare of 60.2%, including 239,139 of the top 1 million trafficked sites (source<\/a>). As free and open-source software, WordPress makes heavy use of a plugin architecture and template system. Plugins and themes are used to enhance functionality and improve appearance to the end user.<\/p>\n\n\n\n

Though primarily powered by unpaid contributors, WordPress has a paid core leadership team committed to software development and implementation efforts. In addition to the leadership team, WordPress has a security team<\/a> specifically devoted to investigation, identification, and remediation of WordPress security issues that arise in the core code. As security vulnerabilities are disclosed, fixes are pushed out to existing installations of WordPress. That\u2019s why keeping WordPress updated to the latest version is incredibly important to the overall security of your website. <\/p>\n\n\n\n

WordPress Resource site wpbeginnner.com<\/a> offers a large resource of walkthroughs, explanations, and articles about the importance of WordPress security, such as updating your WordPress core files<\/a>, passwords and user roles\/permissions<\/a>, and their opinion on best security practices<\/a> for both the intermediate and beginner level users. WordPress’ Codex<\/a> also contains a very lengthy and in-depth list of items to harden your WP installation. WordPress, however, does not appear to publish a CVE<\/a> (Common Vulnerabilities and Exposures) list, as some other CMS providers do.<\/p>\n\n\n\n

Joomla!<\/h1>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Joomla<\/a> is another free and open-source CMS that is quite popular among web developers. Accounting for 5.3% market share, Joomla is also used for 13,480 of the top 1 million trafficked sites on the internet (source<\/a>). Started in 2005 as a fork of Mambo<\/a>, Joomla uses object-oriented programming techniques and software design patterns and includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, search, and support for language internationalization.<\/p>\n\n\n\n

Where Joomla differs from WordPress and Drupal most is how open-source it is; Joomla is organized into different departments that make up its board of directors, governed by Open Source Matters, Inc. Joomla’s board is made completely of unpaid volunteers. No one is paid by Open Source Matters to manage Joomla. <\/p>\n\n\n\n

Joomla’s official documentation<\/a> on securing your site is a great start for new users to the CMS who want to ensure their installation of Joomla is as safe as possible.<\/p>\n\n\n\n

Drupal<\/strong>
<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Drupal<\/a> was first launched in May of 2000 by its original author, Dries Buytaert. A free and open source CMS holding a 3.5% market share, Drupal makes up 23,330 of the top 1 million trafficked sites (source<\/a>). The standard release of Drupal, known as Drupal Core, contains the basic features of a CMS including account registration and maintenance, menu management, RSS feed, taxonomy, page layout customization, and systems administration. Like WordPress, Drupal also has a security team<\/a> that resolves reported issues, assists in users resolving their security issues, provides documentation, and helps the infrastructure team. Like Joomla, Drupal is also built and maintained by the open source community. Drupal’s official documentation<\/a> for securing the installation contains tips and examples on how to harden your installation.

Drupal has also had its fair share of security issues<\/a>. However, their security team does publish a verbose list<\/a> of CVEs dating back to 2005, which also include best practices.<\/p>\n\n\n\n

So Which CMS is the Most Secure?<\/h2>\n\n\n\n

Unfortunately, there’s no quick and simple answer to this question, and as the end user, your needs might vary for the project you are working on. What you can do is arm yourself with the information necessary to make your decision, and understand the differences between WordPress, Joomla, and Drupal. 

With a great comparison<\/a> of the three major CMS options and a quick overview of the security differences between them, websitesetup.org explains that current security issues with WordPress aren’t due to compromises in the core software, but most often related to 3rd party plugins. Drupal, mostly secure out of the box, has had its fair share of problems, such as the 2014 SQL injection vulnerability<\/a>. As far as Joomla is concerned, the security of the installation is the responsibility of the user. Joomla, while quick to respond to vulnerabilities with applicable patches, lacks automatic updates. This means its users must actively work to maintain awareness and apply the updates.

cmscritic.org also has a solid breakdown<\/a> offering their opinion on the pros and cons of each of the big three CMS choices. WordPress again wins points for having the core software considered secure, while the issues most often lie in 3rd party applications. Joomla is rated the same way, with kudos for their secure core files. However Joomla’s volunteer force has historically been  smaller than WordPress or Drupal, and securing an individual’s site or sites is the responsibility of the end user. When it comes to Drupal, their profile leaves a little to be desired, only mentioning that Drupal’s core software is secure.

As an aside, thehackernews.com has documented the more recent Drupal exploits<\/a> in detail, which the previous comparisons do not.<\/p>\n\n\n\n

In closing<\/h2>\n\n\n\n

The most important thing to keep in mind when selecting the right CMS for your content is to consider which features are most beneficial to you. Each of the major three CMS options has benefits and concerns, and security vulnerabilities in each can be counteracted by being a proactive user; check for security updates and make sure that all software is up-to-date.

To discuss WordPress, Joomla, and Drupal security more in-depth, or to weigh in with your own opinion, join the conversation on Slack<\/a>, Discord<\/a>, or the Official cPanel subreddit<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

One of the more popular methods of publishing content on a website is a CMS (Content Management System). A CMS generally has a graphic user interface where a user can log in, create or upload content, update existing content, design how they would want their website to appear, and other related tasks. The three most popular CMS […]<\/p>\n","protected":false},"author":77,"featured_media":65117,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[49],"tags":[325],"class_list":["post-51949","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-product-development"],"acf":[],"yoast_head":"\nWordPress\/Joomla!\/Drupal- A Security Comparison | cPanel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress\/Joomla!\/Drupal- A Security Comparison | cPanel\" \/>\n<meta property=\"og:description\" content=\"One of the more popular methods of publishing content on a website is a CMS (Content Management System). A CMS generally has a graphic user interface where a user can log in, create or upload content, update existing content, design how they would want their website to appear, and other related tasks. The three most popular CMS […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/\" \/>\n<meta property=\"og:site_name\" content=\"cPanel\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cpanel\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-05T19:00:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2019\/03\/2019.03.05.cmscomparison.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3858\" \/>\n\t<meta property=\"og:image:height\" content=\"1527\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"cPanel Community\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cPanel\" \/>\n<meta name=\"twitter:site\" content=\"@cPanel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cPanel Community\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/\",\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/\",\"name\":\"WordPress\/Joomla!\/Drupal- A Security Comparison | cPanel\",\"isPartOf\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\"},\"datePublished\":\"2019-03-05T19:00:09+00:00\",\"dateModified\":\"2019-03-05T19:00:09+00:00\",\"author\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\"},\"breadcrumb\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devel.www.cpanel.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress\/Joomla!\/Drupal- A Security Comparison\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\",\"url\":\"https:\/\/devel.www.cpanel.net\/\",\"name\":\"cPanel\",\"description\":\"Hosting Platform of Choices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devel.www.cpanel.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\",\"name\":\"cPanel Community\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"caption\":\"cPanel Community\"},\"description\":\"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel & WHM their hosting platform of choice. For more information, visit cPanel.net.\",\"sameAs\":[\"https:\/\/cpanel.net\"],\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress\/Joomla!\/Drupal- A Security Comparison | cPanel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/","og_locale":"en_US","og_type":"article","og_title":"WordPress\/Joomla!\/Drupal- A Security Comparison | cPanel","og_description":"One of the more popular methods of publishing content on a website is a CMS (Content Management System). A CMS generally has a graphic user interface where a user can log in, create or upload content, update existing content, design how they would want their website to appear, and other related tasks. The three most popular CMS […]","og_url":"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/","og_site_name":"cPanel","article_publisher":"https:\/\/www.facebook.com\/cpanel\/","article_published_time":"2019-03-05T19:00:09+00:00","og_image":[{"width":3858,"height":1527,"url":"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2019\/03\/2019.03.05.cmscomparison.png","type":"image\/png"}],"author":"cPanel Community","twitter_card":"summary_large_image","twitter_creator":"@cPanel","twitter_site":"@cPanel","twitter_misc":{"Written by":"cPanel Community","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/","url":"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/","name":"WordPress\/Joomla!\/Drupal- A Security Comparison | cPanel","isPartOf":{"@id":"https:\/\/devel.www.cpanel.net\/#website"},"datePublished":"2019-03-05T19:00:09+00:00","dateModified":"2019-03-05T19:00:09+00:00","author":{"@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8"},"breadcrumb":{"@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/wordpress-joomla-drupal-a-security-comparison\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devel.www.cpanel.net\/"},{"@type":"ListItem","position":2,"name":"WordPress\/Joomla!\/Drupal- A Security Comparison"}]},{"@type":"WebSite","@id":"https:\/\/devel.www.cpanel.net\/#website","url":"https:\/\/devel.www.cpanel.net\/","name":"cPanel","description":"Hosting Platform of Choices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devel.www.cpanel.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8","name":"cPanel Community","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","caption":"cPanel Community"},"description":"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel & WHM their hosting platform of choice. For more information, visit cPanel.net.","sameAs":["https:\/\/cpanel.net"],"url":"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/51949"}],"collection":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/users\/77"}],"replies":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/comments?post=51949"}],"version-history":[{"count":0,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/51949\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media\/65117"}],"wp:attachment":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media?parent=51949"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/categories?post=51949"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/tags?post=51949"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}