Why you absolutely must have a secure CMS

Why you absolutely must have a secure CMS
Sep 22

Bradley Kronson

Web Development

The web is indeed a dangerous place. Security must be a consideration with every business decision, especially when it comes to something as important as choosing a CMS platform. That decision will make a world of difference to the security of your website and, by extension, your ability to protect your customers and your reputation.

A dangerous online world

Your website is an extension of your business, and, just like a physical office building, it needs locks on the doors and bars on the windows. As a business leader, it would be irresponsible not to take every precaution to keep criminals out, but there may be potential points of entry that you don't know about, especially if your software is out of date.

Unfortunately, figures from CVE Details collated by Astra Security show that, as of 2020, more than 60% of WordPress users were using outdated and vulnerable versions, and only 6.6% of WordPress sites were using the updated version of PHP.

Worse still, few business leaders are aware of every security requirement that a CMS should meet to ensure an adequate degree of protection. Many simply opt for the most popular choice, WordPress, without knowing that it exposes their businesses to undue risk. Plus, being popular with users also makes a CMS like WordPress a popular target for attackers, who trawl the web searching specifically for vulnerable WordPress sites.

The threats to your site

There are numerous ways a breach can inflict costly damage on your business. Consider the reputational harm of malicious content changes, for example, with hackers altering your digital assets to cast your brand in a bad light or infecting your site or app with malware that leads customers to malicious sites. E-commerce websites are a favourite target for data theft because they tend to be the most profitable for attackers.

SophosLabs has reported seeing an average of 30 000 new malicious URLs daily, 60% of which are legitimate websites that have been compromised. The vast majority of these website breaches are due to vulnerabilities created by plugins. These need to be countered with security plugins that protect the vulnerable ones, but businesses are often left vulnerable due either to ignorance or negligence.

Some data extortion gangs use a form of ransomware called Ransomweb, which takes corporate websites and apps offline by changing the encryption key and denying them access to the essential data they need to function, thereby holding them hostage.

Why Umbraco is different

The reactive process of securing at-risk plugins with security plugins can be far too slow with proprietary software from CMS providers with limited teams of developers (who often have other priorities). Staying safe demands constant vigilance and round-the-clock dedication, and fortunately, there is a CMS that offers just that.

Umbraco is open source, and that's one of the reasons why it’s our CMS of choice. Its core code is open and accessible to anyone, not to be altered but to be reinforced as part of a collaborative effort. Umbraco's network of more than 200 000 developers spread around the world is active and engaged, which is why it's known as "the friendly CMS", with open lines of communication for reporting and addressing issues. That makes it comparatively bulletproof from a security standpoint.

And in addition to regular internal testing, Umbraco uses an external security company to perform thorough third-party penetration tests of its CMS twice a year. The results aren't published online, and any high-risk areas are immediately prioritised.

Avoid becoming a statistic

Losing the trust of your customers is one of the devasting and lasting consequences of having your website compromised. Your site may even be blacklisted by search engines and anti-virus software, resulting in an immediate drop in traffic – customers who may never return. And those that fall victim are often the ones who can least afford it.

Small businesses are especially vulnerable as they are more likely to have outdated software, themes and plugins, and a lack of security checks on forms. They often use improperly secured hosting servers and lack the budget for advanced security services. But simply choosing a more secure CMS provider will significantly improve the cybersecurity posture of a small business or a large one, for that matter.

We can help you make the switch to Umbraco and secure your website for the future. As Umbraco specialists with a wealth of experience, we can deliver a secure digital platform that's right for your business.

To learn more about the CMS choices available and how Umbraco compares, download our Website CMS Comparison Report.

What's the best CMS platform?

We've compiled the research about which CMS stands out above the rest, so you don't have to.

Brochure download