Is Secure CMS a Eutopia or a reality?

Everyone has their own viewpoint on CMS, driven by practical knowledge. Relishing vast and valuable experience in running hundreds of web-projects we’ve decided to express our personal opinion on secure CMS.

Many enterprises take advantage of CMS perks to handle the content in the right way despite all the disadvantages these systems may involve. It’s not a surprise that any IT solution has its pros and cons, but the decision to implement it or not depends on which group of arguments will triumph.

Covering an array of advantages, it’s worth mentioning that management systems can be purchased almost for free; they are comfortable and efficient to use, and have a range of supplements and features. But all in all they are vulnerable. Let’s see why.

Popular CMS engines, such as WordPress, Drupal, Joomla or Bitrix, are so in demand due to the fact that they can be purchased for free and that they are mostly based on an open-source code, giving exciting opportunities for custimatization. But this popularity has the reverse side, i.e. provides for numerous loopholes for hacking. Moreover, the chance to take control over millions of websites becomes an incentive for cybercriminals to hunt for new possibilities for hacking.

These free CMSes need constant updates; they do not guarantee data security for its users, who are obliged to track new feasible threats day after day.

Here, one faces a stark choice: to give hackers a huge market for their cybercrimes by using these vulnerable CMSes or search for a reliable and safe CMS and put up with its disadvantages.

Above all, there’s a possibility to seek salvation from IT developers that will offer a personal custom CMS, but for now let’s give up considering this option, as wide experience in developing various websites shows that the costs spent on elaborating the simplest CMS are equal to those spent on static website coding. Furthermore, mature web-solutions require surplus funds and much time. In this article, we would like to touch upon CMS security and efficiency and give some advice:

1. Open Source — no way

At first glance, Open Source CMSes may seem a marvelous opportunity that allows relishing best management tools without marketing fuzz. It can also be perfect for non-profits and startups that get much flexibility for moving forward and bringing innovation to the market.

However, we, like many other specialists, used to run our commercial projects on open-source software and faced an array of the abovementioned problems. For today, we can state without any doubts that the risk of using open-source software prevails over such benefits as saved time and money during the content management systems development.

Besides, free CMSes can’t guarantee plug-in security, and what is more troublesome is that you’ll have to spend much time on tracking hackers’ malign activities trying to save your content. That’s why our tip is the following: to avoid contributing to hackers’ affiliate programs never use Open Source CMSes.

2. Be static

As our experience shows, it’s not so difficult to carve out the right niche: the example is to lead the projects at the junction of static HTML and .net dynamics. In this case, you won’t lack IT specialists, as the market swarms with smart and savvy HTML coders that could be engaged in a big project.

3. Be realistic

In addition, it’s too naive to think that a CMS really saves so much time and money as it is supposed. Indeed, design template change is pain-free in this case, and you get decreased reliance on third parties but ongoing inconsistencies that require customization brings the whole cost- and time-effectiveness to nought. Our developers and CMS customization professionals thoroughly plan the projects to make the right decision on front-end web development. Our common working variants are:

- Custom made dynamic CMS or partial content management;

- Integration of static front-end with .Net server that handles the dynamic part;

- Fully static website with manual content management.


Coming back to the question posed at the very beginning, whether a secure CMS is a Eutopia or a reality, let us note the following: there’s no an ideal ready-made solution, you are to decide which CMS to use: a popular and less protected one or quite a secure but with its own disadvantages, or whether it’s better to contribute funds and ask for IT help to get something really unique and different.

A bit of IT humour from EffectiveSoft

Let us share the experience of using tricky static Open Source. For a couple of years we have continued using Joomla CMS without updates and without mulling over security issues. After another hacker attack on our major project powered by Joomla, we thought of the possibilities to secure our resource at minimal costs.

The project was really huge, and its transfer to other platform would require plenty of time and efforts. So, here we agreed on a perfect solution that would allow us to continue using the flexible Joomla CMS in terms of coding and settings, without worries about updates.

Our developer created a special plug-in for Joomla engine to export all the pages to static HTML that was located at a hosting site.

As a result, the workflow was the following:

- the content was updated at the local server;

- the plug-in was launched to export the pages to static HTML;

- the automatic synchronization dealt with updating the content at the external hosting-server.

So, bye-bye, hackers…

About the author:

Yana Yelina is a design and development expert at EffectiveSoft. You can reach her at: