Content Management Systems or CMS makes it easier to create and design Web sites. The beauty of using a CMS for your Web site is that even if you do not know how to write a single line of code or HTML, you can still create professional looking Web pages. With a CMS, you can also easily change the design of your site without affecting the content too much, making it far easier to apply changes to the whole site.
Content management systems also allow for collaborative Web site design and maintenance, giving several users different levels of access so that they could change Web pages as necessary.
CMS Security Flaws
The problem with most CMS packages is that it is peppered with security vulnerabilities that can bring serious problems to those who use it. A lot of hackers have been targeting these vulnerabilities in open source CMS like WordPress, PostNuke, Drupal and phpBB. Most try to gain unauthorized access to your system to create botnets for denial of service attacks or identity theft scams.
A hacking incident involving AMD, a leading global chip manufacturer, illustrates the point. In 2006, AMD’s customer service and support forums were hacked. The perpetrators then used the forums to distribute malware. Distributing malware is not the only thing hackers can gain access to but also they can use your high-speed network to their ends.
Further, other CMS have the same problems. WordPress, arguably the best-known and widely used content management system has time and again fallen prey to security vulnerabilities. In 2009, IT security company Secunia reported the following security flaws found in WordPress systems:
* System access
* Privilege escalation
* Denial of Service
* Cross Site Scripting
* Security Bypass
The good news is that the people at WordPress.org are proactively looking for these vulnerabilities and patching them. But the fact that these security holes continue to crop up even as a new version of WordPress comes out highlights one important thing to remember when using CMS: you can not really on CMS vendors and providers to come up with a completely safe and secure content management platform. What is more, some providers do not even bother to come up with patches to plug known vulnerabilities!
Keep Safe with a Web Application Firewall
A Web application firewall can help you keep safe from attacks that are made possible by these security holes, better than network firewalls and other detection systems can. What is more, a Web application firewall could still be used even with proprietary CMS platforms because you do not need to change any part of the CMS’ source code to use it. A Web application firewall can scrutinize all incoming data packets into your site and blocks malicious scripts, viruses and hacking attempts.