How do the most popular opensource CMS websites compare in terms of getting hacked and security?
According to the latest data and statistics, here's how the major open-source CMS platforms compare in terms of security and vulnerability to hacking...
WordPress
WordPress has the highest rate of hacked websites among major CMS platforms.
- According to a 2019 report by Sucuri, WordPress accounted for 94% of infected websites among known CMS platforms.
- This high percentage is partly due to WordPress's immense popularity, making it a prime target for hackers.
- WordPress sites are often compromised due to vulnerabilities in third-party plugins and themes, rather than the core software itself.
- While these statistics are from 2019, they were still being cited in articles from 2022 and 2023, suggesting that no more recent comprehensive studies have been published.
Joomla
Joomla has a significantly lower rate of hacked websites compared to WordPress:
- The same Sucuri report showed Joomla accounted for only 2.5% of infected websites.
- Joomla's core is considered difficult to hack, but vulnerabilities in third-party extensions can still pose risks.
Drupal
Drupal has the lowest rate of hacked websites among these three major CMS platforms:
- Drupal accounted for just 1.28% of infected websites in the Sucuri report.
- It is widely regarded as the most secure of the three, which is why many government agencies and organizations with high security needs choose Drupal.
- Drupal takes a very serious approach to security, promptly publishing and patching vulnerabilities.
Security Considerations
While these statistics provide insight into the relative security of these CMS platforms, it's important to note:
- WordPress's high infection rate is partly due to its massive market share and popularity among non-technical users who may not follow security best practices.
- All open-source CMS platforms have inherent security risks due to their publicly available code.
- The security of any CMS installation depends heavily on proper configuration, regular updates, and careful selection of third-party extensions.
- Less popular CMS options like CMS Made Simple may have lower hack rates, but this could be due to lower adoption rather than superior security.
While Drupal statistically appears to be the most secure option, followed by Joomla and then WordPress, the security of any CMS implementation ultimately depends on proper management and security practices.
About the author
Krisada Eaton - 20+ years Sr. SEO Professional
Krisada is a once upon a time portrait artist turned marketing geek.
He left years of traditional print advertising behind as a corporate marketing director in 2001, to pursue a self-taught web design freelance career.
Krisada quickly became proficient in the newly born Google universe from within internet ad agencies and website production houses in Orlando Florida during the wild west cowboy days of SEO's Golden Era.
Since then, as the owner and Sr. SEO Specialist for Florida SEO & newly formed Real SEO™ Life, he's helped numerous small mom and pop businesses to Fortune 500 corporations find success online thru his no frills nuts & bolts style of search engine marketing.
"As a creative I naturally over analyze everything I see and think. Fortunately, I've discovered that overthinking can be a superpower in my capacity as a marketing analyst and specialist. By leveraging this ability, I've been able to successfully grow businesses online for the last 20 years, by turning endless rabbit holes into data driven destinations."
~ Krisada
Currently, Krisada lives and travels the digital nomad, workity gypsy life between Florida, New England and Hawaii.