Limitations of security measures in website content management systems.

摘要

The ever-increasing role of the Internet in day-to-day life has made having a website a necessity for many businesses, organizations, and individuals. Those without programming knowledge who wish to create a website often utilize a website content management system (CMS). While there are dozens of CMS platforms in existence, WordPress, Joomla, and Drupal together make up almost three-quarters of the CMS market. The purpose of this research was to examine the limitations of existing security measures associated with WordPress, Joomla, and Drupal in order to determine what security improvements could be made. Additionally, consideration was given to the roles and responsibilities of CMS developers and end users. This research has shown that while CMS users may be in the best position to maintain the security of CMS deployments, many lack the necessary technical knowledge and security awareness. As such, developers must implement security measures that combat common vulnerabilities and compensate for security shortcomings caused by end users. Developers have implemented measures that account for many of the most critical CMS security vulnerabilities. However, some limitations remain. In many cases, developers can use existing security measures in order to rectify WordPress, Joomla, and Drupal security limitations. Other areas, including updates to out-of-date or vulnerable software, require the development of new security measures. Ultimately, securing WordPress, Joomla, and Drupal will lead to a decrease in the prevalence of compromise and a decrease in the capacity of attackers to commit cyber crimes. Keywords: Cybersecurity, Professor Paul Pantani, open source, PHP, web application, extension.