Website Security

Drupal: 1 Million Websites Put At Risk

Robert Wakefield
09 May 2018
1 millions websites put at risk

Known as SA-CORE-2018-004, the latest vulnerability has put almost 1 million websites at risk. Affecting numerous versions of Drupal, the true extent of the damage caused by the security threat is yet to be seen.

Allegedly found during a routine security examination, Drupal’s flaw provides hackers with various entry-points into a site they don’t own. Once unauthorised personnel have gained access to the site and its CMS, they could modify the site content, release private data and exploit module configurations.

Site Security Under Threat

As Drupal faces its second security threat in just 4 weeks, current users may be losing faith in the CMS. Seemingly unable to protect existing users from the threat of hackers, Drupal may lose a significant amount of business as a result of ‘Drupalgeddon2’ and the latest threat.

While Drupal has certainly faced a difficult few weeks, they aren’t the only CMS provider to have security issues. In December 2017, Shopify paid a ‘bug bounty hunter’ in excess of $15,000 when a security threat was identified in the system’s email verification process.

Joomla and Wordpress Still at Risk

Just last month, hundreds of Joomla and WordPress sites were compromised, with visitors being infected by malware via a crawler script. WordPress may be one of the most popular content management systems (CMS), but it continues to face numerous security issues and exploits. Despite issuing regular updates and last-minute patches, many people believe that WordPress users could still be seriously at risk.

Designed to be easy-to-use, many new site owners opt for WordPress as a CMS. With seemingly endless design options and a variety of plug-ins, WordPress might well appear to have everything a budding website owner might want. It’s possible, however, that the popularity of WordPress could put its users at risk. Estimated to back approximately 20 million websites, many WordPress users are lax about installing regular updates or responding to security threats. (We would just stress at this point that we do not offer or support Wordpress websites.)

With many novice site owners relying on WordPress to handle security for them, they’re happy to leave standard security features and default passwords in place. As a result, hackers are able to prey on these vulnerabilities and gain access to websites and their content.

Choosing The Right CMS

When used properly, a content management system can revolutionise site ownership. Operating as a back-end (or in the case of Siteglide, both a back-end and front-end editor) to the website, site owners and operators can easily amend, modify and update their content. With a user-friendly interface, owners can stay in control of their site without having to deal with complicated coding.

As the backbone of your site and your business, it’s crucial that your CMS is secure. With security at the forefront of our operations, a growing number of agencies are now building their clients' websites onto Siteglide. Developed around security and stability, and hosted on Amazon servers, Siteglide’s CMS is second-to-none.

Unlike many other CMS providers, Siteglide doesn’t rely on plug-ins and fragmented builds. While Siteglide updates (all handled by us, not you) enable you to benefit from the latest security and features, a solid build model reduces vulnerability and ensures your site remains secure.

Perhaps the best way to determine the effectiveness of your current security measures is a penetration test? Colloquially known as a ‘pen test’, a simulated attack on your site and CMS will highlight vulnerabilities and enable you to make changes before any harm is done. We work with a specialist partner who can offer you an initial consultation if you have concerns about your website's vulnerability.

With your site and your business at stake, why take any risks? We’re committed to providing a secure and stable infrastructure to all our clients. To find out more about the benefits of moving your site across to Siteglide, get in touch with us today.

Download our free Guide

Finding your existing CMS clunky but unsure whether you need to go Headless, Hybrid or DXP?