CMS Security

Why CMS security matters

  • CMSs like Drupal, Wordpress and Joomla are extremely popular and widely used, which unfortunately also means they are attractive attack vectors.
  • New vulnerabilities and issues emerge all the time, which is why you need a solution to keep up threats and secure your website.
  • CMS security is not only crucial for company and e-commerce websites, but also for blogs and campaign pages - these are often forgotten and outdated, but are often an easy target for hackers and can serve as the first step leading to a more extensive security breach.
  • CMS updates often reveal vulnerabilities in previous versions in the changelog, exposing websites that are not automatically updated

How Detectify can help

Keeping an eye on vulnerabilities by using a security monitoring tool like Detectify is a great way to improve your site’s security and make it more difficult to target. Our user-friendly UI and educational reports will help you work with security in a structured and simple way.

We work hard on keeping Detectify the most up-to-date and thorough security service for web applications. In addition to our own security team, we have strengthened our security research department with a crowdsourced bug bounty program. We will make sure to keep you updated on security issues by sending alert notifications when new critical vulnerabilities in the CMS you are using are discovered.

WordPress Security

WordPress is a great CMS that’s easy to use and maintain and can be customized with an ocean of plugins and themes. The core is relatively secure but the more you add to the installation, the higher the risk of your site becoming vulnerable. According to WP White Security, over 70% of all WordPress installations were vulnerable in 2014. Security issues in plugins and themes should not be ignored - Detectify covers both!

Examples of WordPress vulnerabilities added to the tool:

  • WordPress YoastSEO Data Exposure.
  • WordPress ColorWay XSS
  • WordPress Twenty Fifteen DOM XSS
  • WordPress Flash XSS in flashmediaelement.swf

Joomla Security

Joomla simplifies working with sites and web applications, so it’s no wonder it’s popular! However, due to the CMS’ popularity, Joomla sites are also at risk of being exploited as one vulnerability in the system can unlock access to hundreds of websites. If you’re a Joomla user, Detectify can help you stay up to date with the latest vulnerabilities!

Examples of Joomla vulnerabilities added to the tool:

  • CVE-2015-7297: Joomla! Unauthenticated SQL Injection
  • CVE-2015-8562: Joomla! Unauthenticated RCE
  • Joomla! Security Check SQL Injection

Drupal Security

Scalable and open-source, Drupal is the third most popular content management platform, used by 2.2% of all websites. No CMS is entirely secure and Drupal is no exception, but Detectify can monitor your Drupal site and help you stay one step ahead of the hackers.

Examples of Drupal vulnerabilities added to the tool:

  • CVE-2012-4000: FCKEditor XSS
  • CVE-2014-3704: Drupalgeddon

Magento Security

Magento is a popular solution for e-commerce retailers as it offers open-source e-commerce software that includes a content management platform. If you use Magento to run your online store, Detectify can help you identify vulnerabilities and prevent security breaches that can damage your brand and revenue.

Examples of Magento vulnerabilities added to the tool:

  • Magento Shoplift SQL Injection
  • Magento SWF “bridgeName” XSS
  • Magento MAGMI XSS & LFI
  • Magento Admin Panel XSS
Coming up with great jokes