2 min

More than half of all professional content management system (CMS) users are worried about the security of their system.

The number arises from a report by Storyblok. The CMS developer surveyed hundreds of CMS users in the US and Europe. Most respondents view security as a priority when choosing a new content management system. This should come as no surprise. Vulnerable content management systems are a major opportunity for cybercriminals.

The problem with security

WordPress is by far the most popular CMS. The open source platform invites thousands of developers to develop and provide applications. If you’re looking for a specific website style or function, there are typically multiple third-party apps available. Code is shared and executed en masse. Vulnerabilities and leaks are common.

On 1 February, more than 600,000 WordPress websites were found to be susceptible to remote code execution. A month later, we learned that 29 percent of all vulnerabilities in third-party WordPress apps are never patched. Storyblok’s survey shows that more than half of CMS users encounter one or more security problems per month. Moreover, 48 percent say they implement security updates two to four times a month.

The latter can take up a lot of time. In the case of WordPress, most vulnerabilities occur in third-party apps, also known as plugins. The system itself is open source, which means there’s no official patch management solution available. Administrators are on their own. They regularly have to deal with dozens to hundreds of plugins. If a plugin turns out to be vulnerable, there’s no guarantee that a patch will be released. Patches that do come around can take quite some time. Developers often work alone or with a handful of colleagues.

Story block ISO 27001

At the end of the day, WordPress security can be quite a challenge. The same can’t be said for every CMS system. There are plenty of platforms developed by central teams and large organizations. One example is Storyblok’s CMS system. Last month, the platform received the ISO 27001 certification. The certificate is awarded to developers who audit their infrastructure, test software and secure data.

The aforementioned survey shows that most CMS users value security certificates. The majority considers each certificate equally important. A small group prefers to work with ISO-certified technology.