| Content Management Systems or CMS makes it | | | | malware. Distributing malware is not the only thing |
| easier to create and design Web sites. The beauty of | | | | hackers can gain access to but also they can use |
| using a CMS for your Web site is that even if you do | | | | your high-speed network to their ends. |
| not know how to write a single line of code or HTML, | | | | Further, other CMS have the same problems. |
| you can still create professional looking Web pages. | | | | WordPress, arguably the best-known and widely used |
| With a CMS, you can also easily change the design of | | | | content management system has time and again fallen |
| your site without affecting the content too much, | | | | prey to security vulnerabilities. In 2009, IT security |
| making it far easier to apply changes to the whole site. | | | | company Secunia reported the following security flaws |
| Content management systems also allow for | | | | found in WordPress systems: |
| collaborative Web site design and maintenance, giving | | | | * System access |
| several users different levels of access so that they | | | | * Privilege escalation |
| could change Web pages as necessary. | | | | * Denial of Service |
| CMS Security Flaws | | | | * Cross Site Scripting |
| The problem with most CMS packages is that it is | | | | * Security Bypass |
| peppered with security vulnerabilities that can bring | | | | The good news is that the people at WordPress.org |
| serious problems to those who use it. A lot of hackers | | | | are proactively looking for these vulnerabilities and |
| have been targeting these vulnerabilities in open source | | | | patching them. But the fact that these security holes |
| CMS like WordPress, PostNuke, Drupal and phpBB. | | | | continue to crop up even as a new version of |
| Most try to gain unauthorized access to your system | | | | WordPress comes out highlights one important thing to |
| to create botnets for denial of service attacks or | | | | remember when using CMS: you can not really on |
| identity theft scams. | | | | CMS vendors and providers to come up with a |
| A hacking incident involving AMD, a leading global chip | | | | completely safe and secure content management |
| manufacturer, illustrates the point. In 2006, AMD's | | | | platform. What is more, some providers do not even |
| customer service and support forums were hacked. | | | | bother to come up with patches to plug known |
| The perpetrators then used the forums to distribute | | | | vulnerabilities! |