The world of CMS can be quite one-sided. With a market share of 60%, WordPress is the dominant force with lots of free or premium plugins and templates. This popularity has lead to a huge third-party plugin and theme development ecosystem creating a whole industry dedicated to the CMS. But what happens when you want to focus on security for your website? Having lots of third-party add-ons to rely on to be updated could be a potential risk. Being market share leader means that not only is it popular, the potential for a security risk is also a lot greater.
Open sourced CMS and third-party plugin management
In a report (seen here) we can see that in the third quarter of 2016 WordPress held a 74% lead on hacked websites, followed by Joomla (17%), Magento (6%) and Drupal (2%). It makes sense that WordPress would be at the top here as there are so many more users on WordPress than any other. And it isn't a surprise that a lot of these hacks are due to third-party plugins. The upside of having an open source CMS is that there is a lot of freedom to create new plugins and themes based on it. But the downside is that you are open for hackers to download the source material and find loopholes to exploit.
Third-party plugins can be increasingly unreliable if the developers aren't regularly patching their product. If the plugins or CMS isn't updated regularly (either through the developer's side or relying on the client side) then this can mean that your client and their business are open to being hacked. Over 72% of all compromises are from PHP based backdoor incidents.
Partnered payment gateways with WebBoss
To deal with important aspects of an ecommerce site we have partnered directly with companies such as Allied Wallet, Barclaycard, and Worldpay who deal directly with the clients. These partnerships mean we bypass any need for third-party plugins which can be troublesome and work solely with their developers to package a secure payment gateway within the system.
A secure CMS for your clients' ecommerce site
Use a CMS that gets updated regularly. Any dedicated team will have developers working on keeping their system secure so keep an eye out for an active development team.
Will your clients be active in updating their site? 94% of Magento's users were compromised due to outdated third-party plugins and CMS. The WebBoss system is an internationally certified ISO 27001 secure system that doesn't rely on third parties. Removing the risk that clients are open to outdated plugins.
When creating clients' passwords make sure you get the client to follow good password rules using the password reset function. Alternatively, you can encrypt and send them a password, this way you can control the strength of the password.
SSL certificates are vital for ecommerce sites. In fact, Google will be changing the way it deals with non-secure domains displaying them as unsafe. Using WebBoss.io developers can create an SSL for their clients creating a secure website without doing anything extra.