I am often asked to supply information to support the choice of Drupal for a project. This document from Sucuri is something I think will be useful in doing just that. It is an analysis of security issues with real installations of the top CMS platforms.
Drupal is by far the best performer in the top 4 systems, 52 times less likely to be hacked than Wordpress . However, the report concludes that this is not a direct reflection on the core software (although that is a significant factor) it is the installation, configuration and maintenance of the core software that is the major contributor.
Should anyone be surprised by this? Drupal has a reputation for being 'difficult', you don't have to look far on the web to find quotes like:
"Two days with Drupal and I gave up as there were too many techie things I had to take care of! Two days with Wordpress and my client's site is humming along!"
Now, those 'techie things' are, almost certainly, really important from a stability and security perspective and absolutely need doing. Rather than do it properly for their client, the developer decided to choose the path of least resistence, by-pass things they don't understand and move on to their next client. This is not a fault with Wordpress, but it is a symptom of the 'site builder - no expertise needed' approach that it supports.
The net result is that a site built in Drupal is much more likely to have been built and configured by people with a deeper understanding of the 'techie things' and, therefore, is likely to be more stable and less vulnerable to compromise.
So using people with expertise reduces your online risk - who knew?
This mailing list is announce-only.
I-ntarsia is a Digital Service Platform bringing the power Drupal 8 content management and ecommerce system to the widest range of digital architects, designers and corporate end users.
We use the I-ntarsia Directions list to post articles, announce new products and services as well as to make unique offers to subscribers. If you are involved with the development and operation of one or more websites then you may benefit from our announcements on this list.
Subscribers should expect no more than one mail per week as an absolute maximum from this list.