Security lapse pushed Wordpress further behind Drupal at least for enterprises
Recent hacking of tens of thousands sites running Wordpress content management system casts doubt over Wordpress suitability for enterprise web deployments.
Security firm Websense suggests more than thirty thousand web sites powered by Wordpress cms were compromised by anonymous hackers intended to install fake antivirus software on visitors machines. Flaw seems severe as hackers were able to inject malicious code directly into Wordpress and redirect users to a rogue anti-virus site and dupe them to download and install a Trojan.
Rogue site gives an impression that it is scanning user’s computer for viruses then falsely notify them that their computer is infected and prompt them to download and install fake AV software in order to keep their computer clean. If you encounter such situation please do not download or install anything.
This was an advice; let’s turn to the heart of the issue which is vulnerabilities in Wordpress the world’s most popular cms, web security experts have long been pointing to un-save architecture and loose coding behind Wordpress which can easily be abused by cyber criminals to distribute malicious applications or to redirect users to unwanted websites usually contain pornographic content.
This was a major reason why enterprises are leaning towards more secure and flexible cms Drupal for their security critical websites. In a recently published statistics by BuiltWith, Drupal enjoys commanding (6/1) lead over Wordpress for government deployments and Whitehouse has also picked Drupal to power its main website.
Although it is easier to setup website with Wordpress than with Drupal, but if webmasters could work for few more days to understand and deploy Drupal, they would probably enjoy flexibility of Drupal with robust security.