Open Source CMS – What’s New in This June That You Should Know?

Whenever it comes to talking about open source content management systems, we can’t carry out our talk without talking about WordPress, the most demanding and popular CMS on the earth.

WordPress is one such CMS that has powered a lot of biggest websites in the world like Time magazine, Ted and CNN. Today, WordPress has powered more than 23% of the top 10 million websites in the world, according to W3tech.

However, being big and popular doesn’t mean that it is without problems – and all is not copacetic in WordPress-land, said Nimrod Luria, a CTO of Sentrix. Thousands of WordPress sites are being attached every year because of the huge popularity of this platform.

Extremely Simple to Exploit –

“There are approximately 30,000 plus plugins and 2,000 plus themes listed on the WordPress.org site. As we observed in 2014, some of the most well-known, widespread attacks took advantage of third party plugins. Many plugins are sensitive to cross-site scripting (XSS), SQL injection and other attacks. The fact that WordPress is run on PHP, one of the most popular open source development languages, makes it easy for attackers to exploit bug-riddled PHP code, along with theme and plugin files," said Nimrod Luria.

He also observed that the WordPress community has a lot of contributing developers, who are constantly expanding this platform along with its themes and plugins.
Even WordPress administrators are also informed about the plugin version updates on their dashboards; however, not all are following the best practice of keeping their platforms up to date.

Moreover, WordPress websites, which are hosted on a shared environment, the hosting service providers are not giving guarantee about timely patching, often leaving website owners exposed to attacks.

What to Do?

For hosting a WordPress-based website, numerous options are there from on-premises all the way to fully managed platforms like WPengine. When evaluating WordPress hosting solutions, the main reflection is security along with the flexibility and ease of management.

He said, “With on-premises and other simple hosting solutions such as VPS or 'dedicated,' as the site owner, it is your responsibility to secure and update your site, and ensure performance and availability.” He also added, “However, you also need to consider that hosting your website with a third party hosting company does not guarantee security. Due to the shared environment, if any site on a server is hacked, other sites on the same server may also be compromised."

Admin Access and Authentication –

On WordPress websites, brute-forcing account credentials are the extremely common attack. Some of the other ways that passwords can be compromised like sniffing credentials over an HTTP login session or even recovering them directly from WordPress administrator workstations.

Moreover, plugin authentication failures may also enable attackers to increase administrative rights and perform AJAX functions, which are specially designed to be used by website operators. He added, “Obviously, gaining admin or server management account access provides attackers with complete access to affiliated WordPress instances.”

Uploaded User Content –

WordPress is one such CMS that allows its users to upload their own content as writers or editors. Luria explained,This security risk could result in untrusted users uploading HTML or JS files in order to launch attacks, such as XSS, against users that will visit that site. By executing an XSS attack a hacker can silently gain control of user credentials.”

With WordPress platform, you can also share your own experience and other open source CMS platforms in the comments below. Now, let’s have an instant look at what’s new in open source CMS world in the month of June:

Composite C1: 

A team of the Composite C1 has established the Mercury starter website, a modern and animated mobile-first website. In addition to this, it also comes with a portfolio, contents search, a form builder, employee profile page and a lot more. It is built on:
  • For page templates, ASP.NET Razor using Razor Web Pages.
  • Bootstrap is also a leading front-end framework that used for developing responsive and mobile-first web projects.
  • LESS, an extension to the CSS language, supporting mix-ins, variables, functions and a lot of other tactics in your stylesheets.
When it comes to talking about the Mercury starter website, it comes with numerous pre-installed add-ons and supports theming. Users can also directly modify its appearance. 

 Moreover, users are capable enough to personalize the website by changing its colors, adding their own logo, updating links in the page footer, additional projects with pictures and videos to their portfolio and more.

Hippo: 

Hippo is well-known for bursting some bubbly at its headquarters. And till now no one has talked about what’s next on the agenda. But the release of Hippo CMS 10 and debut of its Content Performance Platform have been important milestones. Moreover, you can also find Hippo CMS 10 release notes and a viewpoint on the game changing nature of this new release from the partners, AuthX.

You can find Hippo CMS 10 release notes here and a perspective on the game changing nature of this most recent release from our partners, AuthX, here. Well, the team of Hippo calls CMS 10 as the “most groundbreaking release to date.” The CMS has adopted principles from marketing automation, redefining the WCMS as intelligent marketing technology software that mainly used to optimize and personalize the customer journey.

Joomla:

When it comes to talking about Joomla Bug Squad, the CMS has a new Bug Squad Co-Leader, Tobias Zulauf.

A trainee specialist for system integration in Germany ‘Zulauf’ has been involved with Joomla since 2011. After that, he became an active Joomla Bug Squad member and code contributor.

He is also active in the German part of Joomla Land and moderator in the German forum and a member of the team of Joomla Bugs DE Project.

A team that is working within the Production Working Groups ‘The JBS’ is responsible for recognizing and fixing bugs within Joomla.
  • Reports bugs on New Issue Tracker
  • Fixing noted bugs and resolving reported problems as per the Bug Tracking Process.
  • For reported problems, scans the Joomla CMS 3.x Bug Reporting Forum and helps community members solve these problems.
However, the Bug Squad is also helpful with testing and quality assurance during a new important version is developed. When a version switched from beta-stage to the stable-stage, the bug-squad is in the lead within the development cycle of Joomla.

SilverStripe: 

Users will get a new major release to the SilverStripe Blog module with enhanced categorization, spam protection and management and permissions. Moreover, the SilverStripe Lessons section is expanding and the documents and video tutorials are onboarding new community members.


Stay connected with to get more information on the open source solutions and CMS solutions. Moreover, you can also hire our open source developer to get an instant solution or any of your queries related to open source project!
Share this article :
 

Post a Comment

 
Template Design Created by PERCEPTION SYSTEM PVT LTD Copyright © 2012. Open Source Customization Services | Open Source Web Development India - All Rights Reserved
Follow on Facebook Page Follow On Twitter Subscribe to rss feed

Design By:
Proudly powered by Blogger