CONTENT MANAGEMENT SYSTEM SECURITY

Content Management Systems (CMS) are often used for website development. Websites are targets of various malicious attackers, and therefore it is necessary to be familiar with the security level of websites.The paper describes some basic features of the well-known open source CMS platforms: WordPress, Joomla and Drupal. It also explains the ten most common web vulnerabilities. Web vulnerability testing has been carried out by means of various software tools. The basic installations of the CMS systems have been tested. After having tested each web vulnerability, a possible additional web security measurement for each CMS is indicated. The web vulnerabilities which cannot be directly affected by the CMS security settings have been explained. It has been shown that the basic installations of the CMSs fail to ensure safety requirements due to irresistance to some threats. Necessary software tools for the tested CMSs have been specified in order to ensure the resistance to threats which have not been provided in the basic installation of the tested CMSs. A questionnaire has been developed for the purpose of examining the security level on the websites of business entities in Croatia, and a survey has been conducted in Croatian business entities engaged in computer science, accounting and industry.