Online Security, your DNN CMS and a Wordpress hack

Online security is rarely out of the news now, and as more and more of our personal information is online this is something which potentially affects us all.  Whether it is a report of a security breach by a major UK company allowing personal information from customers to get into the wrong hands or allegations of hacking reportedly affecting the US presidential election, online security breaches have become something we are used to hearing about.

A recent BBC news item about security vulnerabilities allowing tens of thousands of WordPress websites to be hacked highlights the need for robust security in your chosen web CMS.  A security firm identified the bug, classed as ‘severe’ and reported it to WordPress on 20th January, who delayed going public about it until 26th January, when a patched version of the popular platform was released, prompting many sites and blogs to apply the update.   However, there are still a number of sites which have not applied the update, leaving them open to hackers.  One security company reported 800,000 attacks across the WordPress sites which they monitor in 24 hours and whilst currently, the vulnerabilities are targeted by hackers only to deface the sites, they are sure to be targeted in future to be used as proxies for malware or spam campaigns as these activities enable hackers to exploit the vulnerabilities and make money.

Incidents like this highlight the importance of robust security in your chosen CMS.  Built on the Microsoft .NET architecture, security in DNN is inbuilt and assured.  This, combined with DNN’s formal security policy, promises full transparency when security vulnerabilities are identified.  Reported threats prompt the security task force to issue security bulletins to the DNN Community.  These bulletins inform the community of the issues and rates their severity, also giving information regarding any available fixes and workarounds.   All this information is available online through the security centre, which is active 24/7. 

As an open source platform with an extensive developer network of over a million, and a dedicated security team, security patches for identified threats to DNN are usually available very quickly.  An advantage over proprietary software which can often be slow to offer updates.

All of which means that, in contrast to the recent WordPress issue, it would likely be much less than 6 days before a solution was available to an identified threat, minimising the scale of any potential attacks.

The ability to assign security roles in DNN also enhances security by enabling you to control and manage who can access specific areas of your website, either through pre-assigned or custom security roles.

We believe that DNN offers one of the most secure CMS solutions available, the importance of which is only going to increase in future as the stakes get ever higher.