With all of the great advantages of using a CMS to power your next website, the benefits come with serious security issues that need to be carefully managed. Typical solutions to the problem … locking down points of entry … tend to defeat the benefits of the open and collaborative environment the CMS is designed to enhance in the first place.
We recommend a number of things to our clients embarking on a new CMS based site, but the first and most important is a plan for much more frequent updates than you are used to.
Make sure there is a disciplined plan to monitor the CMS for these available updates, to implement them, and then to test carefully after installation.
It’s not unreasonable to think in terms of monthly updates with popular CMS’s like WordPress, Drupal and Joomla (75-80% of all CMS based sites).
Making sure you have a plan to handle this work can keep you out of more expensive security issues.