Blogging Platforms Vulnerabilities

Blog SecurityStarting from Wordpres latest Akismet vulnerability, I was thinking of the impact that blogs have allready made in the way we use the internet nowadays. In terms of social networking and web interactions, the Web 1.0 brought the forums . Web2.0 brought the extensive use of blogs and this fact isn’t going to change.

On May 16 WordPress released it’s 2.2 version and a few days later, the download counter already shows 42,000 downloads. The install base it’s huge and this is one of the reasons that blogs have become attractive targets for the  spammers / crackers . Spam comments are just one example of blog abuse .

I reviewed the number of security vulnerabilities published for the major blogging platforms in the past year (May 2006 – May 2007) . The numbers are high, especially for the open source products (WordPress, Drupal).

The number of publicly disclosed vulnerabilities in blogs during May 2006 and May 2007 according to securityfocus vulberability database:

 However, it’s hard to say which blogging platform is most secure and it’s almost impossible to say which blogging platform is best for your blog. You can use a very convenient blog publishing system such as MovableType or TypePad but you will face the black box approach when it comes to application security. Rolling your own install might seem difficult (although it’s not) but using an open source product will bring you the advantage of  quickly  "looking under the bonnet" and applying a bugfix in seconds.

There is also the option of using a hosted blogging service such as blogger.com or wordpress.com which saves you from keeping up with vulnerabilities and patches. I’m not going to get into the details of  why you should  / shouldn’t use such a service because Darren Rowse explained very well at Problogger.net .



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge