Why Running Your Own CMS is a Bad Idea

In the past week, there have been many reports on Drupal instances on the internet being compromised by a newly discovered vulnerability called Drupalgeddon 2.

This vulnerability allows attackers to take full control of the server and its content. Even though a patch was released by Drupal on March 28th to correct the vulnerability (CVE- 2018-7600), many servers are still being heavily attacked and abused.

According to Drupal, over a million sites are powered by their open source CMS, and around 100.000 of them are indexed by the Internet-connected devices search engine Shodan. The fact that a service like Shodan can keep track of patch levels makes it easy for hackers to find vulnerable targets.

It is not uncommon to see websites hacked, especially those hosted by open source CMS, such as Wordpress and Drupal. The issue here is not that these systems are insecure. The point is that in order to run them, the system admin needs to install, configure and maintain not only the CMS but also the operating system, the database and, who knows, a physical server or a Virtual Private Server somewhere.

The decision to use a free and open source CMS is simple at first: it seems easy and straightforward until the system administrator finds him or herself stuck with managing a service — not running a website.

The point is that managing a server and a CMS service is hard. Patching a critical vulnerability can take a long time, especially in large companies that usually have complex environments and long change management cycles.

Some administrators managing their own CMS might not even be aware of a critical vulnerability before it’s too late. Your website now is not only offering affordable vegan recipes as intended, but it’s also being commanded by criminal gangs and abused to attack other websites. And to make matters even worse, if the data leaked from the breach includes private data it can become an issue with the EU GDPR, the EU General Data Protection Regulation coming into effect in May 2018.

The solution — Content Infrastructure

You can run a website without the burden of maintaining a full CMS. We call our solution Content Infrastructure.

Focus on code and content — not administration

Developers want to spend their time developing. Building apps and services that interact with our content infrastructure is the modern way to free developers from the burdens of managing an old-school, monolithic CMS. Worrying about database architecture, uptime, and scalability issues is now a thing of the past.

Content infrastructure adds a layer of security

With a centralized and hosted solution like content infrastructure, you get an extra layer of protection. You no longer have to stay awake at night wondering if your CMS is adequately patched to keep hackers out.

We take care of keeping your content secure so that you can focus on building great apps. And in true HTTPS everywhere fashion, we serve content using encrypted connection right out of the box.

About the author
Don't miss the latest
Get updates in your inbox
A monthly newsletter to help you build better digital experiences with Contentful.
add-circle arrow-right remove style-two-pin-marker subtract-circle