1 users online. Create an account or sign in to join them.Users

Search

One of our clients asked about the security of their CMS after having problems with a Wordpress site. I did a little research and found very few mentions of Symphony security vulnerabilities. Back in v2.3 there was a XSS problem, but little else. I looked through the release notes and found very few security patches.

On the other hand, Wordpress pushes out security patches every few weeks.

My assumption is that Symphony is inherently more secure than Wordpress. Is that true? And if so, why? Is there a structural reason? Or is it "security through obscurity?"

My assumption is that Symphony is inherently more secure than Wordpress. Is that true?

No, unfortunately it’s not. We try our best, but the ageing codebase is way behind industry standard in terms of coding- and security best practices, to be honest. Just my personal opinion, not sure if others would agree. I think it’s definitely not worse than WordPress, though.

Or is it “security through obscurity?”

Exactly. Symphony isn’t a worthwhile target such as WordPress, so you’ll have less issues with automated attacks.

Thank you! I've come to enjoy working with Symphony. Hopefully we can convince the client to stick with it.

I've come to enjoy working with Symphony.

That’s a common problem around here... ;)

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3 or above
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details