A fact many of us learned in high school — that popularity has its downsides — is proving to be true in the world of open source content management systems (CMS).

Take WordPress — the most popular CMS in the world, powering an astonishing 47.4 percent of all sites on the Internet, according to BuiltWith, a website profiler, lead generation, competitive analysis and business intelligence tool.

July, to use a shameless cliché, was both the best of times, and the worst of times, for this inordinately popular platform. New research from 34SP.com found more than half of UK small businesses are using WordPress as a CMS, thereby “finally blowing away its image as just a blogging platform."

The same study also confirmed a few things that were not included in the official results, including the fact 31 percent of 34SP.com clients who use WordPress call wine their favorite beverage (Jägerbombs really disappointed with just 1 percent of the votes) and only 13 percent have more than 500 friends on Facebook. What does this have to do with anything? Nothing. So let's move on.

Webmasters, We Have a Problem

Anyway, the vast majority of companies who said they used the open source platform for their CMS said they liked its ease of use, large support network and vast array of plugins. As tech writer James Bourne noted on developertech, "Put simply, for small businesses that don’t need a site with bells and whistles, WordPress has long been the answer, avoiding both the hassle of HTML and calling up their webmaster every time something crashed."

Unfortunately, the very thing that lures companies — the multitude of plugins — has also been the source of malware infections in recent weeks.

Web security firm Sucuri announced a few weeks ago that it had spotted an automated attack that injected a PHP backdoor file into many WordPress sites.

Sucuri estimated about 50,000 websites had been compromised by exploiting an old version of a popular WordPress plug-in called "MailPoet Newsletters," designed to create newsletters, post notifications and autoresponders.

MailPoet wasn't happy about the bad publicity, complaining on its own blog that "It’s common practice among software security circles to disclose bugs privately with software companies, then get a reward, credit and the possibility to write about it, given a reasonable amount of time to fix it."

Sucuri CEO Tony Perez disagreed, claiming the disclosure was simply in keeping with the company's mission of creating a safer web.

In any event, there is a larger issue here: Any popular CMS can be a high profile target for hackers and attackers. So keep your server software, your CMS and your themes and plugins up-to-date and invest in the best security tools you can find — unless you want to risk your content. (Did you hear about the huge increase in the number of websites compromised with a hidden redirection to pornographic content?)

You can find more things to worry about in Cisco Systems newly released 2014 Midyear Security Report (registration required), which focuses on a number of low-key, low-risk vulnerabilities that hackers are using to exploit systems and access data.

On this light and bright note, let's take a look at what's new in free and open source CMS this month. Keep in mind several platforms noted that this a holiday season — and that they "could not get any interesting info out of the projects."


It’s been a great summer for Hippo. Following a historically successful first quarter, the company has seen continued record growth. New subscription-based business in the first half of the year, compared to the same period in 2013 accelerated by 164 percent. "With a near 50 percent subscription revenue growth rate in 2013, Hippo and its vision of truly personalized multichannel digital experiences show no sign of slowing down," the team boasted.