A fact many of us learned in high school — that popularity has its downsides — is proving to be true in the world of open source content management systems (CMS).

Take WordPress — the most popular CMS in the world, powering an astonishing 47.4 percent of all sites on the Internet, according to BuiltWith, a website profiler, lead generation, competitive analysis and business intelligence tool.

July, to use a shameless cliché, was both the best of times, and the worst of times, for this inordinately popular platform. New research from 34SP.com found more than half of UK small businesses are using WordPress as a CMS, thereby “finally blowing away its image as just a blogging platform."

The same study also confirmed a few things that were not included in the official results, including the fact 31 percent of 34SP.com clients who use WordPress call wine their favorite beverage (Jägerbombs really disappointed with just 1 percent of the votes) and only 13 percent have more than 500 friends on Facebook. What does this have to do with anything? Nothing. So let's move on.

Webmasters, We Have a Problem

Anyway, the vast majority of companies who said they used the open source platform for their CMS said they liked its ease of use, large support network and vast array of plugins. As tech writer James Bourne noted on developertech, "Put simply, for small businesses that don’t need a site with bells and whistles, WordPress has long been the answer, avoiding both the hassle of HTML and calling up their webmaster every time something crashed."

Unfortunately, the very thing that lures companies — the multitude of plugins — has also been the source of malware infections in recent weeks.

Web security firm Sucuri announced a few weeks ago that it had spotted an automated attack that injected a PHP backdoor file into many WordPress sites.

Sucuri estimated about 50,000 websites had been compromised by exploiting an old version of a popular WordPress plug-in called "MailPoet Newsletters," designed to create newsletters, post notifications and autoresponders.

MailPoet wasn't happy about the bad publicity, complaining on its own blog that "It’s common practice among software security circles to disclose bugs privately with software companies, then get a reward, credit and the possibility to write about it, given a reasonable amount of time to fix it."

Sucuri CEO Tony Perez disagreed, claiming the disclosure was simply in keeping with the company's mission of creating a safer web.

In any event, there is a larger issue here: Any popular CMS can be a high profile target for hackers and attackers. So keep your server software, your CMS and your themes and plugins up-to-date and invest in the best security tools you can find — unless you want to risk your content. (Did you hear about the huge increase in the number of websites compromised with a hidden redirection to pornographic content?)

You can find more things to worry about in Cisco Systems newly released 2014 Midyear Security Report (registration required), which focuses on a number of low-key, low-risk vulnerabilities that hackers are using to exploit systems and access data.

On this light and bright note, let's take a look at what's new in free and open source CMS this month. Keep in mind several platforms noted that this a holiday season — and that they "could not get any interesting info out of the projects."


It’s been a great summer for Hippo. Following a historically successful first quarter, the company has seen continued record growth. New subscription-based business in the first half of the year, compared to the same period in 2013 accelerated by 164 percent. "With a near 50 percent subscription revenue growth rate in 2013, Hippo and its vision of truly personalized multichannel digital experiences show no sign of slowing down," the team boasted.

This growth has included a significant expansion of Hippo’s network of global partners, including Digital Engagement Company AuthX Consulting and web development agency Oshyn.

This month, Hippo is announcing the general availability of Hippo CMS 7.9.1 and the 7.8 to 7.9 upgrade pack. This update means all aspects of the Hippo Enterprise Edition are generally available for implementation by Hippo Customers and Hippo Certified Partners and that the software is supported in production in any project. The update is focused on the quality and stability of the product. To mark the occasion, five members of Hippo’s R&D team share their personal highlights of the new functionality in Hippo CMS 7.9 in this 4-minute video.


The Jahia team got busy working on new customer projects, developing two new products (more soon) and kept on documenting and showcasing its newly announced Portal Factory.

Learning Opportunities

Out of the new content created, the team pointed out three videos demonstrating how Portal Factory meets the needs of the three main portal architectures:

  • When the aggregation is done by the CMS: In this video, Jahia CMS embeds a lightweight application, a Twitter widget.
  • When the aggregation is done by a portal: Both content and existing business application integrate into a single portal and offer personalized access to both via user dashboard. The present example mounts a CMIS compliant repository (application) in Jahia Portal Factory.
  • When aggregation is done by an application: This shows how Portal Factory integrates the new open source framework Esigate. Thanks to this integration, Portal Factory allows you to combine multiple applications and render them on a single page.


Liferay Cloud Services, a new online platform with tools and services for Liferay customers, is set to open for public beta in this month. You can learn more about Liferay Cloud Services, which includes Fix Pack Management, Metrics, Dashboards and Alerts, here.

While it is a few months away, the team is already looking forward to Liferay Symposium North America from Oct. 5 to 7 in Boston, which will bring together Liferay customers, open source community members and other Liferay enthusiasts. From mobile design and strategy to audience-targeted content delivery, the annual event will "address some of the most important needs of enterprises today," the Liferay team claims.


Looking for something to watch? Magnolia published all videos from its recent conference, which you can see here. You can watch the keynote, below:

In other news, Magnolia 5.3.1 has been released. The key fixes and enhancements are described in the release notes.

Chief Visionary Officer Boris Kraft had an article published in Tnooz, which explores why big IT vendors are missing from travel technology.


The big news at Nuxeo is open access of nuxeo.io for trials, which is part of the August fast track release of Nuxeo Platform 5.9.5. 

Nuxeo now offers a free 30-day trial of nuxeo.io, a complete environment for developing and deploying Digital Asset Management, Document Management and Case Management applications on the Nuxeo Platform. The trial includes instant online access to the Nuxeo Platform, Nuxeo Studio for customizing, and the Nuxeo Marketplace for ready-made plug-ins. Software vendors and solution providers can use nuxeo.io to build their own high-density PaaS architecture. 

Nuxeo Platform 5.9.5, to be released in early August, also supports native integration with MongoDB, the leading NoSQL database. This integration offers high performance, availability and scalability of content-centric business applications.

Nuxeo’s online roadmap offers a high level view of what we’re working on for our next long term release — Nuxeo Platform 6.0.

Title image by Mariyana M/Shutterstock.