Often when I sell Umbraco-solutions, over Wordpress, one of the sellingpoints, is the amount of security-issues and hacked websites in Wordpress.
I often experience Wordpress-solutions with security-issues, where it often is the plugins the solution uses or a issue with Wordpress.
But I never heard of a Umbraco-solution, where it was a security-issue in the core of Umbraco, and not a coding-error (SQL-code or similar), from the developer.
Is there any statistics in hacked Umbraco-solutions that are known of?
DonĀ“t know if there is some statistics about how many Umbraco installations that has been hacked.
But you can read on our website what we are doing about security in Umbraco CMS, and also what to do if you discover a vulnerability issue in Umbraco CMS,
We don't have any stats on this. Personally I've heard about 1 incident in my 4 years of working at Umbraco (and I can't remember the details, I'm not even sure this was caused by a vulnerability in Umbraco).
The comparison is also unfair: Umbraco is the backbone for about 400K websites (that we know of) whereas Wordpress boasts it's running over 25% of the websites in the world; over 75 million sites are reported to use Wordpress.
Remember the days where Apple would claim that there were no viruses for the Mac? That's because the target wasn't big enough. These days Macs DO get viruses because Apple has been great at increasing their market share. So while Umbraco is not an appealing target right now, I'm sure there will come a time where we will have a serious incident.
We also don't have any illusions: none of the packages/plugins for Umbraco are vetted for security issues by anyone at Umbraco HQ so at some point we'll run into the same problem that Wordpress does: a faulty plugin will cause a problem for multiple sites.
That being said, we do take great care to build our software to be as secure as possible (https://umbraco.com/security is a good resource) and we regularly get reports from independent penetration testers trying to find problems in Umbraco (which, if confirmed, we fix as soon as we can).
How often has Umbraco been hacked?
Hey all
Often when I sell Umbraco-solutions, over Wordpress, one of the sellingpoints, is the amount of security-issues and hacked websites in Wordpress. I often experience Wordpress-solutions with security-issues, where it often is the plugins the solution uses or a issue with Wordpress. But I never heard of a Umbraco-solution, where it was a security-issue in the core of Umbraco, and not a coding-error (SQL-code or similar), from the developer.
Is there any statistics in hacked Umbraco-solutions that are known of?
Best regards Kristoffer
Hi Kristoffer,
DonĀ“t know if there is some statistics about how many Umbraco installations that has been hacked.
But you can read on our website what we are doing about security in Umbraco CMS, and also what to do if you discover a vulnerability issue in Umbraco CMS,
https://umbraco.com/products/umbraco-cms/security/
All the best,
/Dennis
Hey Dennis
I've read the post regarding security before, and it looks great
We don't have any stats on this. Personally I've heard about 1 incident in my 4 years of working at Umbraco (and I can't remember the details, I'm not even sure this was caused by a vulnerability in Umbraco).
The comparison is also unfair: Umbraco is the backbone for about 400K websites (that we know of) whereas Wordpress boasts it's running over 25% of the websites in the world; over 75 million sites are reported to use Wordpress.
Remember the days where Apple would claim that there were no viruses for the Mac? That's because the target wasn't big enough. These days Macs DO get viruses because Apple has been great at increasing their market share. So while Umbraco is not an appealing target right now, I'm sure there will come a time where we will have a serious incident.
We also don't have any illusions: none of the packages/plugins for Umbraco are vetted for security issues by anyone at Umbraco HQ so at some point we'll run into the same problem that Wordpress does: a faulty plugin will cause a problem for multiple sites.
That being said, we do take great care to build our software to be as secure as possible (https://umbraco.com/security is a good resource) and we regularly get reports from independent penetration testers trying to find problems in Umbraco (which, if confirmed, we fix as soon as we can).
Hey Sebastiaan
You made some very valid point, regarding the great difference in volumne.
is working on a reply...