Need a Secure and Simple CMS

Recently had a bad experience with Wordpress on security front. I had to resort back to good old HTML with absolute minimum use of JS temporarily. I had to get LAMP re-installed to make a clean re-start on a dedicated server.

While HTML is simple with minimum security holes (when done correctly) it’s a step backward. I’m looking for a CMS with security and simplicity high on agenda. I like to use it for general blog style news etc site. Nothing special. It could even be without use of database as long as it takes away the pain of manual categorization and archiving away with minimal security holes.

I don’t like Joomla, Drupal type CMS as I found them not easy to use and maintain. Any suggestions…?

Who’s your hosting provider?

There are steps to take to improve security, both on the server-side and for wordpress specifically.

Here are some of the steps I usually follow for locking things down:

  1. Essentially, set your file permissions correctly. This guide makes a few notes in that regard:

  1. Prevent directory browsing with your primary .htaccess file by including a line for
Options All -Indexes
  1. create a new administrator user (with a username that doesn’t include “admin” or “administrator”). Log in as that user and delete wordpress’s default admin user.

  2. Install these useful security plugins:

These plugins actually do a few things that save you from doing a few things manually. They prevent brute-force login attempts, scrub the wordpress version information from the generated source code (if a hacker knows what version you’re running, they know what specific attacks to employ), plus a few other odds n’ ends.

  1. Put an HTTP password prompt on the wp-admin directory. While this won’t stop brute force attacks, it is another wall a hacker will have to break through in order to get to your site. You can either do this through your host’s control panel (usually labeled as “protected directories”, or manually with a htaccess and htpasswd file).

  2. Update the core & plugins. New releases often have fixes and plug security holes.

  3. Pay attention to what plugins you have installed and enabled. Don’t install brand new plugins that haven’t been tested for security issues. Delete plugins you aren’t using (not just deactivate).

  4. Use a table prefix when installing wordpress. This will help obfuscate your database a little bit, protecting from some generic attacks (note that this should not a primary security measure as it can be countered)

  5. Use wordpress’s security keys:

  6. Make regular backups in the event something happens. Backup your files, and the database. Here’s a plugin that will backup the database:

  7. Lastly, follow all the common sense things about keeping passwords secure and making strong passwords.

I would not recommend Joomla from a security standpoint. It has always tended to have a lot of exploitable avenues for attacks. I’m not familiar enough with drupal to comment on it.

Movebaletype and Expressionengine have excellent security records.

Mt advisories -
EE advisories -

Try pmwiki (

easy, customizable, and it comes with a full security system.

Wikis are a bit of a headache to maintain, considering the intent is to allow others to edit them.

Thx to all for replies.

Wordpress is all nice but since it has become well known, it seems that it became one of the favorite target for hackers.

Somehow, I don’t feel going back to WP in near future.

Recently I had a look at sNews but PmWiki looks more promising for my needs.

What kind of security problem did you encounter? Please give some details, I’ve got a WP site myself and would like to know. :slight_smile:

I don’t know the full details but tech guys told me a malware script was injected via WP security hole. Perhaps we used outdated or bad plug-in. WP could have approved and secure plug-in list to improve the security. As a result my site was blocked by Google as an Attack site, twice. That’s why they had to re-install LAMP.

Hey graspit. I have managed to install PmWiki with some guesswork. PmWiki instructions is not that well written. I think they assume user knows about php and server settings quite a bit. I’m stuck on initial setup tasks. Do you know there if there is a clear guide for beginner to set things up?