Home/ Questions/Q 157397
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T10:29:48+00:00

I’ve used WordPress and Joomla to build a couple of small websites, and done

  • 0

I’ve used WordPress and Joomla to build a couple of small websites, and done some hacking about to get them running exactly as I want. But both of these, and probably many other PHP CMSs, are subject to a constant barrage of security fixes. I don’t have to time to test the fixes, make sure my customizations are still working, and roll them out before anyone attacks the site, then do the same thing again a month later – I’ll never get anything else done with that kind of overhead.

So my question is: Is there a (preferably PHP) content management system that somehow successfully avoids the constant barrage of security updates and resulting testing/sysadmin work? So I can just work on it when I have time, not keep racing to patch the latest attacks?

Bonus points for having a sane plugin model to make it easier to code against. More bonus points if it provides an easy method to import data from Joomla and/or wordpress.

Thanks

EDIT: As rightly pointed out, avoiding updates entirely is not a sensible goal. Rather, I want to minimize the pain of updates. So what I’m really looking for is:

  • Easy to adapt and theme in a way that is guaranteed not break during updates
  • Simple update process
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. there is no cms (no software, for that matter) so secure you never have to update. developers make mistakes, and new exploits appear. so every cms should be ‘subject to a constant barrage of security fixes’. if it is not, you should ask yourself about the security policy of the project and the security of your site. see The Open Security Model, Drupal and ExpressionEngine on Security for a related read.

    so unless you don’t care about the security of your site, you are asking the wrong question. i think it should actually be: is there a cms that is customizable without modifying core files so that security updates don’t break my customizations? or: how can i customize a cms so that security updates don’t break my customizations? security updates usually don’t break a (even customized) site – unless the customizations are done the wrong way.

    my answer to that new question would be Drupal (including bonus points).

    • 0