Any popular website software or content management system will be a target for bad actors looking to compromise many sites at once. For a list of basic security tips for any website, no matter what CMS is used, see Preventing badware: Basics. As with other software, one of the most significant steps you can take to protect your site is to update your CMS and all your extensions and plugins to the latest versions as soon as they are available.

In addition to WordPress, the three CMSes we encounter most often are Drupal, Joomla, and osCommerce. Each of these CMSes has a dedicated forum for users who want to ask questions or share issues. 

Note: Our basic information on Preventing Badware: WordPress is also applicable to most popular CMSes.

A * denotes malware removal or security vendor. StopBadware does not endorse specific products or services. We link to the following sources for their information only!

Drupal

• Securing your site
• All Drupal forums
• Drupal security PSAs
• Security advisories for Drupal core (maintained by Drupal security team)
• Drupal's security advisories for contributed content (third party projects, including modules and themes)
• Tips for securing Drupal from MadIrish.net
• 10 simple steps to protect a Drupal site from StopTheHacker*

Joomla

• Joomla security checklist
• Joomla security and performance FAQs
• Joomla vulnerable extensions list
• Comprehensive list of Joomla security articles
• Joomla forum

osCommerce

• osCommerce security forum
• WeWatch's tips on securing osCommerce*