Learn More





DNN Community Blog

The Community Blog is a personal opinion of community members and by no means the official standpoint of DNN Corp or DNN Platform. This is a place to express personal thoughts about DNNPlatform, the community and its ecosystem. Do you have useful information that you would like to share with the DNN Community in a featured article or blog? If so, please contact .

The use of the Community Blog is covered by our Community Blog Guidelines - please read before commenting or posting.

WCMS Security – How Secure is Your Installation?

WCMS Security – How Secure is Your Site?

As more and more enterprises assume responsibility of their own web properties and rely on some kind of WCM solution, security is of course one major concern that is on everyone’s mind. The potential loss from not keeping your software up-to-date with the latest security fixes and updates can be enormous. You need software that has a secure reputation in the market and can give you peace of mind that your most critical online business assets are safe…

Security Beliefs @ DNN

One of the most important aspects of what we do at DNN Corp is make sure we have done everything possible to ensure we are protecting your data and website content to the best of our abilities. With this in mind, I want to surface some interesting data points to iterate the strengths of DNN as a highly secure web platform, and to educate you on how the DNN Product Team safeguards the security of your websites.

DNN has had a formal security policy and related procedures in place since 2005. The policy was created and released with a goal of making our security philosophy and practices publicly known to all of our users and customers.Our colleagues at Microsoft supervised the writing of the policy; making sure it was in line with industry standards and Microsoft's standards as well. (

With regards to keeping our clients "in-the-know" when it comes to security, we believe in full transparency… any time a security vulnerability is discovered and verified, we will publicize the details of the security risk, its severity, type, etc... We maintain a database of all security vulnerabilities as well as the DNN version(s) that are susceptible, and we make this information available through our Security Center ( The database is integrated with DNN's Update Service so that site administrators are notified immediately of those security risks via the product's user interface so they can take action if need be. In addition to our responsiveness, we take extensive proactive steps to ensure our platform is as secure as possible. Steps like regular security reviews and testing against the platform, staying up-to-date with data from industry-leading security agencies and also by having independent third party agencies running their own security audits against DNN, using both automated tools and other expert security agencies to keep DNN as secure as possible.

In Good Company

One way of understanding how secure a WCM system is, would be to see who is using the product currently, and why they believe it's the best choice. One of the most tell-tale clients DNN Corp has the pleasure of mentioning is the United States Department of Defense. They decided in 2012 to utilize DNN as their WCM solution for their entire portfolio of websites – a decision which was definitely influenced by the secure reputation of our products... This group of highly visible public websites needed to be on a platform that is highly-secure and obviously very security-conscious.

Myths and Reality

One major consideration that decision makers face with the process of choosing an open source solution, is, "how secure is the solution?", and "how much time and manpower will be needed to keep it secure?". Truth be known, the exact same security concerns exist with proprietary WCM solutions as they do with open source WCM solutions. During a recent interview about choosing a CMS, a global pharmaceutical organization's IT manager said that he believed that open source WCM offerings are more secure than proprietary solutions because "Unlike our [previous] proprietary solution, where we'd have to wait a long time for security patches to be released, we now get security patches much faster thanks to the developer network.".1

Because DNN has a network of over a million developers, and a dedicated security team working round the clock to ensure your DNN solution is as secure as possible, you can feel more at ease knowing that choosing DNN as your platform will guarantee success with your projects now and in the future. We are working relentlessly to ensure you have the most secure WCMS on the market today, and we intend to keep it that way in the days and years to come. The US Department of Defense believes in our platform and we know you will to. Please feel free to send us an email, and we'd be happy to discuss the platform and our security practices more extensively with you.

1 Forrester Consulting (Commissioned By Acquia), October 2012:
"Is It Time To Consider Open Source WCM For Digital Experience?"


There are currently no comments, be the first to post one.

Comment Form

Only registered users may post comments.


2sic Daniel Mettler (125)
Aderson Oliveira (15)
Alec Whittington (11)
Alex Shirley (10)
Andrew Nurse (30)
Anthony Glenwright (5)
Antonio Chagoury (28)
Ash Prasad (22)
Ben Schmidt (1)
Benjamin Hermann (25)
Benoit Sarton (9)
Beth Firebaugh (12)
Bill Walker (36)
Bob Kruger (5)
Brian Dukes (2)
Brice Snow (1)
Bruce Chapman (20)
Bryan Andrews (1)
cathal connolly (55)
Charles Nurse (163)
Chris Hammond (203)
Chris Paterra (55)
Clinton Patterson (28)
Cuong Dang (21)
Daniel Bartholomew (2)
Dave Buckner (2)
David Poindexter (3)
David Rodriguez (2)
Doug Howell (11)
Erik van Ballegoij (30)
Ernst Peter Tamminga (74)
Geoff Barlow (6)
Gifford Watkins (3)
Gilles Le Pigocher (3)
Ian Robinson (7)
Israel Martinez (17)
Jan Blomquist (2)
Jan Jonas (3)
Jaspreet Bhatia (1)
Jenni Merrifield (6)
Joe Brinkman (270)
John Mitchell (1)
Jon Henning (14)
Jonathan Sheely (4)
Jordan Coopersmith (1)
Joseph Craig (2)
Kan Ma (1)
Keivan Beigi (3)
Ken Grierson (10)
Kevin Schreiner (6)
Leigh Pointer (31)
Lorraine Young (60)
Malik Khan (1)
Matthias Schlomann (15)
Mauricio Márquez (5)
Michael Doxsey (7)
Michael Tobisch (3)
Michael Washington (202)
Mike Horton (19)
Mitchel Sellers (28)
Nathan Rover (3)
Navin V Nagiah (14)
Néstor Sánchez (31)
Nik Kalyani (14)
Peter Donker (52)
Philip Beadle (135)
Philipp Becker (4)
Richard Dumas (22)
Robert J Collins (5)
Roger Selwyn (8)
Ruben Lopez (1)
Ryan Martinez (1)
Salar Golestanian (4)
Sanjay Mehrotra (9)
Scott McCulloch (1)
Scott S (11)
Scott Wilkinson (3)
Scott Willhite (97)
Sebastian Leupold (80)
Shaun Walker (237)
Shawn Mehaffie (17)
Stefan Cullmann (12)
Stefan Kamphuis (12)
Steve Fabian (31)
Timo Breumelhof (24)
Tony Henrich (3)
Torsten Weggen (2)
Vicenç Masanas (27)
Vincent Nguyen (3)
Vitaly Kozadayev (6)
Will Morgenweck (37)
Will Strohl (163)
William Severance (5)
Try Evoq
For Free
Start Free Trial
a Demo
See Evoq Live
Need More Information?