This paper presents a method of security analysis of websites around 3 content management systems (CMS), namely WordPress, Joomla, and Drupal. The analysis aims to provide key inputs into CMS configuration reconnaissance of websites and assess the overall security posture of CMS-based websites depending on various criteria, including the version of the CMS, the presence and use of security plugins or extensions, the complexity of website customization, and frequency of software updates applied. The aim of this intel and analysis is to bridge the gap between CMS users and security by providing them with a sense of understanding of the security implications around the way their CMS is implemented. Additionally, the solution also helps in mitigating these security risks and provides an insight on what kind of exploits can harm the website and how. Further research could focus on developing more advanced security plugins or extensions for CMS-based sites, identifying the most common types of vulnerabilities across different versions and configurations of CMS-based websites, and exploring the efficacy of various cybersecurity measures for addressing CMS-related security risks. This paper contributes to the growing body of the latest research and literature on CMS security and provides a command line-based tool as a solution for securing web CMS. Overall, this security analysis can aid in improving the overall security posture of CMS-based websites and reducing instances of cyberattacks targeting these platforms.
Keywords: Web Application Security, Content Management Systems, WordPress, Drupal, Joomla, Reconnaissance, ExploitDB, Vulnerability Assessment.