There are many open-source content management systems out there with the three most popular being WordPress, Drupal and Joomla. All three are favoured by many users but have different security considerations and this should be kept in mind. In this instance we will not be looking at CMS’ that run on ASP.NET frameworks.
Drupal is often seen as one of the more powerful and flexible systems and is more technical in nature and therefore used more by professionals. This CMS is also one of the best for security as its approach is much more modular and so there are fewer opportunities for bugs to be introduced. Although Drupal has very few core vulnerabilities, many users prefer systems that are easier to use and therefore go somewhere else.
Ease of use probably plays a large role in why WordPress is the most popular open source CMS out there. Security wise, this system doesn’t fair as well as Drupal as it uses three times the amount of code and is therefore more vulnerable. This being said, in between 2010 and 2011, WordPress only had one single serious vulnerability which is extremely encouraging.
Joomla has tried to bridge the gap between Drupal and WordPress by incorporating ease of use with flexibility and power. Many believe that it is the most insecure of the three and is therefore the most unreliable system to use. It should however be noted that in between 2010 and 2011, Joomla did have many vulnerabilities but very few were of a serious nature.
When choosing the most secure open source CMS it would seem that there isn’t much between the three most popular. If this is the case, the best option would be to make your decision based on which system best fits your needs.