Analisis Perbandingan Keamanan CMS Wordpress Dan Joomla Dengan Konfigurasi Standar

Abstract

Since the industrial era 4.0, many organizations have chosen to switch to using Content Management Systems (CMS) to manage websites. This CMS makes it easy to create, design, and organize content without having to have programming knowledge. However, CMS is also vulnerable to cyber attacks such as XSS and SQL Injection. This study was conducted to analyze and evaluate vulnerabilities in WordPress and Joomla CMS through penetration testing and vulnerability scanning methods. The use of various tools such as OWASP ZAP, Burpsuite, Joomscan, WPScan, and Searchsploit were used to analyze these vulnerabilities. The results of the study showed that Joomla CMS with standard configuration did not show significant vulnerabilities, while in WordPress a stored type XSS vulnerability was found in the comment feature. Searchsploit also identified vulnerabilities in both CMSs originating from thirdparty plugins. The results of this study highlight the importance of strict input and configuration sanitation and regular maintenance on CMS to reduce the risk of exploitation.