Get in touch

As you’ll probably know by now, our CMS of choice here at Studio Republic is MODX, a now well-established, but still relatively unknown platform that we’ve been using for over 6 years, since the early days of its release.

The safest and most secure CMS out there

One of the main reasons we prefer MODX over platforms such as Wordpress or Drupal is security.

The safest and most secure CMS out there

A major downside of using a larger CMS like Wordpress or Drupal is that the more popular you become as a platform, the bigger the target you paint on yourselves.

The safest and most secure CMS out there

We avoid Wordpress specifically for its numerous and persistent security issues, as we’re reluctant to let a system with so many vulnerabilities on our server, which hosts all of our clients’ sites.

The safest and most secure CMS out there

The CVE Index (Common Vulnerabilities and Exposures) is a database of known vulnerabilities in various platforms used across the internet today, keeping tracks on bugs as they’re found and submitted.

In total, Wordpress has had 906 entries into this list, with 85 just in 2015.
Joomla, another hugely popular CMS has had 915 entries, with 120 so far in 2015.
MODX? Total Entries, 28. With just 8 since 2014.


On another vulnerability tracking site, Secunia, the patterns are similar:The safest and most secure CMS out there

This is a clearly a huge difference in numbers. Obviously, the numbers of installations of MODX across the internet are much less than those of both Wordpress and Joomla, but there are other aspects which make the larger CMS’s easier targets.

The safest and most secure CMS out there

In many, particularly those that heavily use templates, the code that’s output when you view a page contain identifiers which let you easily identify what CMS or platform they’re built on.

The safest and most secure CMS out there

This allows hackers or potential attackers to quickly find what CMS you’re using, what version it’s running on and what plugins you’re using, along with their versions as well.

The safest and most secure CMS out there

Having so much information so readily available makes life far too easy for potential hackers.

On the other hand, MODX doesn’t inject any extra markup to a site, generating pure HTML, making it considerably harder to identify a MODX site from a site written in plain HTML from scratch.

The safest and most secure CMS out there

MODX also has another trick up its sleeve in the way it handles databases and queries. The big names in CMS, Wordpress, Joomla et al. all use MYSQL to create and maintain their databases.

While MODX does have databases built in MYSQL, the way they’re interacted with is very different. MODX uses a PHP extension called xPDO (open eXtensions to PDO (PDO refers to a database abstraction layer called PHP Data Objects).

The safest and most secure CMS out there

xPDO is a core part of MODX, and fundamental to the way it works. It behaves as a wrapper for the MYSQL database, sanitising queries before they can reach the database.

This means it’s considerably harder for potential attackers to inject malicious code into SQL queries (a very common cause of sites being hacked, known as SQL Injection).

By adding this extra layer of abstraction to the way the database is interacted with, we can ensure that our clients sites remain secure and well protected across the board.


Core updates to MODX often include updates to xPDO, bringing new levels of security each time a patch is applied.

The safest and most secure CMS out there

We offer maintenance contracts for our clients here at Studio Republic, upgrading MODX to the latest version each time a patch is released, at a cost of £240 per year, or, if clients would rather avoid an annual fee, we can install individual patches as they are released for £120.

The safest and most secure CMS out there

MODX releases around 4-6 patches a year, and we highly recommend keeping it up to date to ensure site security is the best it can be.


Get in touch today to find out more.