Rating the Security of the 2016 Presidential Candidates' Websites
Ranked in the No. 2 spot behind Trump among the best security for presidential Websites is tedcruz.org. The Cruz campaign Website, like the Trump site, also uses CloudFlare for DDoS and WAF protection. Instead of using Drupal, the Cruz campaign makes use of the open-source WordPress content management system. While Trump's Drupal site hides its administrative interface, the Cruz Website has left its administrative portal somewhat exposed, which could represent a potential risk. It's also easy to determine the specific WordPress template theme, Kleo, that Cruz is using. "So, for an attacker, it's just a matter of waiting for a vulnerability to come along," Heid said. On the Democrat side, Heid ranks the berniesanders.com campaign Website ahead of the hillaryclinton.com site, though both are behind the Trump and Cruz sites in terms of overall security. Sanders uses CloudFlare security and the WordPress CMS. As was the case with Cruz, the Sanders site had not properly hidden its administrative page. The Clinton Website, unlike those built by Cruz or Sanders, does not use an open-source CMS, but rather, it is custom built. The fact that Clinton isn't using an open-source platform doesn't necessarily make her site less secure, but it does raise some concerns.With a commodity CMS, such as the open-source Drupal and WordPress applications, large communities of people are constantly looking for security issues and making it better, Heid said. "With a custom CMS, you're just hoping that the developers have crossed all the t's and dotted all the i's." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
"If the open-source CMS is configured properly and hardened, the only way you'll get hit is by a really potent zero-day," Heid said. "With a custom site, there are way more moving parts that need to be double-checked."