Skip To Main Content
Are Open Source Websites Safe?
Andrew Martin

Some of the most common questions we get asked by schools include: Are open source websites safe and why should our school choose Finalsite over an open source solution?

They're valid questions, really.

Choosing a website provider is one of the most important decisions you can make for your school. However, if we believed open source was truly the best answer for schools, we would have built our system with an open source platform.

While we’ve written about the risks of open source platforms like WordPress, Drupal, and others before, we want to focus on one particular aspect of these options: security

Before we examine the security considerations of an open source solution, let’s take a closer look at open source as a whole, what it can provide, and why more than 2,200 schools around the world have chosen Finalsite as their provider.

What is open source?

It’s easy to get ahead of ourselves and assume everyone knows what an open source website means, or how it differs from other solutions available when building a website. Open source websites are developed on the backbone of completely open source software that’s written by individuals or groups of people. 

“Open source is really counter to the original idea of software,” explained Finalsite’s Rob Rawcliffe in a Tech Tuesday episode. "Essentially, open source is open — anybody can write it, anybody can point out bugs, and then somebody has the ability to go in there and fix it."

“Essentially, open source is open — anybody can write it, anybody can point out bugs, and then somebody has the ability to go in there and fix it.” ROB RAWCLIFFE

These options can be low-cost and often feature an array of fully customizable plug-ins to add extra functionality to a website. In fact, it’s this mixture of low cost and customization that makes open source websites appealing to so many schools when they first start looking for a new provider. But that low price tag is deceptive and comes with a whole host of problems. 

And that leads us to an important question: is open source a safe solution for schools?


The biggest problem with open source websites

For developers around the world, one of the biggest draws of open source software and websites is that they’re built collaboratively. It’s a noble concept, but it’s also one of the biggest problems for open source websites.

Since everybody is free to dig deep into the coding and develop these platforms, it also means that everybody is free to exploit all sorts of bugs and errors. And with a larger pool of people working on a platform, it’s inevitable people will use these oversights and loopholes for their own gain, or just to cause mayhem. 

It’s a common occurrence — just recently, multiple serious vulnerabilities were found in the Jupiter WordPress theme, affecting sites around the world.

Website Redesign Playbook

The rise of website attacks and security threats

With large amounts of critical data at stake, school websites have been at the center of a major spike in website hacks, especially since the start of the pandemic. While staff members are preoccupied with COVID protocols and focused on learning loss, teacher shortages, and political divides, security just isn’t a priority, despite cybercrime becoming a growing risk for schools.

There are nearly a dozen types of common website hacks that schools can face, and each can cost your school or district potentially thousands or millions of dollars, depending on the severity. While open source platforms see more cyber-attacks and more malicious code being published than any proprietary platform, no platform is safe from hacking attempts.

Read More: Lessons Learned from a Global Ransomware Attack

To put it into perspective, in late 2021, 11.6 million WordPress sites were hit with 13.7 million attacks in just a 36-hour period. Those are huge numbers, but we typically see the same types of attacks threatening schools. The five most common website hacks that affect school websites are:

  • DDoS Attack - when attackers send more requests to a webpage than the server can handle, which overwhelms and crashes server
  • Phishing - when a hacker sends emails to individuals to obtain personal information
  • Malware and Ransomware - an umbrella term for malicious software, usually installed without someone ever realizing it by simply clicking on a link or opening a program
  • Brute Force Attack - when a hacker uses different password hacking tools to crack the login of users to gain access to their account
  • Non-Targeted Website Attacks - when hackers target a CMS, plugin, or template

When you’re using an open source website and you fall victim to any one of these types of attacks, you’re often on your own. There’s no company that’s got your back, and there’s no one there to make sure your school’s information is safe and secure before, during, and after an attack. 

That’s why more schools have chosen Finalsite as their provider than any other in the industry. All of our websites are hosted using Google Cloud Hosting, which is fully encrypted and kept up-to-date on all certifications and compliance requirements. And after moving to Google hosting, the Finalsite platform had an uptime of 99.999% in 2021.

And to add to that, Finalsite’s website platform and communications software come with industry-leading support; award-winning website designs and options for extensive customization; consistent product development and updates; premium pricing; and integrations with the best available third-party software. 

You simply can’t get that peace of mind through any open source platform.

screenshot of woodland school

Keep Reading: Learn why Woodland School switched from WordPress to Finalsite. 

Common misconceptions about open source websites

Open source websites are less expensive

One of the biggest misconceptions people have about open source websites is that they’re cheaper than a trusted website provider. While that may be true in certain circumstances, falling victim to any kind of cyber attack often comes with a heavy price. Cyber attacks alone may have cost educational institutions more than $6 billion in 2020

A free platform is an enticing option, especially when you really need to cut costs. Plus, the lack of licenses or maintenance fees makes it even more appealing. But to put it bluntly, the cost of an open source platform is incredibly deceptive. 

Choosing an open source platform essentially means you’re giving your website to anonymous programmers who have complete access to your school website's source code, letting them do whatever they wish with the information. This is great when developing a website, but it’s not so great when it comes to defending your website against attackers.

Widgets allow for more customization

To truly take advantage of everything an open source platform has to offer, you need to install extra widgets and elements, but threats are compounded whenever widgets or other extensions are installed on a website. 

While these extra plug-ins offer some conveniences, it’s also a double-edged sword because they also come with numerous drawbacks, such as increased security risks, extended load times, and issues with updates. Many add-ons also never go through a review phase and are completely vulnerable to cyber-attacks, essentially serving as a back door leading directly to your website’s most sensitive information. To put that into perspective, more than 90 percent of all WordPress security vulnerabilities are found in WordPress plugins and themes.

Since open source platforms are often not regulated or monitored by a company that’s backing them, you won’t have a security or support team ready to fight back against hackers. That leaves you alone to deal with any outside threat to your school’s safety and privacy.

Support is easily available

The lack of support can already be frustrating when it comes to updating source code or installing and updating new plug-ins. This is only compounded if you have to deal with a cyber-attack on top of all your other daily website responsibilities. If your open source website ever does fall victim to an attack, there’s no support structure in place to help you with data recovery or to get your site up and running again after a cyber-attack. 

Key Takeaway

Educational websites have become a prime target for cyber-attacks in the past decade, and increasingly so since the pandemic. While open source platforms may be appropriate for small businesses or personal sites, they are deceptively problematic for schools and districts of all sizes. When it comes to protecting sensitive information while providing an accessible and mobile-friendly site, investing in a trusted website provider is the best solution for your school.

Meet With a Website Expert | Finalsite


As Finalsite’s Product Marketing Specialist, Andrew writes blogs and creates videos to share information about all the latest and greatest Finalsite products. Andrew has more than 10 years of video production experience and a journalism education from the University of South Carolina. He is excited about bringing his experience and expertise to Finalsite.

Explore More Recent Blogs

Subscribe to the Finalsite Blog

Love what you're reading? Join the 10k school marketers who get the newest best practices delivered to their inbox each week.

Request a FREE
website report card

Want feedback on your school or district's site? Get a free website report card, generated by an in-house website expert, sent right to your inbox.