I was tempted to write one line for this post and call it a day. That one line was this:

“There lies WordPress, motionless and bleeding on a dimly lit street.”

Alas, I must write a bit to explain for forgone conclusion. WordPress and DotNetNuke have built in users and roles. That’s about where the similarities end.

The title of this post could seem a bit misleading. I’m really just writing about users and user security, not the security of the frameworks themselves. I’m sure proponents of each framework would defend their champion like caged, rabid dogs, but I’ve had sites of each kind hacked. And, to be honest, I’m not a security expert. I have a couple tips to offer, though. For WordPress users, don’t ever have a user called Admin (the default first user upon install). If you have one, make a new one with a unique name, then delete the Admin user. DotNetNuke people, don’t use the default host account and admin account credentials. In fact, I would add my own of each if I were you, and disable or delete the others immediately after install. For both platforms, you can actually customize the default admin accounts during installation, and I highly recommend it.

Now, let’s start with the harsh reality for WordPress. User management along with security/permissions pretty much suck right out of the gate. I hate to say it, but it’s true. You’re limited to 5 or so roles within the framework, and you can’t add your own roles, group them, etc. You can’t create a custom set of role-based permissions for your site. Now, I’m sorry, but if you want to be called a CMS and play with the big boys, you can’t suck this much in such an important category. Have I overstated myself yet?

Think about this: With a default community edition of DotNetNuke, you can customize view and edit permissions right down to individual modules. The combination of what you can inherently with role-based and user-based permissions per page/module is incredible with DotNetNuke. Want to divide page content management over several groups within your organization? Easily done with DotNetNuke. Need a secure section of you site for sharing sensitive information with legal? Got it. You can actually create groups of roles for easy reference. DotNetNuke’s security model is highly scalable and customized right from the start.

Custom view and edit rights are among the most commonly desired features in today’s CMS market. DotNetNuke far and away takes the cake on this issue, IMHO. If you properly setup your user accounts and roles, you can make administration of a large portal or set of portals seamless. To get anywhere close to the type of security that you have with DotNetNuke takes some major code editing in WordPress with a host of confusing permissions. There are a few plugins that attempt to manage what can be seen/unseen by users and roles, but they don’t hold a candle to DotNetNuke..

Making a single page or module viewable/editable to a single person or a group of people in DNN is like taking candy from a baby. Secure directory? Private documents? Family section of site? Photo gallery access based on user group? No problem for DotNetNuke. The built-in user and security role management offered by DotNetNuke really beats the tar out of WordPress.

[box type=”tick” size=”large” style=”rounded”]Overall winner for Administration – DotNetNuke (by a landslide)[/box]