Wordpress VS DNN - CMS Comparison

In 2003, Shaun Walker released DotNetNuke (now known as DNN), an open source Content Management System (CMS) built on Microsoft’s .NET Framework.

DNN was originally called IBuySpy Workshop, which Walker created in 2002. IBuySpy Workshop was developed using IBuySpy Portal, an open source project that Microsoft released with .NET Framework 1.0 to encourage developers to adopt .NET.

Also in 2003, Matt Mullenweg and Mike Little created WordPress. An open source CMS based on the PHP programming language, WordPress was created by Mullenweg and Little as a fork of b2 cafelog, a blogging platform created by Michel Valdrighi.

Our Approach with this Comparison

Weighing the pros and cons of competitive software offerings can be contentious, even for freely available, open source software. Proponents of either camp can dig in their heels and things can devolve from reasoned conversation to religious arguments.

Just like Linux vs. Windows, C# vs. PHP or coffee vs. tea, there’s often no clear cut, black-and-white answer.

You may have arrived at this post to satisfy an informational need or to decide which CMS to use. Our approach is not to be declarative, but to provide deep, yet balanced information to help you answer a question or make a decision.

Our team has worked on hundreds of DNN and WordPress sites. The perspectives shared in this post are based on our hands-on experiences working with both systems.

High-Level Comparison

While DNN and WordPress share similarities, the technology stacks and programming languages they use are quite different. If your decision on CMS software is dependent on the underlying technology, then the decision is straightforward.

Here are scenarios where your decision is dictated on the underlying technology (e.g. Windows/.NET vs. LAMP [Linux, Apache, MySQL and PHP]):

You’ve standardized your infrastructure on it
Your internal IT guidelines or mandates require it
Your resources (developers, administrators, etc.) are specifically trained to support it
Your ecosystem (suppliers, partners, re-sellers, etc.) require it

If your decision is independent of technology stack, then read on -- we’ll take you through some application-level comparisons.

Here’s the 10,000 foot view of these CMS systems:

	DNN	WordPress
Founded	2003	2003
Founder	Shaun Walker	Matt Mullenweg, Mike Little
Commercial Entity	DNN Corp.	Automattic, Inc.
Language	C#	PHP
Operating System	Windows/.NET	Linux (most common)
Database	SQL Server	MySQL
Latest Version	9.x (2018)	5.x (2018)
Third Party Software	DNN Store	WordPress Plugins
Ecosystem	Hosting, Agencies, Developers, Integrators, etc.	Hosting, Agencies, Developers, Integrators, etc.

Comparison by Capability

When comparing Content Management Systems, there’s a nearly endless set of criteria to evaluate: performance, SEO, ecosystem, editing, taxonomy, extensibility, etc. In this post, we’ll compare capabilities most commonly asked about by our customers:

Permissions
Security
Themes & Administration

DNN vs. WordPress: Permissions

DNN and WordPress ship with a set of built-in user roles. The CMS utilizes user roles to apply permissions to a group of users (i.e., all users assigned to a user role).

Both DNN and WordPress have default permissions settings that determine actions enabled or disabled by each user role. The built-in user roles are:

WordPress

Administrator
Editor
Author
Contributor
Subscriber

DNN

Administrator
All Users
Registered Users

While the approaches look quite similar to start, things diverge from here.

Have CMS Permission Questions?

Permissions in DNN

In DNN, granular permissions and custom user roles are supported in the core CMS; those features are not part of the WordPress core -- they’re provided by third party plugins.

In DNN, permissions can be applied at many levels: site, folder and page, as well as individual modules on individual pages.

For DNN, the advantages of having granular permissions supported in the core:

Ability to view the source code
No dependency on third party vendors
Consistent administration vs. learning to use different plugins

The DNN Documentation Center is a website with documentation on the DNN CMS. View these pages for more information on user roles and permissions management:

How to create a custom user role
How to assign users to a role
How to configure page permissions: proceed to Step 4 on this guide to creating a page.

Permissions in WordPress

WordPress has a similar structure to managing permissions; however, features such as granular permissions and custom user roles are not part of the WordPress core. Instead, third party plugins can be downloaded to provide these capabilities.

The website WPBeginner provides a good introduction to user roles and permissions in WordPress. The post outlines how to customize existing user roles and create custom user roles in WordPress using the Capability Manager Enhanced plugin from Jordi Canals and Kevin Behrens.

Other plugins that provide extended permissions and user role capabilities include:

Members by Justin Tadlock
User Role Editor by Vladimir Garagulya
Advanced Access Manager by Vasyl Martyniuk
WPFront User Role Editor by Syam Mohan

As with all third party software, we recommend you evaluate the plugins’ reviews, number of active installations and last update date. Get suggestions from colleagues, partners or peers with first-hand experience using particular plugins.

DNN vs. WordPress: Permissions (Conclusion)

If you have a relatively simple site with a small number of users and user roles, both DNN and WordPress work well.

For complex sites with 20+ users actively managing content, with custom user roles and the need to manage granular permissions across folders, pages and modules/plugins, we prefer DNN, since all of the needed capabilities are built into the core CMS.

To manage permissions on a specific module on a page, you edit the module properties and set permissions accordingly. This is done the same way for any module in use. On a WordPress site, permissions are set in the plugin administration menus and can vary widely from plugin to plugin.

DNN vs. WordPress: Security

A comparison of security between software systems can be qualitative rather than quantitative: anecdotal experience and opinion factor into the equation to a large degree. That’s no different in comparing the security of DNN vs. WordPress.

In this section, we’ll defer on recommending one CMS over the other on the basis of security; instead, we’ll point out a few things for you to take into consideration.

WordPress: Popularity Makes it a Common Target

In their Introduction to WordPress Security, Sucuri writes:

“Recent statistics show that over 28% of website administrators across the web use WordPress. Its popularity comes at a price; often targeted by malicious hackers and spammers who seek to leverage insecure websites to their advantage.”

The most common entry point for malicious hackers is to find exploits in popular third party plugins. If an exploit can be used to gain unauthorized entry to a site, hackers can scan websites to see if they’re running WordPress.

From there, they can attempt to leverage the exploit. If the site is running a version of the plugin containing the vulnerability, it (i.e., the site) can be hacked.

A similar exposure exists for DNN, since it has an ecosystem of third party modules and themes. In the past few years, DNN websites have been hacked via vulnerabilities in third party DNN modules.

However, there are fewer modules in existence and far fewer sites running DNN. As a result, hackers spend most of their time against the number one target: WordPress.

Ryan Moore, owner of The Moore Creative Company, has experience managing DNN and WordPress sites. According to Ryan, “With such a large base of implementations, WordPress is the largest target for hackers and bots. Unfortunately, we have experienced that when installed, it is not a question of if the site will get hacked, but rather how soon it gets hacked.”

Security in the Core CMS

In addition to third party plugins and modules, another entry point for hackers is the core CMS itself. Security vulnerabilities have been discovered in the core platforms for both DNN and WordPress.

David Poindexter is CEO of nvisionative. David and team build sites primarily on DNN, but have executed many client projects using WordPress as well. Recently, David wrote about a security issue in the WordPress core.

David notes that via the REST API, “an out-of-box implementation of WordPress 4.7 will expose a list of all USERS via anonymous access, including each user’s name, username, Gravatar link and other associated metadata.”

David continues, “This information can be exposed to and enumerated by both humans and BOTs to harvest sensitive information. With this information in hand, brute-force attacks can be made against the website to gain unauthorized access.”

While some may call this issue a security vulnerability, the official response from the WordPress team is that it’s the expected behavior. In a thread on the WP-API GitHub page, a member of the WordPress API team writes:

"Usernames are already exposed through themes, RSS feeds, etc, and we do not consider them a security issue. You can install a third-party plugin if you would like to limit access to this data."

We don’t agree with this approach to web security; while we wouldn’t block a client’s choice to use WordPress on the basis of this API “opening,” we would advise clients to use whatever means necessary to limit access to their sites’ user data.

DNN vs. WordPress: Themes & Administration

DNN and WordPress take vastly different approaches with themes:

In DNN, themes focus on styling and visual appearance, with little to no functionality. Features are handled by the CMS core, or in custom and third party modules.
In WordPress, themes handle styling and visual appearance, but have a lot of associated functionality built in.

Still Not Sure About Themes?

In a DNN Theme

In DNN, a theme (formerly called a “skin”) consists of:

One or more layout templates (HTML or ASCX)
A style sheet (CSS) for each of the layout templates [optional]
A master style sheet (CSS) for all the layout templates [optional]

Source: https://www.dnnsoftware.com/docs/designers/about-themes.html

In a WordPress Theme

In WordPress, a theme consists of two files (at a minimum): style.css and index.php. These files reside in the Theme directory. That directory may contain related template files, which handle the header, sidebar, footer, content, categories, archives, search, error and more.

Here at Foremost Media, we manage client sites via the core elements of the DNN CMS, along with a selected set of third party modules. Some of our most commonly used modules are:

DMX (free)
EasyDNNgallery (paid)
Ventrian News Articles (free)

In WordPress, a lot of content management and functionality is built into the theme. For example, one popular WordPress theme includes these capabilities:

In-line Editing
Draggable Widths
Customizable UI
Instant Content
Responsive Editing

Management of DNN sites involves capabilities of the core CMS, along with a defined set of third party modules. Management of WordPress sites, on the other hand, is intimately tied to the selected themes.

The Challenge

With 10,000+ themes available in WordPress, there’s a lot of variety in how sites are managed.

The Moore Creative Company’s Ryan Moore explains how DNN theme developers incorporate functionality: according to Ryan, “For developers who want to combine functionality with a theme, they’ll release an accompanying module. The module helps modify the theme files and adds new functionality to the theme for management and customization.”

Aaron Jach, a project manager on the Foremost Media team, has experience developing and managing sites on both DNN and WordPress. When Aaron inherits the management of a new site, he prefers DNN sites, since the structure and conventions are more deterministic.

According to Aaron, “I prefer the structure of DNN sites, since I know precisely where to go to look for something or modify it. With WordPress, it takes me a lot longer to figure out what’s going on and where things are. I need to understand the capabilities of the site’s WordPress theme and get up to speed on how to use it.”

One benefit of WordPress, according to Aaron, is that it’s easier for non-technical users to apply a theme to a site.

DNN vs. WordPress: Themes & Administration (Conclusion)

The Foremost Media team prefers the separation of styling and functionality that DNN provides. By keeping the styling in themes and the functionality in modules, it’s easier for our team to manage and administer DNN sites.

With WordPress, there are over 10,000 themes to choose from. On the one hand, having so much choice is a benefit. On the other hand, it can be time-consuming to find a theme that offers the features you need and is free of bugs and security vulnerabilities.

Our understanding is that the majority of themes available in the WordPress ecosystem are not vetted by third party developers or security professionals. Before making a final decision on a WordPress theme, we recommend that you talk to peers (i.e., who have hands-on experience with that theme) or consult with a professional web design agency.

Conclusion

There’s not a single CMS that’s the right fit for every scenario. The work we’ve done at Foremost Media has been with DNN and WordPress. Both CMS’ are quite good and we know that there are lots of other great options out there.

If you’re looking to choose between DNN and WordPress, we hope this post gave you useful insights to help with your decision.

With a team of DNN and WordPress experts, we’re happy to help. If you have questions on the right CMS for your project, or if you want to learn more about the services we provide, fill out this contact form and a Foremost Media team member will be in touch shortly.

What are my next Steps?

If your current website is costing your company money instead of making money, let the Web marketing experts at Foremost Media take your website to the next level, contact us or learn more with these options below.