608-758-4841 Request Quote GO

Wordpress VS DNN - CMS Comparison

In 2003, Shaun Walker released DotNetNuke (now known as DNN), an open source Content Management System (CMS) built on Microsoft’s .NET Framework.

DNN was originally called IBuySpy Workshop, which Walker created in 2002. IBuySpy Workshop was developed using IBuySpy Portal, an open source project that Microsoft released with .NET Framework 1.0 to encourage developers to adopt .NET.

Also in 2003, Matt Mullenweg and Mike Little created WordPress. An open source CMS based on the PHP programming language, WordPress was created by Mullenweg and Little as a fork of b2 cafelog, a blogging platform created by Michel Valdrighi.

Contact Us To Learn More

Our Approach with this Comparison

Weighing the pros and cons of competitive software offerings can be contentious, even for freely available, open source software. Proponents of either camp can dig in their heels and things can devolve from reasoned conversation to religious arguments.

Just like Linux vs. Windows, C# vs. PHP or coffee vs. tea, there’s often no clear cut, black-and-white answer.

You may have arrived at this post to satisfy an informational need or to decide which CMS to use. Our approach is not to be declarative, but to provide deep, yet balanced information to help you answer a question or make a decision.

Our team has worked on hundreds of DNN and WordPress sites. The perspectives shared in this post are based on our hands-on experiences working with both systems.

High-Level Comparison

While DNN and WordPress share similarities, the technology stacks and programming languages they use are quite different. If your decision on CMS software is dependent on the underlying technology, then the decision is straightforward.

Here are scenarios where your decision is dictated on the underlying technology (e.g. Windows/.NET vs. LAMP [Linux, Apache, MySQL and PHP]):

  1. You’ve standardized your infrastructure on it
  2. Your internal IT guidelines or mandates require it
  3. Your resources (developers, administrators, etc.) are specifically trained to support it
  4. Your ecosystem (suppliers, partners, re-sellers, etc.) require it

If your decision is independent of technology stack, then read on -- we’ll take you through some application-level comparisons.

Here’s the 10,000 foot view of these CMS systems:
DNN WordPress
Founded 2003 2003
Founder Shaun Walker Matt Mullenweg, Mike Little
Commercial Entity DNN Corp. Automattic, Inc.
Language C# PHP
Operating System Windows/.NET Linux (most common)
Database SQL Server MySQL
Latest Version 9.x (2018) 5.x (2018)
Third Party Software DNN Store WordPress Plugins
Ecosystem Hosting, Agencies, Developers, Integrators, etc. Hosting, Agencies, Developers, Integrators, etc.

Comparison by Capability

When comparing Content Management Systems, there’s a nearly endless set of criteria to evaluate: performance, SEO, ecosystem, editing, taxonomy, extensibility, etc. In this post, we’ll compare capabilities most commonly asked about by our customers:

  • Permissions
  • Security
  • Themes & Administration

DNN vs. WordPress: Permissions

DNN and WordPress ship with a set of built-in user roles. The CMS utilizes user roles to apply permissions to a group of users (i.e., all users assigned to a user role).

Both DNN and WordPress have default permissions settings that determine actions enabled or disabled by each user role. The built-in user roles are:

WordPress

Administrator
Editor
Author
Contributor
Subscriber

DNN

Administrator
All Users
Registered Users

While the approaches look quite similar to start, things diverge from here.

Have CMS Permission Questions?

Permissions in DNN

In DNN, granular permissions and custom user roles are supported in the core CMS; those features are not part of the WordPress core -- they’re provided by third party plugins.

In DNN, permissions can be applied at many levels: site, folder and page, as well as individual modules on individual pages.

For DNN, the advantages of having granular permissions supported in the core:
  • Ability to view the source code
  • No dependency on third party vendors
  • Consistent administration vs. learning to use different plugins
The DNN Documentation Center is a website with documentation on the DNN CMS. View these pages for more information on user roles and permissions management:
  • How to create a custom user role
  • How to assign users to a role
  • How to configure page permissions: proceed to Step 4 on this guide to creating a page.

Permissions in WordPress

WordPress has a similar structure to managing permissions; however, features such as granular permissions and custom user roles are not part of the WordPress core. Instead, third party plugins can be downloaded to provide these capabilities.

The website WPBeginner provides a good introduction to user roles and permissions in WordPress. The post outlines how to customize existing user roles and create custom user roles in WordPress using the Capability Manager Enhanced plugin from Jordi Canals and Kevin Behrens.

Other plugins that provide extended permissions and user role capabilities include:
  • Members by Justin Tadlock
  • User Role Editor by Vladimir Garagulya
  • Advanced Access Manager by Vasyl Martyniuk
  • WPFront User Role Editor by Syam Mohan

As with all third party software, we recommend you evaluate the plugins’ reviews, number of active installations and last update date. Get suggestions from colleagues, partners or peers with first-hand experience using particular plugins.

DNN vs. WordPress: Permissions (Conclusion)

If you have a relatively simple site with a small number of users and user roles, both DNN and WordPress work well.

For complex sites with 20+ users actively managing content, with custom user roles and the need to manage granular permissions across folders, pages and modules/plugins, we prefer DNN, since all of the needed capabilities are built into the core CMS.

To manage permissions on a specific module on a page, you edit the module properties and set permissions accordingly. This is done the same way for any module in use. On a WordPress site, permissions are set in the plugin administration menus and can vary widely from plugin to plugin.

DNN vs. WordPress: Security

A comparison of security between software systems can be qualitative rather than quantitative: anecdotal experience and opinion factor into the equation to a large degree. That’s no different in comparing the security of DNN vs. WordPress.

In this section, we’ll defer on recommending one CMS over the other on the basis of security; instead, we’ll point out a few things for you to take into consideration.

WordPress: Popularity Makes it a Common Target

In their Introduction to WordPress Security, Sucuri writes:

“Recent statistics show that over 28% of website administrators across the web use WordPress. Its popularity comes at a price; often targeted by malicious hackers and spammers who seek to leverage insecure websites to their advantage.”

The most common entry point for malicious hackers is to find exploits in popular third party plugins. If an exploit can be used to gain unauthorized entry to a site, hackers can scan websites to see if they’re running WordPress.

From there, they can attempt to leverage the exploit. If the site is running a version of the plugin containing the vulnerability, it (i.e., the site) can be hacked.

A similar exposure exists for DNN, since it has an ecosystem of third party modules and themes. In the past few years, DNN websites have been hacked via vulnerabilities in third party DNN modules.

However, there are fewer modules in existence and far fewer sites running DNN. As a result, hackers spend most of their time against the number one target: WordPress.

Ryan Moore, owner of The Moore Creative Company, has experience managing DNN and WordPress sites. According to Ryan, “With such a large base of implementations, WordPress is the largest target for hackers and bots. Unfortunately, we have experienced that when installed, it is not a question of if the site will get hacked, but rather how soon it gets hacked.”

Security in the Core CMS

In addition to third party plugins and modules, another entry point for hackers is the core CMS itself. Security vulnerabilities have been discovered in the core platforms for both DNN and WordPress.

David Poindexter is CEO of nvisionative. David and team build sites primarily on DNN, but have executed many client projects using WordPress as well. Recently, David wrote about a security issue in the WordPress core.

David notes that via the REST API, “an out-of-box implementation of WordPress 4.7 will expose a list of all USERS via anonymous access, including each user’s name, username, Gravatar link and other associated metadata.”

David continues, “This information can be exposed to and enumerated by both humans and BOTs to harvest sensitive information. With this information in hand, brute-force attacks can be made against the website to gain unauthorized access.”

While some may call this issue a security vulnerability, the official response from the WordPress team is that it’s the expected behavior. In a thread on the WP-API GitHub page, a member of the WordPress API team writes:

"Usernames are already exposed through themes, RSS feeds, etc, and we do not consider them a security issue. You can install a third-party plugin if you would like to limit access to this data."

We don’t agree with this approach to web security; while we wouldn’t block a client’s choice to use WordPress on the basis of this API “opening,” we would advise clients to use whatever means necessary to limit access to their sites’ user data.