Open source or proprietary CMS?

Monday, 19th October 2015

What are the key differences that might affect your business website?

What are the key differences that might affect your business website?

When commissioning a website, there is a plethora of choice around the system, or software, that the site is built on. These platforms are generally considered as falling into one of two camps – Open Source or proprietary. Open Source systems have freely available source code that anybody can use, copy, modify, and sell their services in doing so. Proprietary software is classified by the opposite characteristics – these are commercial systems that range from being completely bespoke code for a specific client, to re-usable productised platforms adapted to numerous clients, often specific to a certain industry or type of business.

So how do you choose which is right for your website needs? As ever, this is not a straightforward question, and will depend on your current circumstances, what you’re seeking to achieve in the future and the amount of resource and indeed effort you have available. However, forearming yourself with some basic knowledge of the key differentiators will make life easier:


In business, the level of support a supplier can provide can be a critical aspect of choosing whether to work with them. When it comes to complex and business critical items, having the correct back-up is essential. This is no less true for websites – it’s no good a multi national ecommerce site going offline and potentially losing thousands of pounds in sales.  However, a blog about sightings of Elvis with a handful of subscribers not being available at 3am is a different scale of issue.

The main difference in available support is the business models of both types of cms. Open source applications are supported by communities of developers, who share ideas and help to grow and improve the platform quite organically.  As well as individuals creating websites, many agencies will also use open source platforms, employing developers with a great deal of knowledge of a specific platform.  However, these platforms are often vast – Drupal’s core has nearly 750,000 lines of code(1) – so it is unlikely you could cover every base no matter how experienced your team.

On the other hand, proprietary systems are built by a business, and usually for a specific market segment or industry. They tend not to try and serve everybody and every application and will be developed and improved over time. Ultimately, a proprietary vendor has to offer clients and users fast and efficient support, as that is what their reputation is built on. The platform is a product of a business and a business needs to serve its customers to survive. Sometimes you just need to be sure that there is someone at the end of the phone who can be responsive.


There have been some very public and widely reported security breaches on certain popular open source projects. This is particularly the case for websites that are not kept up to date with the latest patches and updates – an essential aspect of support that is often overlooked once your website is up and running. The reason for these breaches is two-fold. Firstly the key players in the open source field account for a huge number of websites, indeed WordPress powers nearly a quarter of the internet(2), so if you’re going to look for an exploit you’re more likely to look for one that will allow you access to a greater share of the market.  Secondly, due to its open nature, anyone can see the source code and look for exploits. Of course the opposite argument is often made that the communities and supporters of the platforms will be more likely to notice bugs and security holes and patch them before they’re exploited.

Another essential consideration is third party vulnerabilities(3). Within a proprietary system there may indeed be communications to external applications, Google Maps or Facebook for instance. If a proprietary system has these integrations, then the creator of the system will expect to keep them up to date as routine maintenance of the core platform. Open source systems can have massively expandable functionality through the use of third party plug-ins. However, each plug-in that is used can represent a potential entry point to your website by unscrupulous types. It is essential therefore to take as much care over selection of third party plug-ins as the core platform itself, to ensure that they are secure, regularly updated and maintained.

Closed systems, on the other hand, tend to be used by a smaller number of websites and their source code is less accessible. Sometimes though, bugs and holes can lie dormant in the code for a long time with no one noticing, as no one has tried to get in. That doesn’t mean that they never have breaches; it’s just that they tend to be less public and also in the utmost interest of the systems’ creator to clean up quickly and efficiently – they are a business after all.

So, much as with the question of support, security isn’t a clear cut issue. There are benefits to the community way of doing things, but on the flip side there is assurance to be gained from the business way.

Realnet have found that for open source based websites (such as this WordPress blog) it’s essential they are hosted on a dedicated server (usually cloud based). They’re so vulnerable to secruity breaches that a breach on one site can easily cross over to other sites on the same server. It’s also easier to restore a breached website when it’s the only site on a server.

Flexibility & portability

This is where we have a big myth to dispel. Proponents of open source platforms often cite the ease of moving to a different supplier if relationships break down, due to the larger pool of agencies working with a particular CMS.

For a simple website, moving suppliers may be a fairly hassle free task.  However, for a non-trivial website, regardless of whether the CMS is open or proprietary, the reality is never so simple.

Transferring a larger site can be a tricky business. The site may have specific aspects of functionality that have been modified or adapted, as well as custom or bespoke code. There will also have been a lot of knowledge invested by the team that built the site in the first place. Now not every developer will do things in the same way, or approach a challenge in the same way. Indeed, there may be fundamental differences of opinion even down to the basics of how a site is constructed  In the hands of a different development team there might be a strong desire and even a strong business case, to rip up large parts of the site and start again.

Regardless of portability in a specific CMS, the important aspect that you need to consider is the transferability of your site’s data – a different kettle of fish to transferring the site in its entirety. You may wish to move to a completely different CMS in the future; the internet moves quickly after all. Whether your site has an open source or proprietary CMS, you need to understand how to extract your data, should the need or desire arise.


Cost comparisons are no doubt difficult to make in broad strokes. Open source communities have a strong concept of freedom and the platforms are often associated with being the ‘cheaper’ option. However, this is not necessarily as it appears and ‘free’ does not come without associated costs.

When instructing an agency to build your website, you’re ultimately paying for the time they take to do so.  Whether they use a productised proprietary platform, or a ‘free’ open source platform, someone still has to put the thing together. On either type of platform, you also need to consider what is available ‘out of the box’, and how much customisation is required. This may mean bespoke code on a proprietary system, or paying for, and paying again to configure, plug-ins on an open source system.

You will also need to figure into your costs ongoing maintenance. Both types of systems will have scheduled updates and unscheduled patches and it is essential that these are applied to maintain security. As well as this you need to consider your hosting arrangements. The ongoing maintenance to host, secure, upgrade and generally support a free software platform is no more free than the time and expertise you purchased to build your website initially.

Ease of use

An Open Source system is usually designed to be all things to all people. They need to have lots of different features so they can cover all bases. This can make them feature rich, but hard to use. For example, Magento is a big open source e-commerce platform, but needs a day training course to learn how to use it.

Open Source systems are developed by programmers scattered all over the world. This makes it harder for them to have a single purpose, or retain a clarity of vision to ensure the platform remains clean and easy to use. The user experience can suffer.

A proprietory system is normally designed for a more specific purpose and managed by one company, so the system can remain clean and easy-to-use. It’s the owner company’s sole purpose, so it has to be the best in it’s market place. It’s also much easier to release major updates or re-write the underlying code, so the product tends to leap forward.

Generally speaking, from experience, paid for software is usually better and easier to use than comparitive free software.

Which is best for me?

Ultimately your choice of platform type should be made according to your specific needs & requirements.  There are benefits to both open source and proprietary and if you understand the differences it will be easier to make the correct decision to suit your particular situation. Hopefully this article has helped you do that.  Remember, you need to be thinking longer-term and what your needs and costs are going to be into the future.

What really matters is which specific CMS best fits with how you work and what you’re trying to achieve.  You could end up spending a lot of time and money making ‘free’ fit with what you’re trying to do, without really solving your problem. You could also spend a lot of time and money on a ‘paid for’ system, without really solving your problem.

So it’s not really a question of open vs proprietary, but rather which platform (and don’t forget support systems) best suit the requirements of your business and the particular issues you are trying to solve.