The most common security issue with PHP-powered websites, such as those built in Wordpress or Drupal, is SQL injection. Apostrophe's choice of a non-SQL database with an API design that does not mix commands and data makes this type of attack impossible.
Apostrophe's login mechanism is based on correctly hashed and salted passwords, stored in a separate database "collection" so that there is no possibility of accidental exposure when displaying information about users in a routine way.
On an end user level, Apostrophe offers the ability to secure pages or entire portions of the site so that only certain users or groups of users can edit or view that content.
For more information, see our security page.
No. Node.js was released in mid-2009. In the past eight years it has matured into a stable platform used in production by many major companies, including Netflix, PayPal, Medium, LinkedIn, Uber and the New York Times, among many others.
Apostrophe supports the oEmbed standard, an open standard for embedding third-party services. This allows Apostrophe's video and embed widgets to accommodate most integrations you'll want to handle.
The great majority of other services offer a "generic embed code" that can be added to page templates or, if you choose to enable it, pasted into our raw HTML widget.
Since it is built on Node.js, Apostrophe is also a great starting point for integrating with third party APIs to build richer experiences.