January 13th, 2020
Nothing is infallible. The information provided here should hopefully grab your attention to the fact of why you should always be concerned about being vigilant with securing your content management system (CMS). It is essential to be on the lookout against the wide variety of threats against the CMS you use. Here are a few reasons why you should always be checking for vulnerabilities and updates for your CMS.
All CMS Systems Are Vulnerable
WordPress, Joomla, Drupal, and many other CMS systems are consistently vulnerable to attacks, and these vulnerabilities are becoming more frequent. You must always do your due diligence to ensure that your content is up to date and patched. There are a few things that all of these CMS have in common; PHP and MySql or MS SQL.
SQL Injections
SQL injections are a common occurrence. If you are not familiar, a SQL injection is when a hacker attempts to inject malicious code into your SQL database. Always keep a log of your errors as this will help you solve any issues that may occur, including if someone has hacked your application. Ensure that this log file is not accessible to an attacker via the web. If you are not sure how to do this, then hiring a developer to do this will help. Don’t just rely on the CMS support to provide this support or even help you with this because if they do this for anyone, chances are, they have helped hackers by providing the support and now the knowledge of how to obtain this information.
3rd Party Plugins
Many plugins developed today for your CMS may not have any kind of review or regulation safeguarding security. So before you choose one, make sure that they have security in mind. Check with your CMS support to determine if they are familiar with it and whether or not they think it is safe to use. Also, you should be using a plugin that does provide security for your CMS. After determining which you decide to use, contact their support as well regarding any third-party plugin, you wish to use. Hopefully, they will have knowledge of any security issues with the third-party plugin you want to use.
Stay Up To Date
It cannot be stressed enough (and as previously stated and reiterated) always ensure that your CMS, your plugins, and any other software utilized on your website is always up to date. Failing to do so can result in catastrophic issues, such as your site hacked, your site pointing to a website that could be embarrassing (i.e., a “you’ve been hacked by...” website, or an adult website), or even worse, customer data exposed (names, addresses, credit card information, etc.).
Subscribe To Content That Helps You Secure Your CMS
You should bookmark and subscribe to websites that review and monitor the CMS you use to be updated on any vulnerabilities and updates consistently. There are quite a few sites that do this. Ensure that you thoroughly research this and obtain all the information you need to keep up to date on the latest hacking news for your CMS.
Secure Your CMS
You should always secure any website you have. Whether you pay for an SSL solution or even utilize the free Let’s Encrypt version, a secure site is a lot better than a non-secure site.
Permissions And Security
Do not tip off any hackers about any kind of information about your CMS. In other words, never let anyone know what CMS you are using. If your site currently states what CMS you are using, remove this information right away. Also, change the administrative user name to your CMS to something different and ensure that you are using a strong password.
Conclusion
You should always follow your CMS guidelines to ensure the best security practices. However, you should also go above and beyond to prevent SQL injections, using safe and secure third-party plugins, ensure your website is secured with an SSL, changing your CMS administrative user name and use a strong password. Lastly, make sure you subscribe to all content that keeps you up to date with the latest information regarding security and updates.
If you have any questions or concerns regarding this blog, feel free to contact us.