Go to top of page

Content Management System Health and Security

26 October 2015

Content Management Systems are widely used by website developers for its great functionality. WordPress, Joomla and Drupal are the most popular CMS today. However, Your CMS doesn’t get or stay secure by itself.

There are 10 things you can do to keep your CMS healthy and secure:
 

1. Regularly update or patch your CMS

The three most popular platforms’ providers release secure updates/patches regularly. And applying these updates/patches to your CMS will ensure that all the components are up to date and reduce the risk of website being compromised
 
 

2. Daily/Weekly backups for CMS and database

This will secure your website and your data. It’s strongly recommended for eCommerce/online store websites.
However, not all the hosting providers are offing automatic daily backup as part of the hosting package, normally it will bring extra charges.
 
 

3. Verify backups

CMS & database backups (daily/weekly/monthly backups) need to be verified regularly and ensure that they are not corrupted.

 

4. Delete/Change the default admin username

Most CMS is using “admin” as the default administrator account’s username and change it to something which is not easy to guess. This will make it a lot harder for hackers to get into your CMS via password guessing tools/scripts.

 

5. Use strong  CMS password

Use strong password which is at least 11 characters long with a combination of upper and lower cases, and also numerical characters and punctuation.

 

6. Change CMS passwords every a few months

Any password is breakable if it is never changed. Every 3-6 months, change the CMS passwords and it doesn’t match last 5 passwords

 

7. Subscribe to a regularly updated list of vulnerabilities for your CMS

It will notify you when the CMS provider releases a secure update and some of the updates may need to be applied immediately.

 

8. Control for the creation of new user accounts

Implement “Captcha” or similar function. And it may limit the use of automated account creation tools/scripts and associated automated posting of malicious contents.

 

9. Remove unused modules /plug-ins

Remove unused modules and associated files will reduce the risk of hackers take advantages of vulnerabilities which those unused modules/plug-ins may have.

 

10. Regularly check file permission/date of modified

Review web files regularly, file permission and date of modified may show incorrect information if file is compromised.

Add new comment