The popularity of Content Management Systems (CMS) such as WordPress and Joomla has been a big positive for businesses and hobbyists for many years now, ensuring the once complicated process of building, updating and managing a website is boiled down in the simplest way possible.
With this popularity and widespread use has come exploitation. While previously hackers would solely focus on one site and probe for vulnerabilities, CMS have provided hackers with a large target area due to the range of vulnerability’s across the estimated 74,652,825 people using WordPress. So how do you ensure your site is constantly protected? Here are a few steps to protect your CMS:
Stay Up To Date
When your CMS informs you that there is an update or new version available then don’t hesitate to update it. These updates are never for minor cosmetic changes, they’re always fixing a security issue or fixing something that’s wrong or exploitable.
Similarly, it’s important to update any plug-ins you might have installed as often these are the prime target for hackers to exploit. WordPress is handy for telling you when a plug-in is out of date, and all you have to do is click the button.
Most CMS systems have the ability to auto update to the latest security release – configuring this functionality is one of the best and easiest ways to protect your CMS.
Back-Up Your Site
Just call us Captain Obvious, but hopefully backing up work is second nature for you so backing up your site shouldn’t be a major leap. Any customers on our Shared Hosting or Specialised Hosting services are backed up automatically every day (backups retained for 14 days), and customers on VPS Servers and VDS Servers can add daily server backup easily! A clean back-up of your site makes the inconvenience of a hack much easier to get back to normal and check where you were exploited.
Regular And Secure Password Changes
Again, an obvious one, but taking care of the simple things is a great preventative measure. Most people’s log-ins are based on easy to remember information, whether it’s birthdays or names, and it’s no surprise these are the ones routinely hacked. This is essentially the first line of defence, especially if the hacker is trying to brute force their way into your site. On that note…
Relocate Your Admin Login
The trouble for a vast amount of CMS is that the admin panel is far too easy to find – for example it will simply be /wp-admin at the end of your URL if you use WordPress or /admin in Drupal. For this reason, it’s a good idea to relocate your admin login to a non-standard location or completely restrict it by IP address.
By following this advice and taking a few steps to protect your CMS it should ensure you never have a security problem.