As with any online service, websites are often the target of malicious users. This is especially common for websites which are built using Content Management Systems (CMS) such as Joomla or Wordpress.
If CMS-based sites are targeted, then why use CMS?
As with any piece of software, content management systems become targets because of their widespread use. This, quite simply, is because any means of exploiting one website created using Wordpress, for example, can be applied to other sites which use the same CMS. This is achieved by finding vulnerabilities within the CMS code and using them to gain access to the website (and potentially the hosting account).
To this end, the organisations which develop content management systems periodically release updates to their software. These updates include patches which replace potentially-vulnerable code in addition to correcting other minor issues. When an update is available, most CMS programs will inform you by posting a note within the administration section of your website.
Are themes or plug-ins affected in this way?
Yes. When it comes to find ways to break in to websites, any add-ons used for the site are fair game. As with the actual CMS, themes and plug-ins are also updated. Similar notices are also posted when an update is available.
So how do I prevent anyone from exploiting my website?
1. You should always ensure that any passwords used by your website are not easy to guess. This includes, not only your cPanel / FTP password, but also the password used for your website database as well as your website administration section / dashboard. This applies to all websites, not just those created using a CMS. Tips on generating strong passwords can be viewed here.
2. Log in to the administration section of your website regularly to see whether any updates are available. If there are, install them as soon as they become available. The longer that you avoid updating your website, the greater the chances of someone breaking into it.
3. If you are considering using a CMS, install it using the Softaculous Apps Installer from within your cPanel account. Aside from automating the installation, Softaculous also includes a notification system so that you will receive an e-mail whenever a new update is available. This is particularly useful if you do not log in to the administration section of your website regularly.
4. Another useful feature is the availability of security plug-ins. Some of the more popular CMS programs, such as Wordpress, have numerous plug-ins designed to secure your website from exploitation. Installing one of these is strongly recommended.
5. Make use of the ModSecurity tool in cPanel. While this has been known to interfere with updates, it is best to enable it once you have completed any updates or changes to your site.
6. If updates for a plug-in are no longer being released then it is best to remove the plug-in and find a suitable replacement.
- website, security
- 0 Users Found This Useful