CMS Security Guide/Tips
Our Security team would like to advise all the administrators/developers/owners of websites using CMS. Website platforms that are proactive to update their version of the CMS platform. Here are some tips to increase your CMS security.
First, keep your CMS platform, third-party plugins, and your theme up-to-date. Some famous CMS, like WordPress and Drupal or Joomla, are web defacement-susceptible and are under the constant radar of hackers. Therefore, CMS platform update allows the core team or contributors to find the vulnerabilities and create patches before these hackers do.
Moreover, we suggest all administrators/developers/owners remove unused CMS Material (“Uninstall”) to prevent vulnerabilities and threats. This will then result in the injection of your website/hosting and lead to inconveniences such as internet access default or disturbance.
Next, hide your platform and control panel to prevent the attackers from finding them. For instance, change the generic URL of your admin panel as if the hackers know your platform, they may have access to the source code and study the common vulnerabilities of your CMS. To hide your platform and control panel:
- Change URLs to admin panel
- Make sure hackers won’t determine your platform by looking at your HTML code
- Create a whitelist of IP addresses
- Use strong passwords
- Use intrusion prevention software like Fail2Ban
Furthermore, use firewall protection to monitor and control incoming traffic. This will shield your website from unwanted traffic and ensure to block all back-end ports. The firewall will also prevent attacks on your network infrastructure as it will block the server and individual components like your database.
Lastly, scan your CMS for viruses constantly. It is also a great idea to scan your CMS for malware and vulnerabilities. Firstly, you might be already infected and don’t even know about it. Secondly, you should know about your website’s weak spots to protect yourself before hackers find them.
Check out the next article on How to Prevent Spamming in SMF.