Content Management System Health and Security
Content Management Systems are widely used by website developers for its great functionality. WordPress, Joomla and Drupal are the most popular CMS today. However, Your CMS doesn’t get or stay secure by itself.
There are 10 things you can do to keep your CMS healthy and secure:
1. Regularly update or patch your CMS
2. Daily/Weekly backups for CMS and database
However, not all the hosting providers are offing automatic daily backup as part of the hosting package, normally it will bring extra charges.
3. Verify backups
CMS & database backups (daily/weekly/monthly backups) need to be verified regularly and ensure that they are not corrupted.
4. Delete/Change the default admin username
Most CMS is using “admin” as the default administrator account’s username and change it to something which is not easy to guess. This will make it a lot harder for hackers to get into your CMS via password guessing tools/scripts.
5. Use strong CMS password
Use strong password which is at least 11 characters long with a combination of upper and lower cases, and also numerical characters and punctuation.
6. Change CMS passwords every a few months
Any password is breakable if it is never changed. Every 3-6 months, change the CMS passwords and it doesn’t match last 5 passwords
7. Subscribe to a regularly updated list of vulnerabilities for your CMS
It will notify you when the CMS provider releases a secure update and some of the updates may need to be applied immediately.
8. Control for the creation of new user accounts
Implement “Captcha” or similar function. And it may limit the use of automated account creation tools/scripts and associated automated posting of malicious contents.
9. Remove unused modules /plug-ins
Remove unused modules and associated files will reduce the risk of hackers take advantages of vulnerabilities which those unused modules/plug-ins may have.
10. Regularly check file permission/date of modified
Review web files regularly, file permission and date of modified may show incorrect information if file is compromised.