Before we begin, hackers are very intelligent folk. I have a lot of due respect for these guys as not all of them have bad intentions, like all things in the world it contains both the light and the dark, the good and the bad, the kind and the mean. I am writing this blog post as my hosting provider recently had a brute force attack and thought it was about time security of websites was brought to the forefront of all our minds to help you in improving your security. Whether using Joomla, WordPress or Drupal a lot of these recommendations can be applied regardless.
7 ways to increase your security on a CMS website
1. Improve your password & Username
The first thing to do is make sure your username is not “admin”. This is the standard username and makes it so easy for any hacker to access your account easily.
Next, creating a strong password is so important. Never use words that can be found in a dictionary, there are many bots now that can access all these words in thousands of different combinations within seconds. Watch this short video and it will give you all you need to know about creating a much stronger password for your login page putting that first stage of access for hackers at a more difficult level.
2.Update your plug-ins
When you install plugins they are created by fellow programmers that are also trying to keep ahead of the darker side of hackers so when a new update is available make sure to update those plugins. It is worth your time and effort to do this, you want to close all the doors that could prove a place that compromises your security.
3. Delete plug-ins & themes
Not using a theme or plugin? Just delete them. If they are laying their dormant it could be a ticking time bomb. Don’t leave anything to chance!
4. Choose plug-ins that are updated regularly
Some plug-ins are not updated as regular as others. Study the plugins before you install and use them, you may find that a plugin that does fantastic things may not be as secure s you like so just be careful.
YubiKey is something I discovered recently. it is a device that puts a 2 step verification into your wordpress login page ( but also for other things you log in to online such as gmail, amazon etc) It gives a 2nd password that is only accessible if you insert this usb device into your computer making it virtually impossible for hackers to hack you through your login pages..they will need to find another way in. It isn’t a cheap device but it is high tech that is worth having if you are serious about your website.
If your website is hacked the worst thing would be that you loose all your hard work and would have to start a fresh. Most CMS websites have a lot of hours put in to their creation so it is important to do this and not just to rely on your host to be able to provide an earlier version of your site. There are a few ways to do this This blog post on Brainshare says it better than I ever could > Check it Out
Cloudflare identifies regular threats from around the world as well as speeding up your loading time of your site ( in theory…sometimes it has proven to be slower ). Check out this cloudflare video below to see if it is suitable for you or not and maybe do a bit of research first. I have tried this product out and it has stopped a lot of nasties from getting to my site. You can even block whole countries from coming to your site, useful if you are certain that you will never do business with those locations and they are a place where many of the nasty hackers come from.
Obviously this list is not exhausitive, this is just the tip of the iceberg. I will be writing another blog post in the future but if you want to make that first step in securing your data this is a good place to start. If you have any other tips or links to relevant content please do share in the comment box below.