Content Management, Web Development
4 Ways to Keep Your Content Management System Secure
Content management systems (CMS) are favorite hacker targets for many reasons. Learn 4 ways to make sure your CMS is secure.
Content Management Systems (CMS) are highly targeted by hackers. As security teams look for new ways to help keep your CMS secure, hackers are looking for ways to beat those new security measures. No online system is 100% hack-proof, but there are things you can do to help keep your content secure and safe from would-be cybercriminals.
Part of the issue with the most common CMS out there, such as WordPress and Drupal, is that they are open-source platforms. While this provides a wealth of benefits, it leads to some security issues that must be accounted for, as well. Over 73% of WordPress sites in 2018 were reported to have vulnerabilities that could lead to security breaches.
Content Management vulnerabilities can cause financial as well as reputational damage to a business. Think in terms of E-commerce sites, HR portals, or investor relations pages, just to name three. If these are breached and used for criminal intent, a business may never recover.
Colleges and Universities are common targets of attacks of cybercriminals and state-sponsored adversaries. too. But steps can be taken to increase your institution’s digital security. Here are four ways you can make your CMS more secure and keep out those with nefarious intent.
1. Use strong passwords
Some think this should go without saying, but strong passwords are the foundation of security for any web application or platform. It is easy to get lax or use the same password for several accounts. There are even still people who use the same password for everything.
Obviously, this will impact the security of your CMS. To help keep your platform secure, consider hashing your passwords using a hashing algorithm. Unlike encrypted data, which can be unencrypted, “hashed” data, such as hashed passwords, cannot be “unhashed.” This is a more secure way to store passwords.
Another note about passwords: It is a good idea to block your CMS for a certain amount of time (at least one minute) after three failed password attempts. Three is not a magic number by any stretch, but it is widely accepted as the number that can allow a legitimate user to make a mistake while blocking bad actors who may be trying to hack your website through the user login.
2. Have a Firewall
Firewalls add protection, just as construction firewalls in a home or office prevent fire from easily leaving the room, a firewall around your CMS keeps outside threats from accessing your systems and data.
Having a firewall in place also allows you to keep a lookout for suspicious activity. When the firewall of your CMS detects suspicious activity from a foreign IP address, you then have the ability to blacklist that address.
3. Always, always, always back up your CMS
Just as we talked about regarding passwords, we all know we should be backing up everything — often. But that may go by the wayside, and when we least expect it, some vile entity breaches our CMS. Having a recent backup will allow you to recover your website should something happen.
Always be sure your backups are updated as well. This is more to prevent “when” than “if.” Cybercriminals are always looking for a vulnerability, so it is best to do what you can to keep your CMS safe with a backup.
4. Separation (for less) Anxiety
Separating your administrative system that controls your web content from the front-end display, or creating a “headless” CMS, are both options to increase security. Unfortunately, many of the most popular platforms, such as WordPress and Drupal, are tightly coupled. But, at least, Drupal can be implemented in a headless fashion by using an API to connect it to another front-end website platform
Alternatively, you could opt for full web isolation. This follows the “zero trust” security model that assumes all apps and devices exposed to the web are not trustworthy. This option requires the least IT and staff re-training, making it attractive to many organizations. In full web isolation, a cloud browser executes all needed web code on a remote host. This isolates that execution from local hosts. This means no arbitrary code will have access to your CMS.
These are four things colleges and universities do to keep their CMS safe and secure. There are other things as well, such as obtaining an SSL certificate and protecting your system against SQL-injections. When looking at the security of your CMS, it may be impossible for you to learn every trick or tactic a cybercriminal will use. That’s where KWALL comes in.
Teams of researchers, whose job it is to understand these threats, have difficulty keeping up with the changing environment. Many other colleges and universities choose to partner with a dedicated higher-education digital agency like KWALL to keep things up and running not only smoothly, but securely.
In today’s world, security is the number one concern. Contact KWALL today and let us help you get the edge on the bad guys and keep your CMS