7 tips to secure your CMS

Vanessa

24 September, 2017

Because the issue of security is the most critical part of a developer’s job consisting in protecting websites from hackers, you may already have read hundreds of articles about building secure websites. You might think this is just another one. Five minutes of your time spent going over this short piece could save you lots of hours in the future. Hopefully, you will find useful content providing you tips and sound advice to sharpen your reflection and take corrective action about this hot topic.

As a web developer, one of your strongest fears is to wake up one morning and discover that your website was attacked, damaged or opened without authorized access. This is indeed the worst case scenario if you have no disaster recovery plan.

#1 A first observation that (almost) everyone agrees with: open source CMS cannot be considered to be 100% reliable when it comes to security and safety

Traditional CMS are frequently targeted platforms and the most commonly used CMS - WordPress, Joomla and Drupal - are known for their fragile security system. Why do hackers find them so "attractive"? Why can open source websites easily be broken into just like banks in the old days?

It didn’t take long for cyber criminals to discover the sensitivity of these applications. First of all, the very nature of a CMS which is based on a code that is available for anyone to use, is a source of vulnerability. Obviously, sharing without protection paves the way to the violation, corruption and illicit collection of data, phishing practices, injection of viruses and malware. When editing website files, you are bound to reveal sensitive information. Once a security breach has been discovered and given the massive use of open source CMS, it is almost a child's play for hackers to put down websites on a large scale.

In addition to this first reason, your website might also be hacked through plugins and extensions that are needed for it to be fully operational and run efficiently. Using different plugins from various sources does increase the chances of getting hacked. Also, it is worth mentioning that developers tend to store the source code on public sites, therefore opening the doors to hackers for them to snatch strategic information. Last but not least, on top of the intrinsic nature of these kinds of back office framework, a weak password can be a weapon used by hackers. You surely know automated attacks by bots can damage a website really bad, using the admin login page as a point of entry.

Since open source CMS products are supposedly free at first sight, the community which stands for a great asset of this type of CMS is also supposed to solve security issues. So basically, no one and everyone is held responsible for the lack of reliability. Ironically, because open source CMS have the highest exposure to security holes, they also are the ones to make the biggest improvements  including backwards compatibility, auto-updates, security by design approach, patches … With a big piece of the pie, WordPress and other competitors pour big bucks into upgrading their security infrastructure. That is good but not enough.




#2 A forewarned web developer is a forearmed web developer

If you want to stick to traditional CMS and adopt a tactic approach, it is your absolute right. In this case, here are a few tips for you:
- regularly update your CMS and all its components (installed plugins, applications, themes...) in order to ensure you run the latest version
- regularly patch your website against possible vulnerabilities
- regularly backup your website contents and related information
- do not hesitate to use strong unique passwords
- go ahead and use a firewall
- use a Captcha code that only human beings can read
- get a subscription to a list of security breaches

Clearly, all these tasks will require from you time, energy and sweat. One hour to a couple of hours per month is the average time you should expect to spend on maintenance. Also ask yourself honestly if you can afford lack of peace of mind.

#3 Now, let's turn towards other website building solutions available on the market…

For those who wish to adopt a more long term strategic approach, there are more clever and hassle-free solutions. Provided that you agree to switch from the conventional standards to Cloud hosting CMS. In this category, the new contender AppDrag is a breather. This Cloud CMS dedicated to web professionals doesn't allow any security hole or any loose ends. Since it is a Cloud hosted solution, it is very fast wherever you are in the world. Rapid and reliable cloud hosting leaves you free to concentrate more on the production rather than on the maintenance and fixing of problems. In addition, SSL certificates (Secure Sockets Layers) are included for free in the solution. Thousands of servers in parallel help prevent from any breakdown and ensure highly secured websites.


Our backend is very secured and can handle unlimited scalability by design


AppDrag also provides bulletproof multilayers security, data storage in 3 different locations, a fully fault tolerant infrastructure and super fast content delivery network with 62 points of presence thanks to the Amazon Cloudfront in all continents. And this new player ensures infrastructure monitoring all day long, all year round.


AppDrag Cloud POP - AWS Cloudfront
AppDrag is using AWS CloudFront as a CDN with 62 Points of presence


Based on the testimonials of current users, working on AppDrag is a piece of cake while offering relief for the mind. Whether you serve small and medium sized companies or large corporations, AppDrag takes care of everything for you, from server level permission to infrastructure configuration and deployment. With Cloud hosting platforms, gone are the days when web developers had to deal with bugs, attacks, viruses and performance issues. When choosing your CMS, you want to make sure it ticks the box of security and safety. If not, what’s the point? Safety has become the number one topic across all technologies. This criterion should never be missed out. Unless you don’t mind racking your brain.

Latest articles