As per Wikipedia a web content management system (CMS) is a bundled or stand alone application to create,deploy or more generally manage and contain data or content on web pages. Now web content may include audio,video,code,photos or sometimes code for applications too and that is what interacts with user.
Since CMSs are easy to work with ,most people go with them when creating/managing a website.CMSs like WordPress, joomla and drupal are the most considered by people all over the globe,as per a survey they form a staggering 75% share of total CMS websites on the world wide web.
They are similar to each other in the sense that they are most common targets of hackers. Cyber hackers have discovered security holes in WordPress core a long ago, almost 1,72,000 WordPress websites got hacked last year.
A study found that 73% of all WordPress installations had vulnerabilities for hackers to exploit easily.
It is so common for people to assume,since wordpress, joomla etc. are such big names they must be providing a best in class security to their consumers but sadly that is not true at all.
CMSs are built on an open source framework,which do have several benefits but when it comes to flaw they do have their share in that too usually because of its less accountability.Being so popular and with no one to take responsibility for and because of no price tag it is no surprise that it contains a large number of security holes to be breached through by hackers .
Adding to this ,website operators often use weak passwords which can be easily cracked using brute force attacks,making them accessible to hackers which can turn them into site for malware distribution which will eventually get the site blacklisted by google and other search engines.
Lastly,plugins also add to security problems. A recent study concluded that almost 20% of the fifty most used plugins of wordpress are prone to hacking.Considering that almost every CMS user have an atleast of 3-5 plugins installed ,it's quite understandable how are they adding to further security problems.
NOW WHAT SHOULD BE THE PROTECTIVE MEASURES?
Basically a lot of measures can be adopted for protection of wordpress, joomla websites and that are:-
Since CMSs are easy to work with ,most people go with them when creating/managing a website.CMSs like WordPress, joomla and drupal are the most considered by people all over the globe,as per a survey they form a staggering 75% share of total CMS websites on the world wide web.
They are similar to each other in the sense that they are most common targets of hackers. Cyber hackers have discovered security holes in WordPress core a long ago, almost 1,72,000 WordPress websites got hacked last year.
A study found that 73% of all WordPress installations had vulnerabilities for hackers to exploit easily.
It is so common for people to assume,since wordpress, joomla etc. are such big names they must be providing a best in class security to their consumers but sadly that is not true at all.
CMSs are built on an open source framework,which do have several benefits but when it comes to flaw they do have their share in that too usually because of its less accountability.Being so popular and with no one to take responsibility for and because of no price tag it is no surprise that it contains a large number of security holes to be breached through by hackers .
Adding to this ,website operators often use weak passwords which can be easily cracked using brute force attacks,making them accessible to hackers which can turn them into site for malware distribution which will eventually get the site blacklisted by google and other search engines.
Lastly,plugins also add to security problems. A recent study concluded that almost 20% of the fifty most used plugins of wordpress are prone to hacking.Considering that almost every CMS user have an atleast of 3-5 plugins installed ,it's quite understandable how are they adding to further security problems.
NOW WHAT SHOULD BE THE PROTECTIVE MEASURES?
Basically a lot of measures can be adopted for protection of wordpress, joomla websites and that are:-
- CMS should be maintained up to date, all necessary updations, plugins and themes must be done. User should update as soon as the update is available even if it's out of their update schedule.
- CMS and it's underlying database must be backed up regularly,or more specifically,should be performed weekly at minimal.
- Subscribe to some security blog or website,dealing with vulnerabilities of the CMSs you are currently using.
- Default admin usernames must be deleted and a potentially strong and difficult to crack must password must be made, a strong password must be atleast 8 characters long, containing upper case ,lower case,special characters and numbers.
- Use a plugin for strong authentication or two factor authentication(2FA).
- Additionally,users can also go for a web application firewall, they'll be potent enough to protect your CMS and too efficiently. Doesn't matter if it's available as an appliance,server plugin or is cloud based.
EmoticonEmoticon