How to Secure CMS Based Website from Hacker?

01.18.2017 no comments

The dynamism of developing a professional-looking website becomes painless due to the availability of many content management systems across the web. Developing a website is always a serious business that needs in-depth research about trending web development resources and technologies. And the selection of a perfect CMS platform depends on the purpose of your web business, and then, how technically-sophisticated a website you need for implementing your organizational goals.

However, there are plenty of CMS options available on the web market, but most of the websites are powered by four major CMS platforms: WordPress, Magento, Joomla, and Drupal. These platforms have shown an explosive growth over the last few years – all thanks to their out-of-the-box features, functions, and built-in capabilities.

While WordPress, Joomla, and Drupal are developed for deploying different types of websites, Magento is ideally designed for developing eCommerce based websites. It comes with a host of eCommerce features and capabilities to let merchants and retailers build interactive web stores according to their specific business needs.

Despite all these benefits, there is an unfortunate dilemma that has came up right parallel to these content management systems : a grim threat to web security. Due to the extensive accessibility of CMS platforms, hackers, spammers, and other cyber threats are continuously damaging the security of websites by finding a loophole in simple web security practices.

No matter what CMS platform you are using, website security is always a big concern for all webmasters/ developers/site owners. If you want to secure your CMS-based website from hackers and other malicious attacks, you need to follow some robust security measures. Here are the key security tips/tactics that will help you reduce threats to your CMS sites (be it a Magento, WordPress, Joomla, and Drupal).

Let’s get started!

  • Never use default admin as your name or password
password


Usually, hackers try to gain access to the CMS sites by guessing their default username and password. This means if you are using “admin” as your default username along with a simple password for your admin login page, your site is more vulnerable to security threats. Hackers can easily get into your site via Brute force attacks where they enter unlimited combinations of username and passwords until they found the correct on.

So, whether you are using WordPress, Magento, Joomla or Drupal, make sure that you change the default username with a more secure one. Also ensure that your password is long, unique, and hard-to-crack – this will make it harder for a hacker to gain access to your site. In fact, your password should be a unique combination of alphabets, special characters, and numbers such as ua9*%6$D.

  • Securing your admin login page
login


As I mentioned above, security of an admin login page plays a crucial role as hackers usually target username and password to gain back-end access. Therefore, you should take some concrete measures to strengthen the security of your admin page.

If you are a Magento site user, you can set up a custom admin path for enhancing your site’s security. It is because unchanged path enables hackers to attack your site through Brute Force Attacks. But by changing the admin path, you can protect your back-end page from hackers and other security threats. For instance, tweak the “mymagentosite.com/store/admin” with a more secure one like “mymagentosite.com/store/ADk895”. You can also customize the admin path/URL of WordPress and Drupal sites.

In case you are using Joomla, then you can make a use of a secret login key to tighten your site’s backend access. Use Ksecure protection extension for your Joomla site. It adds an extra layer of protection by letting you add a secret key for accessing the admin login page.

  • Use of robots.txt file
txt file


robots.txt allows website owners to give instructions to search engine crawlers regarding which web pages or folders needs to be indexed and which ones are not. All you need to do is to add robots.txt file if you want to hide admin login page, folders with documents and image, and other key web pages of your site from Google and others search engines- this will become difficult for hackers to find these pages.

For an example, if a robot wants to access a website url, like http://www.mysite.com/welcome.html. Before it does so, it will first check for http://www.mywebsite.com/robots.text, and finds the following term:

User-agent: *

Disallow:/


  • Selection of a good hosting company
hosting


Selection of a web hosting company is a critical decision when it comes to strengthening the security of a CMS website. Since, there are different types of web hosting options available such as Free, shared, Dedicated, VPS, and managed, it becomes quite difficult to choose the best one.

However, shared hosting is an ideal option for startups – it gives the flexibility to utilize unlimited resources at the most economical prices, but it is always better to choose a hosting company that can offer you robust security features, impressive loading speeds and other performance enhancement capabilities.  

Instead of shared hosting, you can opt for managed, VPS, or cloud server: these web hosting solutions offer more powerful security features and also assist you if your site gets hacked.  

  • Use two-factor authentication
authentication


Having a secure username and password doesn’t mean your site is safe from hacking attacks. You can take the security of your site to the another level by making the use of two-factor authentication. It simply adds an extra layer of security that not only allows you to enter your username and password but also encourages you to enter a unique security code that creates in every 30 seconds.

You just need to choose the plugin/extension relevant to your CMS platform and tighten the security of your admin login page.

  • Use of HTTPS/SSL encrypted connections
ssl


Reinforce the security of your CMS based site by using HTTPS/SSL-encrypted connections. Regardless of the fact that what CMS platform you are using, connection to encryption can help you prevent your site against hackers. Typically, a URL without an encrypted connection starts with hhtp://…, which makes your site more vulnerable to security threats.

With the use of encrypted connections, you can change your URL to https://… to boast a Secure Sockets Layer (SSL) that secures information between clients and servers. Although it is an ideal practice for all CMS platforms.

If you are using Magento CMS, then you just need to login to your admin page, go to System > Configuration > General > Web > Secure and tweak the Base URL setting from “http” with “https”, and click “ Yes” to utilizing safe and secure frontend URLs and Admin URLs.

  • Keep your site, installed themes, plugins/extensions updated
ssl


One of the major reasons for website hacks is due to the use of outdated CMS versions. Keeping your site, installed theme and plugins/extensions updated is crucial for every website owner. Fortunately, WordPress, Magento, Joomla, and Drupal generates a notification whenever a new version is available for install. With these updates, you can improve your site security and stop hackers from gaining any sort of access to your site. The following are the latest versions of all the four CMSs:

– WordPress: The latest release of WordPress is 4.6.1 that helps you concentrate on the key aspects while enhancing the security of the site.

– Magento: Released the community edition 2.1.2 that includes advanced security features, functional fixes and other necessary improvements to the Sales API.

– Joomla: The latest stable release of Joomla is 3.6.4 introduced to address critical security issues and fix a bug regarding two-factor authentication.

– Drupal: The updated version of Drupal is 8.2.3 that can help you fix security vulnerabilities and protect your site from hackers.

  • Maintain regular backups
Backup


Make sure that you back up both the database and files on the web server of your CMS site for improved web security. It is imperative to have an active backup plan, including downloadable backups or hourly offsite backups. In the case of a cyber attacks or security issues, you can restore the existing version of your site using your active backup plan.

Conclusion

The blog post will help you develop a safe and secure website – no matter on which CMS platform your website is developed.

Whether you are using Magento, WordPress, Drupal, or Joomla, these security tips will help you protect your site from hackers and other cyber threats. And the best part is that all these measures in this blog post are common for all the four major CMS platforms.


Written by:
Tina Jameson

Linda Wester is a dedicated web developer specializing in Magento CMS customization & development. When she is not busy with coding or writing all things you’ll find her spending time with her family. To gain more from her in-depth knowledge, follow her on twitter.


No comments yet

Your comment was successfully sent and awaits moderation.

Server is not replying. Please try later.

You already have this product in your basket

Please delete it before you add a new copy.

You added this product in your basket.

Thank you for Your choice.