A-A+

5 tips for protecting open source CMS

2019-04-18 Online No comment

Recently, one of my customers who used the Open Source Content Management System [CMS] was hacked several times. I have talked about CMS in the past. But I didn't really talk about the fact that open source CMS was cracked by hackers.

Ok, they are. This is an ugly fact. Even with a large number of custom open source CMSs [as I mentioned before with the client], these sites are very vulnerable to hacking. Mainly because anyone can view the code and search for vulnerabilities.

Given my recent experience, I have been researching how to protect your site from hackers. Here are five tips for protecting any CMS from hackers. Some of them I have implemented on my client's website, some of which I don't.

1. Rename the management file

Many open source CMSs use a simple named management file, often called admin.php. Rename it to mysitebackend.php.

The only trick is that you must now rename all references to it in other files in the CMS. All you need to do is use a program that searches for the old name admin.php of multiple files and replaces it with the new name mysitebackend.php.

For Windows, the great free program with this feature is SciTE. If you are using a Mac, then a good one is TextWrangler.

2. Do not publicly link to your administrative files

This is very simple. Do not put the link in the newly renamed administrative file for everyone to see. The safest [but arguably inconvenient] approach is to not link to it anywhere, but just bookmark it in the browser.

3. Delete unused features

This is what I did not do on the client's website. Don't just disable modules/features that you don't use [and don't plan to use them]. Remove them completely.

Often, security vulnerabilities discovered by hackers exist in content that you can't use on your site. If the file is not there for him to access, he will not be able to use that particular method to crack his way.

4. Use strong password

The longer the password, the less similar it is to ordinary English, the better. It is a bit like the maximum number of characters your system has with a password. On many systems I have encountered, the limit is 10 characters. If your limit is small like this, I encourage you to have a password that is as long as possible. Ideally, your password should be 10-20 characters long. The best passwords are numbers and lowercase and uppercase letters.

5. Keep up to date with the upgrade

The benefit of many open source CMSs is that they have a good community and have found and fixed security holes. Although you may not want to upgrade to the new version immediately after the release [giving them a week or two to find any security issues], keeping up-to-date software will help.

Unfortunately, sometimes this is much more difficult than it sounds. This is especially true if you have a very custom website and you have made a lot of changes to the original CMS. In these cases, you will need to find the software that will compare the files [your customized version and the latest upgraded version] and show you the line-by-line difference. Then you need to manually move the changes.

If you want to compare the differences between files on a Windows machine, the good file you can use is ExamDiff. On the Mac, the aforementioned TextWrangler will be responsible for this work.

Unfortunately, even with all of these methods, you can still be hacked. Next time we will consider what steps to take before and after you are hacked to prepare for this possibility.

Online Dating Program For Men (view mobile),Click here! Online Art Lessons (view mobile),Click here! Astonishing Conversions - Online Allure,Click here!

leave me a message

Copyright@WaiWaitech inc. © Technology All rights reserved.  

User login ⁄ Register

Share: