In recent years, we've heard a lot about large-scale data breaches. From the Yahoo! breach of 2013, to the Uber breach of 2016 and the Equifax breach of 2017, we've seen millions of people impacted by stolen personal data. While you may be inclined to think that only larger companies are targeted by hackers, the fact of the matter is tens of thousands of websites are hacked everyday. No matter what the size or reach of your organization, website security is something you cannot afford to ignore.
While you may not be able to protect against every possible form of hacking on your organization's website, there are a few basic steps you can take to ensure you avoid some common vulnerabilities when using a content management system like Joomla or Wordpress.
1. Change the name of the admin user and protect your admin panel.
When you first install Joomla or Wordpress, the default username to create your administrative account is "admin." When hackers already know the username for the account, it's much easier to hack the password. If both the username and password are unknown to the hacker, it will be a little more challenging to crack both of these. Another precaution you can take is to protect the login fields altogether by requiring a password to access these fields. Components and plugins exist to allow you to hide your login page from any public traffic.*Find out more about these types of plugins at the end of this article. Another precaution you can take is to frequently update your administrator password. This is typically recommended every 60 days.
2. Use themes, plugins, templates, and components sparingly, and always keep them up to date.
Oftentimes, the most vulnerable part of your website is not in the core CMS installation, but rather in the themes and plugins you're using on your site. When you install third-party components on your website, you may unknowingly introduce vulnerable code. That said, it's important to vet the source of the software by ensuring that it's listed in recognized directories like extensions.joomla.org and wordpress.org/plugins. However, even trusted developers can inadvertently overlook a vulnerable piece of code in their extensions. Oftentimes, these developers will later find and fix the vulnerability in a subsequent release. For this reason, it's important to always keep your plugins and components updated. Furthermore, if you're no longer using a specific plugin or component on your site, be sure to delete it.
3. Keep your CMS current.
Similarly, your CMS installation can also include vulnerable code, which is fixed and updated over time. Always remember to keep your Joomla or Wordpress install up-to-date for this reason.
4. Install additional security plugins.
In addition to the steps listed above, you can take further precautions by installing security plugins and components that allow you to protect your login fields, protect against brute force attempts, blacklist and whitelist IP addresses and more. Learn more using the links below: