Share This: RSS
June 24, 2015

CMS Security Best Practices

We Fix Over One Hacked Website Per Day.

Research estimates that 30,000 websites are hacked each day with most of the sites belonging to small businesses. Visit our blog post: "Top 21 Best Practices for WordPress Security" to help minimize this ongoing problem we have developed a new list of security best practices which you can implement on your website, no matter what CMS you are using. We recommend you implement these solutions to minimize the chances of your website being compromised.

Top 14 CMS Security Best Practices

  1. Use a strong password. It takes only 10 minutes to crack a lowercase password that is six characters long. If you add two extra letters and a few uppercase letters, that number jumps to three years. Add just one more character, some numbers and symbols, and it will take 44,530 years to crack.
  2. Use current software. When a new version of your CMS is released, installing the updates will reduce vulnerabilities and help keep your site secure.
  3. Use current plugins. We have seen a huge increase in attacks through out-of-date plugin software.
  4. Out-of-date themes. Check often for updates on the theme you are using. A hacker can sometimes access your website through outdated theme files.
  5. Remove disabled plugins and themes. It is best practice to remove any disabled plugins or themes. If they aren’t being used, there is no good reason to keep the code on the website.
  6. Do not use “admin” as your username. Most CMS’ will use “admin” as the default username. This is a common target for hackers because they already know the user name; they just need to figure out the password. A unique username and a strong password is the best combination to prevent brute force attacks.
  7. Remember to LOG OUT. It is important to log out when you are finished editing your site.
  8. Lack of security plugins or software. There are several good tools available which will help protect your website - some provide a summary of what you can do to protect your site even further. Make sure any third party plugins you add to your site are from a trusted source.
  9. Use two-step verification for admin user login. Some content management systems provide this and if not, look for a plugin.
  10. Login error messages. You should customize the error messages on your login screen because a hacker can tell if they have the user name or the password wrong - or if both are wrong.
  11. Login attempt security not in place. After a user fails to login a set number of times, they will be locked out.
  12. Insecure web hosting. Always ensure that the hosting company you are using is secure and reliable. Shared hosting plans host multiple websites on the same server space. Another website on the same server space could be the source of infection if a web hosting company is not monitoring their sites or servers properly.
  13. Dedicated servers need to be kept up to date. Be sure your servers are running the latest OS. Also ensure your servers are protected by a firewall and anti-virus software.
  14. Hacker code. Be wary of any code you place on your site. Hackers love providing code on online forums and instructional websites for the purpose of gaining access to your website.

Why Are So Many Sites Getting Hacked?

Next issue we will discuss why so many sites are getting hacked, what the hackers are trying to accomplish, the damage that might have been done and the best practices for recovering from an attack.

Prev article Next article
Share This: RSS

What People Are Saying About Us

What People Are Saying About Us

I absolutely love the new website, congratulations. I’m looking forward to continuing to work with you in the future.  Great job.

- Cloverdale Paint -

This is amazing and thank you again for all of your great work, we love it!

- Mr. Lube -

The site looks fantastic and is a piece to be proud of. Your team worked well with our management team. We would recommend Graphically Speaking in building a quality site.

- Squamish Terminals -

Bottom line... I would not hesitate to endorse Graphically Speaking, without reservation.

- Thomas FX Group Inc. -

Thank you so much, we are so happy with the design, and you nailed it first time. We wanted you to know we are really thrilled.

- PainPro -

You have completely impressed me with the depth of the work.

- Bezdan -

On behalf of the Webtech team, we want to say thank you for your efforts in the launch of our new website, and for helping us meet our rushed deadline.

- Webtech -

Graphically Speaking provides an expertise that never failed to impress. Their skillful team provided a level of direction that was both disciplined and creative. A very tough combination to find when collaborating in today's world.

- British Columbia Pharmacy Association -

Your team has provided us with excellent support in the areas of website strategy, design, and search engine optimization, usability testing and general ongoing project management.

- The Jim Pattison Auto Group -

I want to express my thanks for the amazing work you and your team put in.

- Absolute Software -

I am pleased with the design, UI and insights from the usability testing that has allowed us to develop an award-winning website. Job well done.

- City of Richmond -

I wanted to reach out to you to let you know how happy we are with the results of the work your team has done on our new website. Your team has helped improve our site while supporting us during this process.

- IABC Calgary -

I want to thank you for the custom development of our Product Information Management system. Well done to the architects, programmers, account, and project managers.

- Cloverdale Paint -

The new website is definitely a success. Once again, I would like to thank you and Graphically Speaking for helping us out.

- EasyPark -

You, and the teams behind you really do such amazing work and truly boost the capabilities of our team here at Canfor. Thanks for all your work!

- Canfor -