A content management system (CMS) is a collection of procedures used to manage work flow in a collaborative environment. In a CMS, data can be defined as almost anything – documents, movies, pictures, phone numbers, scientific data, etc. CMSs are frequently used for storing, controlling, revising, semantically enriching, and publishing documentation. Content that is controlled is industry-specific. For example, entertainment content differs from the design documents for a fighter jet. There are various terms for systems (related processes) that do this. Examples are web content management, digital asset management, digital records management and electronic content management. Synchronization of intermediate steps, and collation into a final product are common goals of each.
When a CMS gets hacked, usually the reason for this is not that the CMS itself is insecure but that hackers took advantage of some common admin mistakes. The list of admin mistakes is pretty long but not surprisingly, the number of the most common ones is a single digit. Here are some of these mistakes you must know and never do in the CMS you administer:
1. Default passwords
One of the first things hackers check when they plan to attack is for “easy passwords”. Default passwords (i.e. the passwords that come together with the installation) are easy to find. It is true that many CMS don’t come with a default password or even if they do, the installation procedure will make you change your password before you can use the software but if your CMS comes with a default password, make sure that you change it.
2. No patches installed
It is true that installing tens of patches a day is boring but if you don’t watch out for (at least) the critical updates and don’t install them in a timely manner, this is an invitation to hackers. Hackers monitor reports for new vulnerabilities and rely on the fact that the administrator won’t install the patches immediately.
3. Unreliable and insecure web hosting
Insecure web hosting is one of the greatest danger for the security of your CMS. Vulnerabilities in the operating system and the other software that is installed on your web host are also among the favorite targets of hackers and the worst is that if your web host is insecure, there isn’t much you as an admin of your CMS can do to counteract it. You can’t fix the holes in the security of your web hosting provider and the only thing you can do is escape to a better web host.
4. Generous user privileges
There are hardly any admins (in their right mind), who will give admin privileges to ordinary users but there aren’t that few admins, who are really generous when user privileges are concerned. One of the most important security rules is the least privilege rule – i.e. give users access only to those parts of the site they really need to have in order to do their jobs.
5. Insecure plugins
Hackers might not enter through the front door of your CMS but if the other doors are open, they don’t need backdoors (i.e. malware) to gain access to your site. Almost any CMS relies on plugins to provide additional functionality and this is the charm of CMS because you get a base installation and you have the freedom to add only the functionality you need but this freedom is also a security risk.
As a world leading web hosting industry, WebhostforASP.NET has many experiences in CMS. We are fully aware of many hacker’s threats out there. That’s why we regularly update our CMS version with the latest patch in order to provide secure environment for our customers who want to use CMS as their main web site. Looking for secure web hosting? don’t go anywhere, because WebhostforASP.NET is your right choice!