Skip to main content

Tag: wordpress security release

How to keep your CMS safe and secure

Website security is one of the pillars of running a business online. Website hacks are not an uncommon phenomenon with 30,000 new small business website hacks a day together with corporation breaches. Rather than waiting for the inevitable, being prepared for such attacks is always a good preventive measure that can save you time from constant web debugging or worse – loss of income from your website and loss of company credibility. 

Hackers have targeted the top three open-source Content Management Services (CMS) such as WordPress, Joomla, and Drupal due to their popularity. As technology evolved, these three CMSs have evolved to be more secure through patching its loopholes. 

Common Security Threats to CMSs

  • Data manipulation: Changing parameters and SQL injections are common hacks used. Malicious SQL statements are being inserted in entry fields for execution. 
  • Accessing data: This means using SQL injections or Cross-Site Scripting (XSS) attacks as a way to jeopardize user data. A web application is used to send the malicious code using a browser side script. 
  • Code Injection: Causing lost or corrupted data, lack of accountability, or revoking access, this is the kind of attack that can affect the whole server that runs the website. 

With the common threats illustrated above, here’s what you can do to ensure your CMS stays safe at all times. 

Update your CMS Admin Password 

If you are the type to just use a common password for the majority of your sites or don’t update your administrator password in the past months, then take this as a sign that you need to start doing so. 

The chances of a hacker knowing one or two of your logins is not a slim one. Using a strong password together with a password storage vault can be handy in helping you keep track, organize, update, and manage passwords in one place. Taking an idea from password generators can come in really handy if you do not want the hassle of coming up with one from scratch. 

SSL Certificates 

With the encryption that an SSL Certificate can offer, users are protected from hackers and those attempting identity theft. It has become the PCI standard especially for e-commerce websites that accept sensitive information such as credit cards and personal data. Since 2018, Google has started ranking websites without SSL Certificates lower and most hosting providers provide free SSL or SSL at a low-cost option. 

Website Monitoring 

Constantly monitoring your website is one of the best solutions that can also help you understand common issues and threats. There is an abundance of online services that can offer a way for you to monitor your website 24/7 and help with security measures such as Google Search Console with their alerts and cPanel with their server error logs. 

Security Plugins 

Despite security updates and patches of CMSs, sometimes additional security measures are still important. While server configurations are one way to get security, not everyone can access or have the ability to secure a server properly. A plugin or extension proves to be the easiest way to ensure the server is configured correctly with the right security. Examples of the ways you can protect your site are through Firewall Protection which can help block brute force and DDoS attacks, restricting IP addresses, and more. Some of the available plugins are as follows Sucuri and WordFence (WordPress), Akeeba Admin Tools and RS FireWall (Joomla), and Security Kit (Drupal). 

While plugins can be helpful, it is worth noting that it is important to keep all plugins updated and to keep an eye out for security risks. It is important to download plugins from the official website and developers to face less security threats, malware, and other compromised data. 

Security should always be the utmost priority and thankfully there are a lot of helpful resources available that can help secure your CMS website. If you are new to CMS then don’t let that unfamiliarity get in the way of securing your website. Let a partner agency like iManila assist you with your website. We have a variety of website maintenance and server management services for your different business needs. Drop us a message and see how we can work together! 

Is WordPress Still Secure?

 

It is not a secret to anyone that 26% of the world’s website population is powered by WordPress, and 60% of the entire global count runs on WordPress CMS. This has clearly revealed that WordPress has a wider reach over the net. It is a big global community that is continuously growing – an unstoppable force the powers more than ¼ of the entire internet. However, with this large user-base, it is also undeniable that it attracts the attention of the hackers – making WordPress websites prone to hacking incidents.

Now the question that website owners ask is, is WordPress still secure?

The answer is YES.

Surely most people will disagree but WordPress is still secured – diligence is the key for this.

What Constitute WordPress?

There are three elements of WordPress namely: the core code which makes up the WordPress install, the themes which determine how sites look and how it will function, and plugins which are small applications that extend WordPress in interesting ways.

What Causes Hacking Incidents?

Via WordPress.org, themes and plugins are made available from many other sources, that at some point, may even come from unscrupulous hackers who get their hands on commercial themes and embedded malware in them. The worse thing in this scheme is that these themes and plugins are given away online to people willing to get them for free. And that is where the threat lies. Because of the enormous size of the WordPress installed base and the complexity of its ecosystem, vulnerabilities could be just lying in a corner waiting for malicious activities to find them.

Why do We say It is Secured?

The core is maintained by a large group of volunteers who are incredibly good at their craft. These are coders and developers who secured the community by updating the system’s codes, themes and even plugins from vulnerabilities every now and then.

Like with app stores, WordPress sources take some measurable care in what is listed for users to use. Though there may have been unscrupulous themes on the internet, it is still safer to get from the main community. Themes on WordPress.org go through a testing process and plugins go through an initial vetting before they’re first allowed to be posted.

iManila-Talk-To-Us-CTA

Is WordPress Still Trustworthy?

According to ZDNet.com, WordPress is still trustworthy. However, if you would really like to make the most out of your site and keep is secured, there are still caveats that go with using WordPress.

  • If you are not keen or well versed with web maintenance, you might want to have it hosted via WordPress.com.
  • If you opt for freedom in customizing your website but couldn’t do web maintenance, you can hire someone who can maintain the website professionally, and who will update it regularly from themes to plugins.
  • As much as possible, refrain from downloading commercial plugins or themes from sketchy source especially those which you can get for free.
  • If you customized your WordPress with WordPress.org, you also need to make sure that you are hosting your website securely with a trusted hosting server.

***

Despite the issues about the security of WordPress, it is still undeniable that it is probably one of the best platforms for website available. Again, all it takes to secure your WordPress is diligence or trusting service providers who specialize in creating WordPress-based websites.

iManila is a trusted provider of both web solutions and digital marketing services that surely covers small and medium businesses online marketing needs. Our lines are open 24/7 and our sales executives are available Mondays to Fridays to assist you with your web, IT, and digital marketing queries.

Emails: [email protected] / [email protected] / [email protected]

Telephone numbers: (02) 490-0000, 01, 03 or at (02) 959-4807

Mobile number: (+63) 917-8476005