Similarly, if your CMS setup uses any plugins, make sure they get timely updates since it’s often one of the easiest ways for a malicious player to get access to your data. Use fewer plugins in general and get the latest version of those you absolutely need.
Key Takeaway: Ensure your CMS and any plugins are kept up-to-date regularly with the latest patches.
Logging into your CMS should be impossible to do from memory. If your coworker can remember your password, hackers can too.
To secure your login process, create a new user with an appropriate access level (guest, admin, editor, etc.) for every person that needs to use the CMS (rather than having a single login) with a unique and complex password generated by a password manager. Turn on 2FA (two-factor authentication) if such an option is available to require everyone to use another unrelated authentication method to get in.
Key Takeaway: Use complex passwords and a password manager paired with 2FA for the most secure stance.
3. Backup Data Frequently
One of the most widespread types of malware in recent years has been ransomware — scripts that block access to your data (by encrypting it) until you pay up. WannaCry ransomware, for example, infected more than 200,000 computers in 2017.
While protecting yourself from ransomware requires the same precautions you use for other malware, the best warranty here is to always have an up-to-date set of your data stored elsewhere. Thus, you should configure your backups to be frequent and automatic.
Key Takeaway: Backup your data frequently, automatically, and in different formats and locations.
4. Install HTTPS for All URLs
As nearly every CMS today requires you to log in to use it, HTTPS has become the predominant website security protocol. It’s important to install HTTPS on all webpages to ensure that none of your visitors’ requests could be imitated as ways to explore potential vulnerabilities.
Additionally, moving your website to use HTTPS will boost your SEO score with Google and other search engines, which could increase your website’s rank and even website traffic.
Key Takeaway: Ensure all websites you are using have HTTPS installed on all websites for web visitor peace-of-mind and SEO benefits.
5. Enable a Firewall
One of the best ways of preventing hackers from accessing your data is not letting them through to your CMS in the first place. If you know which connections need to use your CMS and which don’t, you can configure a firewall and keep all suspicious users and bots out (using IP address filtering) without affecting your day-to-day workflow. Specifically, a properly installed firewall will help you mitigate potential DDoS attacks.
Key Takeaway: Firewalls can prevent unwanted traffic to your site while allowing legitimate traffic and users through.
6. Prevent SQL Injections
Generally, hackers will try to gain access to your data in any way possible. Anytime an exchange of information is happening between your website and server, there’s a potential for a vulnerability.
If you have user-fillable web forms, for example, hackers will attempt to inject malicious code into them to manipulate your SQL database (e.g., change tables, delete data). The way to defend against such attacks is to always explicitly parameterize your queries.
Key Takeaway: Use specific query parameters in user-fillable web forms to protect against SQL injection attacks.
7. Rely on High-Quality Servers
If you’re hosting your CMS rather than relying on the cloud as part of SaaS, you should have absolute trust in the servers you use. If you’re working on cheap and badly-managed servers or have been trying to squeeze your website into an oversubscribed shared hosting plan, you’re needlessly increasing your security risks.
Key Takeaway: For complete peace of mind, always use the best servers you can afford, with plenty of spare resources and well-defined procedures in place for mitigating potential attacks of any kind.
Migrating Your CMS Hosting
Do you feel that it’s time to switch your CMS and company data to another server, but not sure where to start? At Liquid Web, we offer a variety of options, from dedicated on-premise solutions to virtualized private environments in the cloud. Contact one of our technical specialists today to see which secure and scalable hosting solutions are the best fit for your current situation and your plan for growth.