In the web development world, the most popular open source platforms for creating websites include WordPress, Joomla and Drupal. But what is open source exactly? It refers to software and platforms that are free and publicly accessible. They usually have a large community of contributors that help update the software, create plugins and provide support through online forums. Open source platforms are a great way for beginners to create a no-hassle website, and are great for advanced web developers who want to customize them.
Open source web development platforms usually come bundled with pre-created software and website templates that you just need to upload to your server. They’re designed to be very user friendly. Open source platforms like WordPress have huge a following and community (more than 17% of the entire internet is hosted on WordPress alone) and thousands of plugins and themes to choose from.
Unfortunately, open source platforms are a huge target for hackers due to their popularity, and since they’re managed by a mostly volunteer-based community, updates and security patches can be slow to fix, leaving your website vulnerable.
Thankfully, there are several things you can do to prepare your open source website for a cyber attack to mitigate the damages.
Update installations, themes, plugins
Most of the cyber attacks on open-source-built websites occur from a vulnerability within a plugin or theme. When a backdoor within a plugin is discovered by hackers, they’re usually injected with some sort of malicious code.
You should always make sure that your plugins, themes and platform installations are updated to their latest version. Those “bug fixes” you sometimes see in software updates are usually the result of a security vulnerability being patched.
Move the administration directory
Open source web development platforms often come with an administration panel, where the developer can login and edit the website’s content and backend. Access to the administration panel’s login screen is usually located at something like www.yourwebsite/admin, which is an easy target for hackers.
By moving the location of your admin directory to another folder of your website and applying a redirect, most hackers won’t be able to find a way in. There are several ways you can do this, here’s an example for WordPress.
Pre-built security plugins are a great way to harden the security of your open source website, eliminating the need for manual coding. They often include several features that you can customize based on your website’s specific needs.
Fix file permissions
Since most open source web development platforms come pre-packaged and install each of the necessary components for you, they also set basic file access permissions, which sometimes aren’t optimized for security. There are several guides on the web that can help you determine the permissions you should set for specific files and directories.