We live in a world where “script kiddies” is both a pejorative term, and the name of an actual threat. People of all hacking skill levels are trying to break in to other people’s sites for fun and profit. And they pull it off sometimes.
Hacked sites are a nightmare. I mean, if you’re lucky, they might just post on your blog and call you ugly. If you’re unlucky, they could steal enough information about your users to access their money and steal their identities. In either case, it looks bad for you. In the worst cases, a lot of people could be hurt by flaws in your system. The best solution is obviously to prevent incursions so you don’t have to clean them up. Unfortunately, that’s not always the easiest thing to do. There’s no such thing as a perfectly secure system, especially when that system is in any way connected to the Internet. Nevertheless, we must try.
What’s more, we have to try and secure sites that are, in large part, built by other people. I’m talking about every site that uses a CMS. I took a look at security advice for the four most popular CMS options out there, and rounded up the best guides I could find that have been published within the last year or so.
Note: Different CMSs are targeted towards different kinds of users, and have varying levels of community support. Thus, the security advice presented ranges from specific code examples, to some very basic stuff.
Some thirty percent of websites out there in the wild run on WordPress. Now the WordPress team is no slouch when it comes to patching out bugs, but the codebase is just so big, it helps to take extra steps. We’re lucky that the WordPress community is just so utterly huge. There’s advice out there for users of every skill level.
- 10 Best WordPress Security Plugins in 2018 – Gotta have those plugins!
- The Ultimate WordPress Security Guide – Step by Step (2018)
- 20 Simple Tricks to Secure Your WordPress Website in 2017
- The Ultimate Guide to WordPress Security
- 20 Minutes to a Secure WordPress Website
- 48 Ways to Keep Your WordPress Site Secure
Bonus: 13 Security Tips For WooCommerce Stores—WooCommerce matters because its market share is starting to rival even industry giants like Magento. Now, there’s not a lot you can do to secure it beyond making sure that the parent WordPress installation is secure, but these tips will help.
Joomla is pretty much my constant reminder that my experience as a designer and my potential customers’ experiences as users will lead us each to different perspectives. For example: I think Joomla is a pain in the neck, and yet it remains the second most popular CMS out there. If our customers use it, it’s our job to secure it. There’s quite a bit of (read: mostly) general advice out there on the subject, but I did find a useful guide on dealing with Brute force attacks.
- Top Essential Joomla Security Extensions of 2017
- 10 tips to improve Joomla’s security
- Joomla Security – Complete 10 Step Guide
- How to secure your Joomla 4 website login using Two Factor Authentication
- How to Secure Joomla Website from Brute Force Attacks
In the third spot on the list, Drupal is definitely the developer’s CMS. Most of the articles listed here will assume that you have at least some programming knowledge, as you need some programming knowledge to really make Drupal do much of anything. The CMS itself has a heavy focus on security, and a some of the info here comes from Drupal’s own documentation.
- 7 Tips to Fortify Your Drupal 7 Website’s Security
- How to use HTTPS to protect customer data
- The Top 20 Drupal Security Modules
- Handle text in a secure fashion
- Drupal 7 Security Essential Tips & Modules
- How to Clean a Hacked Drupal Site
It’s no surprise that the fourth most popular CMS in the world is an eCommerce solution. The Internet is just that useful for selling things. It’s also no surprise that eCommerce sites are a big, juicy target for people who want lots of information about lots of people. As with Joomla, Magento customers usually aren’t developers themselves, so a lot of the information is pretty basic. If nothing else, you could share it with the people you make Magento sites for.
- Best 5 Magento Extension to Keep Your Ecommerce Website Secure
- Complete Guide on Magento Security
- Protecting Magento against brute force attacks
- Magento Security Tips – What Can You Do To Protect Your Website?
This is, as usual, just that start of what there is to learn about securing a site with any of these CMS options. Plus, there are so many others out there. I only focused on the top four because there are perhaps as many CMSs out there as there are web developers with too little to do.
That said, at least some of the more basic advice you’ll find here can apply to almost any CMS. Take what works, and Google what doesn’t. And…good luck.