Content management systems are excellent pieces of software that perform many tasks. The most important are proper storage of content and retrieval of files in an efficient and timely manner. Blogs and personal and corporate sites all utilize this software for a relief of resources. Content management systems are fairly easy to use resulting in their huge popularity.
Due to the massive amount of information found within a content management system, they are a prime target for malicious attackers. There are five primary mistakes that administrators make within a content management system. These include:
- Password issues
- Poor web hosting
- Insecure plugins
- Liberal user privileges
- Lack of installed patches
One of the most common admin mistakes is using easy or blank passwords. Hackers specifically look for passwords that are easy to crack. Default passwords that came with the installation are simple to crack. To combat this simply change the password immediately following installation.
The second major mistake is utilizing a poor, insecure web host. Hackers look for vulnerabilities within the software as well as the operating system. This creates an easy entrance for them. Unfortunately the issue lies with the web hosting provider and not the admin so there’s little you can do if this occurs. The best method of avoidance is to take preventative measures like conducting proper research prior to selection a provider.
The third mistake is installing insecure plugins. Since most content management systems rely heavily on plugins, they are a huge security risk. To ensure this does not become a problem, find out if the plugin has been thoroughly tested prior to release. Also, remove plugins that are known to have security holes and risks.
The fourth mistake is granting liberal privileges to users. Many users will abuse their privileges and hack internally. The rule is to give users the least amount of privileges possible in order to use the website.
The final mistake is that admins don’t stay current with their upgrades and patches. These were created to patch a security hole. As soon as one is release, it’s advantageous to download and apply it. It’s not necessary to install several patches per day. Instead, be aware of critical updates that may come your way.
Many of these solutions are common sense. Simply take your time and be aware of any potential issues that may occur. Using preventative measures to ensure the content management system is robust will be beneficial in the long run.