CMS Security Handbook: The Comprehensive Guide for WordPress, Joomla, Drupal, and Plone
Format: PDF / Kindle (mobi) / ePub
Learn to secure Web sites built on open source CMSs
Web sites built on Joomla!, WordPress, Drupal, or Plone face some unique security threats. If you’re responsible for one of them, this comprehensive security guide, the first of its kind, offers detailed guidance to help you prevent attacks, develop secure CMS-site operations, and restore your site if an attack does occur. You’ll learn a strong, foundational approach to CMS operations and security from an expert in the field.
- More and more Web sites are being built on open source CMSs, making them a popular target, thus making you vulnerable to new forms of attack
- This is the first comprehensive guide focused on securing the most common CMS platforms: Joomla!, WordPress, Drupal, and Plone
- Provides the tools for integrating the Web site into business operations, building a security protocol, and developing a disaster recovery plan
- Covers hosting, installation security issues, hardening servers against attack, establishing a contingency plan, patching processes, log review, hack recovery, wireless considerations, and infosec policy
CMS Security Handbook is an essential reference for anyone responsible for a Web site built on an open source CMS.
password over and over using words from a dictionary. Many free and powerful tools are available on the Internet that enable an attacker to take this route. Passwords should be cycled in all systems at least every 30 days, and should never be reused in less than a year (if ever). If you are hacked, you should cycle all passwords immediately. If you have other systems connected to your network (such as a VoIP phone), then consider the passwords for the VoIP server as well. NOTE At the end of the
considerations to keep in mind for a dedicated server: n You will most likely be required to perform administrative tasks. n Use of a dedicated server requires a comprehensive disaster plan. n Typically, this is by far the most expensive of options. n A dedicated server can provide you with a great deal of computing power. n If you have purchased your machine, keep in mind that hardware ages, and must be replaced over time. Cloud Hosting Cloud hosting is a popular technology model. It
facilities. Emergency Procedures In an emergency, people, not your business, matter most. The websites, servers, data, and the building are secondary to human safety. In this regard, you want to have a high-level understanding of the procedures used to protect the people. After the threat has passed, then all the websites and servers should be the primary focus. Assuming that the emergency brought your sites down, then you’ll want an idea of the time that it will take (either in hours or days)
application. Things that can be communicated from servers typically include temperature of the machine, the speed and operation of cooling fans, the output of the power supplies, and more. An administrator can remotely manage the server using SNMP. This is a typical setup in many hosting situations where the administrators are physically present in the data center. Many hardware manufacturers such as Dell, Hewlett-Packard, IBM, and others support this protocol, and offer tools to monitor and
by clicking the cPanel icon, shown in Figure 5-16. After you click the Raw Log Manager icon, you’ll see two checkboxes, as shown in Figure 5-17. Figure 5-16: cPanel Log Manager settings Figure 5-17: Raw Log Manager settings Click the two boxes if they are not selected. The ﬁrst one will maintain a daily log for you. If it’s not selected, then it will wipe out log information from the previous 24 hours. This can be a tough situation if you’re tracking down an issue. The second checkbox will