CMS Security Handbook: The Comprehensive Guide for WordPress, Joomla, Drupal, and Plone

CMS Security Handbook: The Comprehensive Guide for WordPress, Joomla, Drupal, and Plone

Tom Canavan

Language: English

Pages: 432

ISBN: 0470916214

Format: PDF / Kindle (mobi) / ePub

Learn to secure Web sites built on open source CMSs

Web sites built on Joomla!, WordPress, Drupal, or Plone face some unique security threats. If you’re responsible for one of them, this comprehensive security guide, the first of its kind, offers detailed guidance to help you prevent attacks, develop secure CMS-site operations, and restore your site if an attack does occur. You’ll learn a strong, foundational approach to CMS operations and security from an expert in the field.

  • More and more Web sites are being built on open source CMSs, making them a popular target, thus making you vulnerable to new forms of attack
  • This is the first comprehensive guide focused on securing the most common CMS platforms: Joomla!, WordPress, Drupal, and Plone
  • Provides the tools for integrating the Web site into business operations, building a security protocol, and developing a disaster recovery plan
  • Covers hosting, installation security issues, hardening servers against attack, establishing a contingency plan, patching processes, log review, hack recovery, wireless considerations, and infosec policy

CMS Security Handbook is an essential reference for anyone responsible for a Web site built on an open source CMS.

Byte (March 1986)

Linux Voice [UK], Issue 22 (January 2016)

WebUser [UK], Issue 384 (18 November - 1 December 2015)

Agent-Based Evolutionary Search (Adaptation, Learning, and Optimization, Volume 5)

Teaching Internet Basics: The Can-Do Guide















password over and over using words from a dictionary. Many free and powerful tools are available on the Internet that enable an attacker to take this route. Passwords should be cycled in all systems at least every 30 days, and should never be reused in less than a year (if ever). If you are hacked, you should cycle all passwords immediately. If you have other systems connected to your network (such as a VoIP phone), then consider the passwords for the VoIP server as well. NOTE At the end of the

considerations to keep in mind for a dedicated server: n You will most likely be required to perform administrative tasks. n Use of a dedicated server requires a comprehensive disaster plan. n Typically, this is by far the most expensive of options. n A dedicated server can provide you with a great deal of computing power. n If you have purchased your machine, keep in mind that hardware ages, and must be replaced over time. Cloud Hosting Cloud hosting is a popular technology model. It

facilities. Emergency Procedures In an emergency, people, not your business, matter most. The websites, servers, data, and the building are secondary to human safety. In this regard, you want to have a high-level understanding of the procedures used to protect the people. After the threat has passed, then all the websites and servers should be the primary focus. Assuming that the emergency brought your sites down, then you’ll want an idea of the time that it will take (either in hours or days)

application. Things that can be communicated from servers typically include temperature of the machine, the speed and operation of cooling fans, the output of the power supplies, and more. An administrator can remotely manage the server using SNMP. This is a typical setup in many hosting situations where the administrators are physically present in the data center. Many hardware manufacturers such as Dell, Hewlett-Packard, IBM, and others support this protocol, and offer tools to monitor and

by clicking the cPanel icon, shown in Figure 5-16. After you click the Raw Log Manager icon, you’ll see two checkboxes, as shown in Figure 5-17. Figure 5-16: cPanel Log Manager settings Figure 5-17: Raw Log Manager settings Click the two boxes if they are not selected. The first one will maintain a daily log for you. If it’s not selected, then it will wipe out log information from the previous 24 hours. This can be a tough situation if you’re tracking down an issue. The second checkbox will

Download sample


About admin