In the last 6 months, I have noticed that there is an exponential increase in hacking activities specially targeted to CMS based websites i.e. Wordpress and Joomla. Both these platforms offer business owners a comfortable base to built application within no time. Additionally, CMS offers some really cool plug-ins that can be easily integrated to your website. Because of its usability, popularity and known weaknesses hackers make it as an easy target.
Here’s some statistics on attack motivation and distribution as on August 2012 (source: Hackmageddon)
Where is the problem?
CMS vendors (Wordpress and Joomla) regularly release new versions when it finds that there is a need to upgrade or new feature to offer or any security vulnerability is detected. This is really good and it shows reactive nature of vendors. This introduces a problem too. Business owners do not generally prefer to upgrade their platform version as it introduces a lot of risk to their business. When a website is hacked, it loses user base, trust and sometimes even they are out of business.
Wordpress and Joomla have lot many version specific exploitable vulnerabilities that can be easily exploited by script-kiddie by a simple google search. This really highlights the need to upgrade your CMS platform as new release comes out in the market.
Attackers have an easy way to detect what platform you are using. Below is the technique to detect:
Wordpress:
Joomla:
What next?
Every business is critical and everyone wants their business to be profitable and secure. To achieve the level of satisfaction, I recommend at least follow below basic best practices for your website.
Based on my CMS security assessment experience, I will list out the best practice that you must follow to strengthen security of your website:
Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!