CMS Security

Again and again, the simplest of security is being looked over by developers and designers in the expanding world of the CMs

The simplest and first security measure I believe one can take when implementing a new CMS is changing the root to their back-end.

So many open source CMS come with standard back-end logins such as:

http://www.mydomain.co.uk/admin
http://www.mydomain.co.uk/administrator
http://www.mydomain.co.uk/admin/login.php

Just to name some examples.

Some enforce you to change the admin root, which I believe should be implemented on all.

I see it now on an everyday basis, now I know what you’re thinking, I’ve got a password setup, encrypted and stored in my database, but most of the time we use passwords which are so easily identifiable by hacker, we might as well not have password.

If your running an Apache server a .htaccess could be used as an extra level of security, as this would mean a lot more hassle for the hacker, and I have seen it done on some very corporate websites.

Having spent last year working my way through ISO 27001, security has become a massive concern for me, all clients.

As we are based in Cardiff I suggest you view:

www.ecrimewales.co.uk

For help in any matters of e-security

Also i advice you rad this article as it sums up very quickly the small changes that can improve CMS security.

http://www.webhostingmasters.com/cms-content-management-systems/mistakes-when-using-a-cms