Building your own Website is easy, but do you routinely update the Software it was built with?

More than half of sites are built with a Content Management System. While WordPress is the most popular there are many CMS providers. Hackers are intelligent enough to find loopholes or bugs in any software system. Thus, they regularly try to attack the CMS, its data, and in turn your business.

EMAIL & WEBSITE SECURITY - PART 4

Building your own Website is easy, but do you routinely update the software?

In practice more than half of today’s sites are built with a CMS.  As explained in Part 3 of this series, these are platforms that allow users to build and manage a website without knowing how to code at all. 

There are many CMS providers and by far the largest in terms of market share with over 60% is WordPress, followed by Joomla, Drupal, Shopify, Squarespace each with under 5% of the market and many others.

A CMS is made up of two core parts: a Content Management Application (CMA) and a Content Delivery Application (CDA)

Combined, these applications essentially handle all the code, database queries, and infrastructure in the backend so you can focus on the frontend of your site.  Additionally, any CMS requires plug-ins, which are added-on pieces of software that extend the functionalities of the native features of your chosen CMS.  Similarly, there are several third-party plug-ins available for all CMS. 

Every CMS and associated plug-in are, after all, code that is packaged as a system.  The hackers are intelligent enough to find the loopholes or bugs in any software system.  Thus, they regularly try to attack the CMS, its data, and in turn your business.  

Given that WordPress is such a widely used content management system it is a target for hackers

New threat issues and gaps can come up at any time.  The CMS change logs generally show the gaps and vulnerabilities in the versions which are stated in the updates.  They also expose the websites which do not update automatically.  Adding additional third-party plug-ins to your CMS site increases the vulnerability factor even more. 

Not all scanners can detect the underlying CMS and therefore you need to apply a vulnerability tool that can detect your specific CMS.  You can scan the plug-ins, themes, and unprotected administration panels.  The tools should assess for brute-forcing for password protection robustness given that every CMS has its own account log-in protocols.  They should also undertake Full Path Disclosure (FPD) vulnerabilities and detect your CMS in all the directories within your web application. 

Next week, we conclude our info-series on website & email security and bring you Part 5: How to spot Websites that are ‘not secure’ and ‘dangerous’.

We hope you enjoy reading our research, designed for professionals who are not IT experts but thirsty for knowledge about the everyday tools to operate a business – your email and website.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Leave a Reply

Your email address will not be published.

On Key

Related Posts

WEBSITE SECURITY REPORT

GOLD

Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner

SILVER

The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.

BRONZE

You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.