CMS Security Handbook: The Comprehensive Guide for WordPress, Joomla, Drupal, and Plone
Format: PDF / Kindle (mobi) / ePub
Learn to secure Web sites built on open source CMSs
Web sites built on Joomla!, WordPress, Drupal, or Plone face some unique security threats. If you’re responsible for one of them, this comprehensive security guide, the first of its kind, offers detailed guidance to help you prevent attacks, develop secure CMS-site operations, and restore your site if an attack does occur. You’ll learn a strong, foundational approach to CMS operations and security from an expert in the field.
- More and more Web sites are being built on open source CMSs, making them a popular target, thus making you vulnerable to new forms of attack
- This is the first comprehensive guide focused on securing the most common CMS platforms: Joomla!, WordPress, Drupal, and Plone
- Provides the tools for integrating the Web site into business operations, building a security protocol, and developing a disaster recovery plan
- Covers hosting, installation security issues, hardening servers against attack, establishing a contingency plan, patching processes, log review, hack recovery, wireless considerations, and infosec policy
CMS Security Handbook is an essential reference for anyone responsible for a Web site built on an open source CMS.
3/25/2011 9:16:30 PM 32 Chapter 2 n Choosing the Right Hosting Company The capacity of the machine will be used to measure out what you are allowed to consume. In other words, if you exceed a speciﬁc load limit on the machine, the host will ask you to purchase either more resources, or to move to a different plan. When you move to a VPS, you can expect a much higher per-month cost than shared hosting. You will need to have more technical skill to operate and maintain it than you would with
these, and the costs per month or year must be calculated in. You can get barebones hosting starting at $4.00 to $5.00 per month, or go for premium, affordably priced hosting at a company such as Rochen.com or LunarPages.com all the way up to a dedicated server, which can run you hundreds of dollars a month. Determining this cost is solely based on your requirements, and then you ﬁnd a host that meets the requirements within your budget. Many software packages have annual license maintenance
an unpleasant and costly event, one you do not want to experience. As a word of caution, each state in the U.S. has a different set of laws and penalties that govern the loss of consumer data. This book does not set out any legal advice. Check with your attorney to understand the regulations and laws you must comply with in the event your server is breached, and credit card or other consumer privacy data is stolen. Senators Tom Carper and Bob Bennet introduced the 2010 Data Security Act. This
protect your site from attacks? Considering Development Costs Development costs can quickly get out of control, and then the security becomes relegated to a nice-to-have status. c03.indd 73 3/25/2011 9:17:31 PM 74 Chapter 3 n Preventing Problems Before They Start When you prepare to develop your site, or have a third-party developer handle this for you, approaching the entire effort holistically will yield better beneﬁts. The site will be highly survivable in an attack if you plan
dictate and warrant the proper actions needed. Educating Your Employees and End Users If your business is a very small one-person operation, security awareness training won’t be as difﬁcult as it will be for a larger business. Just practice good cyber security, and you should be ﬁne. If yours is a “larger” small business all the way to a medium-sized business, then you need to implement a program to train and make your employees aware of cyber security. For maximum impact, ensure that your