{"id":185,"date":"2015-04-07T15:01:44","date_gmt":"2015-04-07T15:01:44","guid":{"rendered":"http:\/\/www.ahosting.net\/blog\/?p=185"},"modified":"2015-04-07T15:01:44","modified_gmt":"2015-04-07T15:01:44","slug":"cms-targeted-attacks-are-only-going-to-get-more-frequent-heres-how-to-protect-yourself","status":"publish","type":"post","link":"https:\/\/www.ahosting.net\/blog\/cms-targeted-attacks-are-only-going-to-get-more-frequent-heres-how-to-protect-yourself\/","title":{"rendered":"CMS-Targeted Attacks Are Only Going To Get More Frequent: Here\u2019s How To Protect Yourself"},"content":{"rendered":"<p>Recently, Finnish security researcher Joukou Pynnonen revealed a security flaw in Yoast\u2019s WordPress SEO plugin <a href=\"http:\/\/www.zdnet.com\/article\/security-flaw-in-wordpress-plugin-google-analytics-by-yoast-exposed\/\">which allowed hackers to take over the administrator account of any CMS on which the plugin was installed.<\/a> One of the most popular SEO tools on the web; Yoast\u2019s plugin has been downloaded nearly seven million times &#8211; meaning there\u2019s a staggering number of WordPress sites impacted by the vulnerability. Unfortunately, this story is nothing new.<!--more--><\/p>\n<p>It seems like every week, there\u2019s some new crisis that content management systems have to deal with. There always seems to be some new vulnerability, new attack vector, or exploit that allows hackers to seize control of a site (or simply access a ton of sensitive information). More often than not, these security flaws are plugin-based; the result of poor coding or an oversight on the part of the developer.<\/p>\n<p>If you think these vulnerabilities are popping up more and more frequently, you\u2019re not imagining things. They are, and you shouldn\u2019t be surprised. Content management systems <a href=\"http:\/\/w3techs.com\/technologies\/overview\/content_management\/all\">run nearly 40% of the world\u2019s websites<\/a>, so it\u2019s only natural that they\u2019d become frequent targets &#8211; and that\u2019s without even accounting for the fact that, thanks to their relatively open architecture, they\u2019ve more points of attack than any other platform on the web.<\/p>\n<p>That isn\u2019t to say they\u2019re inherently insecure, mind you. WordPress core, for example, is one of the most secure website creation tools in the world &#8211; provided, of course, you take the necessary precautions. That\u2019s what we\u2019re here to talk about today &#8211; what <b>are <\/b>those precautions?<\/p>\n<p>In light of the fact that content management systems are being targeted with increasing &#8211; and alarming &#8211; frequency, how can you keep yourself safe?<\/p>\n<ul>\n<li><b>Only Download Plugins From Reputable Developers: <\/b>This one is huge &#8211; and probably one of the most valuable pieces of advice you\u2019ll ever hear. <a href=\"http:\/\/thehackernews.com\/2014\/11\/cryptophp-backdoored-cms-plugins-themes.html\">Remember CryptoPHP<\/a>? That was one of the worst pieces of malware to hit WordPress in years&#8230;but in order to become infected with it, you had to have downloaded a compromised plugin. I\u2019d wager most of the sites that suffered from the vulnerability were using pirated addons or themes.<\/li>\n<li><b>Pay Attention To The News: <\/b>Preparedness is incredibly important &#8211; which is why you need to keep an ear to the ground as far as security is concerned. My advice is to set up a few Google alerts related to your CMS, and check them every day. That way, you\u2019ll know ASAP when one of your plugins is vulnerable &#8211; and you can take whatever steps necessary to protect your site.<\/li>\n<li><b>Patch Regularly: <\/b>This should be obvious, but it needs to be said all the same &#8211; keep your site up to date. Whenever there\u2019s a new security patch or hotfix released, install it.<\/li>\n<li><b>Create Regular Backups: <\/b>Sometimes, your site\u2019s going to end up getting hit no matter what you do. Having some sort of scheduled backup system means that you can restore any data lost as a result of a compromise.<\/li>\n<li><b>Make Sure Your Account Security Is Up To Snuff: <\/b>One of the biggest vulnerabilities in your WordPress installation could well be your account. Having a username like \u2018admin\u2019 or a password like \u2018default\u2019 is basically asking for your site to get hacked &#8211; <a href=\"http:\/\/krebsonsecurity.com\/2013\/04\/brute-force-attacks-build-wordpress-botnet\/\">especially with brute force attacks on the rise<\/a>. In addition to strengthening your passwords, you might consider using two-factor authentication along with some form of encryption.<\/li>\n<\/ul>\n<p>There\u2019s a reason we seem to hear about a new CMS vulnerability or attack vector every single week. Content Management systems are on the fast-track to becoming one of the most frequently-targeted mediums for cyber-criminals. It\u2019s never been more important that you keep your stuff secure &#8211; no matter what platform you happen to be running.<\/p>\n<p>If you aren\u2019t regularly patching out vulnerabilities, taking proactive steps to manage your security, and keeping your passwords and accounts strong, then you\u2019ve only yourself to blame if your installation ends up getting compromised.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, Finnish security researcher Joukou Pynnonen revealed a security flaw in Yoast\u2019s WordPress SEO plugin which allowed hackers to take over the administrator account of any CMS on which the plugin was installed. One of the most popular SEO tools on the web; Yoast\u2019s plugin has been downloaded nearly seven million times &#8211; meaning there\u2019s [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":186,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-185","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/comments?post=185"}],"version-history":[{"count":1,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/185\/revisions"}],"predecessor-version":[{"id":187,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/185\/revisions\/187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/media\/186"}],"wp:attachment":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/media?parent=185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/categories?post=185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/tags?post=185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}