Top website security posts by Sucuri – September 2019

A monthly round-up of website security topics

Our Malware Research and Incident Response teams work around the clock to identify and stay ahead of attackers—and we’re proud to share our knowledge and findings with the community.

We’ve gathered a few of our most popular posts and discoveries from September to educate you about the latest trends in website security.


What is cryptomining malware?

Once reserved for hobbyists and computer geeks, cryptocurrency has now become a global topic of interest—and some sources even believe that crypto is the future of currency.

Cryptocurrencies are produced by solving complex mathematical algorithms, also known as “mining”, and are stored by the user in a personal wallet.

Since these digital assets aren’t governed by central banks, they allow for decentralization and anonymity from institutions. This makes them attractive for bad actors.

Browser based cryptominers

With JavaScript based cryptominers, attackers abuse the system resources of website visitors to mine cryptocurrencies with relatively little cost to the attacker.

Due to the explosive growth of in cryptomining in 2017 and the launch of Javascript mining services, browser-based cryptomining malware has become a threat to website owners.

Binary server level cryptominers

Servers are typically more powerful than user’s computers or mobile devices. As a result, they also mine much faster and generate more profit for cybercriminals.

Sucuri researchers often find binary cryptominers at the server level, which abuse website resources without impacting the devices of website visitors. Instead, visitors may experience decreased performance—and in the case of shared hosting providers, these server level cryptominers can impact the performance of other sites and services in the same hosting environment.

Read more from the original post by Brian Bautista.

 


How to audit WordPress plugins & themes

The most common threats to CMS’ are associated with vulnerabilities in plugins, themes, and extensions. Auditing your WordPress plugins and themes can reduce the threat to your WordPress site and mitigate the risk to your site visitors.

Perform audits on a regular basis

Assess your WordPress plugin and theme’s security by measuring some important indicators.

  • Does the plugin or theme have a large user base?
  • Is there a high average rating with a large number of user reviews?
  • Are the contributors actively supporting and updating the plugin or theme?
  • Is there a terms of service or privacy policy listed?
  • Has a contact page or physical contact address been published?
  • Does the plugin have a support page?

Use a backup solution for WordPress

Back your website up on a regular basis. Make sure that the solution you choose has the following features.

  • Backups are stored offsite—not on your server.
  • Automated backup schedules so you don’t forget.
  • Regular testing for reliable recovery.

Remove out of date and unused components

Uninstall any unused plugins or themes from your WordPress environment to prevent vulnerabilities and mitigate risk.

In the event of a compromise, follow our how to clean up a hacked WordPress website instructions.

Read more from the original post by Pilar Garcia.


Joomla security best practices

Joomla maintains a 4.9% market share among open-source CMS platforms, making it the second most popular Content Management System after WordPress. While this percentage may sound small, it’s actually an enormous percentage of sites.

Attackers don’t discriminate when it comes to a website’s size—or the CMS they use. A lot of website security recommendations include broad advice that doesn’t consider the unique security configurations of each Content Management System.

Joomla security checklist

To protect your Joomla CMS, we’ve put together a helpful website security checklist so that you can improve your security and protect your site visitors.

1. Update your Joomla core and extensions

Using outdated software exposes your website to risk. In the majority of releases, Joomla fixes important security issues and bugs in the Joomla core that may allow attackers to exploit vulnerabilities.

Joomla can notify you whenever a vulnerability is discovered within its core or extensions; you can find more information about this feature from the Joomla Core Security Notifications page.  You can also sign up for the Joomla Security news RSS feed to stay in the loop about important updates.

While it’s not always easy to upgrade to the latest version, it’s one of the most important steps you can take to mitigate risk and harden your security.

2. Use them or lose them

Joomla is open source, and anyone can contribute to the code. This also applies to extensions and templates—and not every extension is built with the same attention to security that the core receives.

The more extensions and third-party components you install on your website, the more potential threats you are introducing to your website’s environment. Use trustworthy extensions that have seen recent updates, which indicator that contributors are actively maintaining the extension.

Whenever you stop using an extension or template, it’s good practice to remove it. The less code you have on your website, the fewer potential security problems will exist there.

If you’re unable to update your Joomla installation, extensions, or templates regularly, we encourage you to use a website firewall to virtually patch your site and prevent exploits from known vulnerabilities.

3. Hide the Joomla admin panel

Change the default Joomla administrator URL to some other location. This can be accomplished with a free Joomla security extension, such as AdminExile.

Appending the default admin URL with a unique string prevents attackers from gaining unauthorized access and launching a brute force attack.

4. Use strong access controls

Change default settings and keep all access points secured to mitigate risk against your Joomla website.

A best practice for employing strong access controls includes changing the default username from admin to something unique.

Use strong, unique passwords for every account.

Another important security practice is to use strong passwords. You can generate and store unique, long, complex password combinations with a password manager. To prevent unauthorized access, try not to reuse the same password for multiple accounts!

5. Enable multi-factor authentication

Use multi-factor authentication (MFA) to add an extra layer of security to your website.

This feature requires additional information to verify a user’s identity—often in the form of a code sent by email, text, or an authentication application.

Joomla supports the popular two-factor authentication (2FA) feature through Google Authenticator, but you’ll need to use Joomla 3.2.0 to take advantage of it.

6. Practice the Principle of Least Privilege

Grant the minimum access required to perform functions within your Joomla website to strengthen your security.

You can carefully distribute user roles by using Joomla’s three distinct permission groups:

  • Managers
  • Administrators
  • Super Users

These roles ensure that unauthorized users can’t perform malicious (or accidental) harm to your website.

Tip: Never set a file path with CHMOD 777 permissions.

7. Remove unused accounts

Immediately revoke users who no longer requires access to your website. This applies to every type of access you grant in your site environment.

The practice of removing unused accounts mitigates the risk of unauthorized access from brute force attacks or malicious behaviour from expired users.

8. Monitor your website

Install tools that help you monitor for indicators of compromise.

Monitor your Joomla site carefully for malicious user activity.

Important features from monitoring tools should include integrity checks, website auditing, and activity logging. You can set up alerts to notify you if files or records are modified on your server.

9. Create and maintain backups

Set up website backups to easily restore your website to it’s last known good configuration.

One of the most popular backup tools available for Joomla is Akeeba. This extension will help you backup and restore your Joomla site.

10. Use HTTPS/SSL

Use SSL certificates to securely transfer information between your web server and browsers.

HTTPS is especially important when transferring sensitive information such as credit card details, or personal information from login and contact forms. Protecting data in transit is crucial for ecommerce websites and PCI compliance.

Websites that use SSL get the added benefit of better Google rankings in search results, along with improved performance from HTTP/2.

SSL doesn’t protect your site from being hacked, it only protects data in transit.

11. Use a web application firewall

Protect from DDoS attacks and other OWASP top 10 vulnerabilities by using a web application firewall.

Web application firewalls keep your site protected by detecting and preventing known threats before they ever even reach your website. They can also offer caching for improved site performance and increased availability.

12. Restrict public access

Prevent unauthorized access to the /administrator directory and other important locations by restricting access for only select IP addresses.

To find your IP, try What Is My IP.

Read more from the original post by Victor Santoyo.