Popularity attracts attention to your insecurities – we’ll call it “the cost of success” and the result of occupying real estate in others’ minds: even with a legion of fanbois fawning over your every tweet, others will attempt to undermine your success in any way they can. We’ll remain civil and not name names, but you’re surely aware of some cultural force who’s had a weakness leveraged against them in a public forum.
Such is the case for two Internet darlings: WordPress® and Joomla!® Being two of the most popular content management systems (CMS) available means they attract a lot of attention from hackers, fraudsters, and exploiters. Finding vulnerabilities in one of these apps is a goldmine to these people: their popularity means they have a lot of places to abuse what they’ve found. Including your site.
Stay above the fray
If you’ve already taken care of the basics (strong passwords, SSLs, etc.), you should consider taking the next next step and look into security plugins. These tools add a lot of functionality to your site to protect you – and your visitors – in a number of ways:
|Plugins with this feature…||Do this to protect you…|
|Scanning site files||Compares files against known compromised|
|Hiding/Password-protecting admin pages||Bolsters security of pages that only you need to access|
|Setting more secure file permissions||Prevents hackers from tampering with files|
|Firewall/brute force mitigation/blacklisting IPs/.htaccess||Controls who can/cannot access the site, inc. those trying to log in who shouldn’t be|
|Comment SPAM||Removes unwanted comments submitted to the site; may inc. malicious links/code|
|Database security||Ensures only those who need access to the database have it|
|Site monitoring/logs||Keeps data about activity on your site|
|Backups||Creates uncompromised copies of your site|
|Version control||Updates software automatically and notifies you when things fall out of date|
|Multi-factor authentication||Creates logins that require more than username and password|
Popular security plugins
There are a ton of security plugins out there for both applications and not one of them does everything. To make sure you’ve gotten as much protection as you can, it’s a good idea to stack them atop each other to create a deep defense. Below check out a feature overview of the most popular security plugins for both WordPress and Joomla!
|WordPress||All In One||WordFence||iThemes||BulletProof||Centrora|
|Scan site files||X||X||X||X|
|Hide admin location||X|
|Password protect admin location|
|Set file permission values||X||X||X|
|Brute force mitigation||X||X|
|Comment SPAM||X||Pro Version||X||X|
|Multi-factor authentication||Pro Version||X|
|Joomla!||Admin Tools Pro||Security Check||DMC Firewall||OSE Secure||Centrora|
|Scan site files||X||X||X||X|
|Password protect admin location||X||X|
|Set file permission values||X||X|
Before adopting a security regiment, we do encourage you to check the plugins’ documentation. Look for anything that you know would conflict with your setup – if you haven’t done any custom configuration, though, you probably don’t have much to worry about.
With a good mix of best practices and proactive security measures, you’ll increase the ease of maintaining your site, as well as the quality of your visitors’ experience – not to mention remaining free of any tarnish if the hacker tabloids start running slanderous stories about your favorite CMS.
UPDATE 9/24/14: Removed Joomla! column for Admin Tools Core and replaced with features for Admin Tools Professional.
Also published on Medium.