Securing your CMS / eCommerce Website

Regardless of the platform you use, security is always a big issue when it comes to CMS platforms. There are bots and hackers that scour the internet to locate vulnerable sites - and when they hit, it may already be too late. As we covered before, there are ways of securing your WordPress site, but not everyone runs on WordPress (some other platforms include: WordPress, Joomla, Drupal, PrestaShop, OpenCart). There are some global rules to follow, some of which we will cover today.

Secure Web Hosting

The very first step to website security is choosing a reputable, reliable web host that makes site security one of its top priorities. Ideally, you should look for a web host that clearly states what they do to make your website security a priority. Look for features such as:

  • Bot monitoring and prevention
  • Overwhelming positive reviews and patches of security threats
  • Up-to-date server software
  • Ability to isolate and prevent the spreading of infections for sites on the same shared server

While all of these factors are important, you can’t set your sights on just one of the above. You especially need to be careful with reviews - reviews can be bought, and ones with no reviews can be dangerous. Finding a good medium and scouring through the reviews to find the genuinity may be needed. Be cautious, and if you ever do need assistance, consulting experienced developers may be beneficial.

Maintaining Your Website

One of the first things you should be doing is always making sure your website is maintained properly. Whether this be updating PHP, or making sure you have the latest plugins, this is something that can’t be neglected when owning a website. 

If you don't have time or resources to maintain updates for your CMS / eCommerce website or need help implementing additional security, our Website Maintenance Packages will help keep your CMS / eCommerce website up-to-date with the latest version and plugins. We always make sure to back-up your site during updates.

Security on Shared, VPS, Dedicated Servers

CageFS

CageFS isolates each individual hosting account away from the other hosting accounts on the server. This provides a jailed environment of which prevents an account (if compromised) from being able to potentially find other accounts and compromise them on the server. CageFS will also cage any script execution done via Apache, LiteSpeed, Cronjobs, SSH etc.

LVE Limits

LVE Limits prevents a single account being able to consume all of the resources of the shared server. Up until the introduction of this technology, one site being attacked could easily crash an entire shared web hosting server. These limits allow enhanced stability and security regarding resource usage.

ModSecurity

ModSecurity protects incoming HTTP / HTTPS requests against all kinds of malicious activity.

ConfigServer Security & Firewall

ConfigServer Security & Firewall acts as a software firewall and login failure daemon for the entire server with an exhaustive list of options to block malicious activity. It provides brute-force detection and automatic IP Address banning for malicious behavior across a range of the servers services.

ConfigServer eXploit Scanner

ConfigServer eXploit Scanner is the front-line defense against malicious code from being uploaded to the server when a website is being exploited. Hooking in to ModSecurity, it analyses uploaded files while they are being uploaded and are set to auto-quarantine files that match the repository of exploit fingerprints. We receive email notifications when the service has detected a malicious file. We actively scan uploaded files using ConfigServer eXploit Scanner, to help prevent exploitation of accounts by malware.

In Closing

Sometimes even the best security can fail. By following the suggestions above, it will help make your website less of a target and keep the hackers at bay. It’s always a good idea to consult someone familiar with CMS platforms and eCommerce, so don’t hesitate to reach out to e-dimensionz, and our team of experienced developers.