Securing your CMS / eCommerce Website

Whether it’s to steal information, inject your content with malicious links, or use your website to distribute spam; hackers and bots are constantly scouring the web to locate known security issues that can be exploited.

There are several ways that you can keep your CMS or eCommerce website secure (WordPress, Joomla, Drupal, PrestaShop, OpenCart, as examples):

  • Keep Updated: CMS / eCommerce platforms regularly release updates to address security issues. Keeping your CMS / eCommerce Platform, extensions, and themes up-to-date is one of the best (and easiest) ways to keep safe. If you don’t visit your admin panel daily, schedule a reminder in your calendar to regularly check your website for updates.
  • Delete Inactive Plugins / Themes: If any plugins or themes aren't being used, uninstall them from your website. Even if they are inactive, they can still be exploited.
  • Security Plugins: Most CMS / eCommerce frameworks have plugins available to help further harden and secure your website. Look for available extensions you can install to further extend your CMS / eCommerce security.
  • Passwords: When creating passwords, make sure you are generating a strong password, using letters, , both upper/lowercase letters, numbers, and combining them along with punctuation marks.
  • Backups: Backup your website and database regularly at least a few times a month (perhaps at the same time you check it for updates).
  • Change Default Usernames: Change the default admin usernames to something unique. Also, require strong passwords for admins and consider adding a two-factor authentication (2FA) plug-in.
  • Computer Security: Your computer can infect your website. Secure every computer you use to access your CMS / eCommerce website using an antivirus tool with added Internet security capability.
  • Web Host Security: Make sure your web host has tools in place to help further protect your site, especially if you are on shared hosting where, without proper caging of accounts, your website can be exploited by another infected website on the server.

Maintaining Your Website

If you don't have time or resources to maintain updates for your CMS / eCommerce website or need help to implementing additional security, our Website Maintenance Packages will help keep your CMS / eCommerce website up-to-date with the latest version and plugins.

We also perform regular security checks and always backup of your site. If your site needs upgrades to stay compatible with the most recent version, we handle this too as part of the Maintenance Package.

Secure Web Hosting

There are plenty of things that you can do to keep your website secure, but security isn't entirely your responsibility. The very first step to website security is choosing a reputable, reliable webhost that makes site security one of it's top priorities.

Ideally, you should look for a web host that clearly states what they do to make your website security a priority. Look for features like:

  • Attack monitoring and prevention
  • Proactive reviews and patches of security threats
  • Up-to-date server software
  • Ability to isolate and prevent the spreading of infections for sites on the same shared server

e-dimensionz recognizes the need to provide you with secure hosting. After assisting numerous clients who were hosting their websites on various budget web hosting companies restore and secure their websites, we made it our goal to bridge the gap with shared hosting server security and protect websites hosted on our Shared Hosting and Cloud VPS servers.

We active scan files uploaded to accounts to ensure they are safe and do not contain malware or viruses. Files that are suspicious are quarantined before they become active. On our Shared and Cloud VPS hosting, each account is caged and if a site is infected, it won't spread to any other websites on the server.

e-dimensionz Security on Shared, VPS, Dedicated Servers

  • CageFS: CageFS isolates each individual hosting account away from the other hosting accounts on the server. This provides a jailed environment of which prevents an account (if compromised) from being able to potentially find other accounts and compromise them on the server. CageFS will also cage any script execution done via Apache, LiteSpeed, Cronjobs, SSH etc.
  • LVE Limits: LVE Limits prevents a single account being able to consume all of the resources of the shared server. Up until the introduction of this technology, one site being attacked could easily crash an entire shared web hosting server. These limits allow enhanced stability and security regarding resource usage.
  • ModSecurity: ModSecurity protects incoming HTTP / HTTPS requests against all kinds of malicious activity.
  • ConfigServer Security & Firewall:ConfigServer Security & Firewall acts as a software firewall and login failure daemon for the entire server with an exhaustive list of options to block malicious activity. It provides brute-force detection and automatic IP Address banning for malicious behavior across a range of the servers services.
  • ConfigServer eXploit Scanner: ConfigServer eXploit Scanner is the front-line defense against malicious code from being uploaded to the server when a website is being exploited. Hooking in to ModSecurity, it analyses uploaded files while they are being uploaded and are set to auto-quarantine files that match the repository of exploit fingerprints. We receive email notifications when the service has detected a malicious file. We actively scan uploaded files using ConfigServer eXploit Scanner, to help prevent exploitation of accounts by malware.

Sometimes even the best security can fail. Hackers will and do find a way in. Hopefully, some of the suggestions above will make your site less of a target and keep the hackers frustrated.

Contact us if you need help securing your website or cleaning up an infected website.