The Truth About Security and Content Management Systems

A data breach can have a range of devastating consequences for any business. The loss of critical data can unravel a company’s reputation through the loss of consumer and partner trust, costing a company its competitive advantage. With high-profile data breaches making media headlines, it’s essential that organizations adopt and implement strong security practices in their Content Management System (CMS) approach. 

Among the most popular CMSs are WordPress and Drupal, with WordPress being used for over 455 million websites and Drupal used for well over a million. These CMSs offer an inherent security in their usage, however, there are practices necessary to keep your data secure beyond the base threshold. With the right training and know-how, there are a myriad of ways to secure your sensitive data. Here are some principles that Echo Origin employs in our construction of our clients’ CMSs, as well as some practices we teach our clients to keep their data secure:

Comprehensive Maintenance Plan

Given consistent patching done by developers of both CMSs and the plugins used in your website, keeping your CMS version and modules up to date is critical, as older versions of software are easier to hack and often targeted. Setting up a consistent update schedule for your website prevents your organization from falling behind on routine maintenance, and dissuades hackers from targeting your site at a base level.

Role Based Access Control

Not everyone inside your organization is going to need to be able to edit every part of the site. Thankfully CMSs like WordPress allow you to disable file editing for any non-admin user, making sure that a less experienced user doesn’t accidentally topple the whole site. Creating a hierarchy to users’ permissions also ensures intruders aren’t able to get into the more sensitive data if there is a breach. 

Multifactor Authentication/Deterrence

Two factor authentication is a well known practice to keep data secure. By setting up two barriers to entry, intrusion becomes twice as difficult. But there are several other ways in which to deter intruders to be used individually, or ideally, in tandem. Changing usernames from admin to a more specific name is an easy first, as well as using smart, generated passwords that you store locally for safekeeping. Limiting the amount of login attempts an individual can make protects against brute force, and logging out Idle Users reduces the risk of a session being hijacked. Using a few or several of these methods together creates a series of barriers that greatly, if not entirely, prevents intruders from accessing your sensitive data.

Additional Tools

CMSs allow for the usage of plugins and modules for both front-end and back-end development, creating new organizational systems for users to interact with, or even protecting against intruders. Drupal and WordPress have plugins for firewalls, backups, hardening, session limitation, and notification setups for suspicious activity. Using one of, or many of these plugins adds several layers of security to any data you are trying to protect. Remember to always look to see that the modules you are looking at implementing are approved by the CMS you are using them for.

If you are looking into having a website created or overhauled, Echo Origin specializes in Front-end and Back-end Development, using CMSs such as WordPress, Drupal, Jekyll, and others to create functional and secure websites that are easy to manage after their delivery. We offer training with every site we create so that our clients aren’t left in the dark when receiving the finished product, making sure that your website stays secure no matter who in your organization is working on it. Take a look at some of the secure websites we’ve created for our clients in the past: https://echoorigin.com/our-work/