How to keep your CMS secure
23 July 2014
Keeping your CMS secure
All hosting servers are scanned by a Content Management System Scanner called Shone Security. The purpose of this scanner is to check whether or not your website is running a vulnerable Content Management System (CMS).
Why is it important to keep my CMS up to date?
If your website is running a vulnerable CMS version or vulnerable CMS plugins, your website is not only at risk of being defaced, but, depending on the severity of the exploit, it can also result in potential data loss or theft. These kinds of vulnerabilities don't just affect you, they can also cause service interruptions or downtime for other Imaginet clients.
How does Shone Security work?
The Shone Security Scanner will perform a scan on a regular basis to check if your site is vulnerable or not. If it is, you will receive an email notification informing you that your website is insecure and that your CMS version will need to be updated. You will have the option to either unsubscribe or turn off the notifications. Please note however, that if your website is exploited we do reserve the right to suspend your site until the problem is resolved. We therefore strongly recommend that you do not disable or unsubscribe from these security notifications.
What do I do if my website is vulnerable?
As a hosting company we try to provide as much information as possible to help you get the problem resolved.
- You can get your web developer or third party company to perform the upgrade for you.
- You can perform the upgrade yourself. We have provided some documentation on how to perform the upgrades which can be found here. Please note that if there isn't any documentation listed for your CMS, you will need to consult your CMS's official documentation for upgrade instructions.
- If you are not sure, or are unable to get hold of your web developer, and would like assistance, we can perform the upgrade for you. A Standard CMS Maintenance charge will apply - For further information regarding pricing please contact Imaginet Sales for a quote.
I would like to do the upgrade myself. What should I do first?
Before any upgrade is performed, you need to ensure that you`ve made a recent backup of your website. Imaginet will not be held liable for any data loss should your upgrade be unsuccessful. If you are unsure of how to perform a backup of your website, we can do this for you, but you will be charged a backup fee. Please contact Imaginet Sales for further information.
Once you have made a backup of your website, you will then need to either consult the documentation provided by us here, or use the documentation provided for your specific CMS.
What if I decide to ignore the email notification and my website is exploited?
If no action is taken after you have received the notification, Imaginet reserves the right to suspend your website until the problem has been resolved. We will also not be held responsible for any data-loss incurred as a result of an exploit.
If your website is exploited before you have received the email notification, and is affecting other Imaginet clients, or does not conform to Imaginet's Terms and Conditions provided here, we reserve the right to suspend your website without prior notice. Although we do our best to provide you with as much information as possible, it is up to you as the client to ensure that you take the necessary precautions to ensure that your website is secure at all times.
How can I make my CMS more secure?
Making your CMS more secure is not as complicated as you think. We have put together a list of recommended CMS plugins that will help improve your website security here.
Another important tip to take note of is CMS back-end passwords. As a website owner, you need to ensure that you use strong passwords at all times, as weak passwords are one of the most common reasons for website exploits.
What Content Management Systems can Imaginet upgrade?
Should you want us to perform the upgrade for you and you have agreed to the associated costs, we offer the upgrade option for the CMS's listed below. Unfortunately due to the number of CMS's out there we restricted ourselves to only performing upgrades for the CMS's mentioned above.
- Joomla 1.5.x
- Joomla 2.5.x
What You need to know about Web Hosting?