My Drupal experience: 5 Tips for Securing Your Open Source CMS

Recently, one amongst my shoppers that uses AN open supply content management system (CMS) was hacked many times. I've talked

concerning CMS's within the past. however I've not very talked concerning the actual fact that open supply CMS's area unit at risk of

hacking by hackers.

Well, they are. that is the ugly truth. Even with a heavily custom open supply CMS (like the one my antecedently mentioned shopper is

using), the sites area unit terribly at risk of hacking. principally as a result of anyone will read the code and rummage around for

vulnerabilities in it.

Given my recent expertise, i have been doing slightly of analysis on the topic of securing your web site from hackers. Here area unit 5

recommendations on securing any CMS against hackers. a number of these i used to be already implementing on my client's web site, some

i used to be not.

1. Rename your admin file

Many open supply CMS's use merely named admin files, usually referred to as admin.php. Rename it to one thing like mysitebackend.php.

The only trick to the present is currently you have got to rename all references thereto in different files in your CMS. What you would

like to try to to is use a program that may search multiple files for the previous name, admin.php, and replace it with the new name,

mysitebackend.php.

For Windows, a decent free program that has that capability is SciTE. If you are employing a mackintosh, a decent one is TextWrangler.

2. do not publically link to your admin file

This one is pretty easy. do not place a link out there to your freshly renamed admin file for all to ascertain. the foremost secure

(but arguably inconvenient) manner is to not link thereto anyplace in the least, however merely marker it in your browser.

3. Delete unused options

This is one i used to be guilty of not doing on my client's web site. do not simply disable modules/features that you just are not

mistreatment (and don't have any plans to use). Delete them altogether.

Often the protection holes that a hacker finds area unit in one thing that you are not mistreatment on your web site anyway. If the

files are not there for him to access, he will not be able to use that exact methodology to hack his manner in.

4. Use sturdy passwords

The longer the watchword and therefore the less like traditional English it's, the better. It's somewhat probably that your system

includes a most variety of characters for a watchword. On several systems I've encountered, the limit is ten characters. I encourage

you to own a watchword that's as long as allowable if your limit are some things tiny like that. Your watchword ought to ideally be 10

-20 characters long. the most effective passwords have numbers and each small and great letters.

5. Keep up-to-date on upgrades

The nice factor concerning several open supply CMS's is that they need a decent community and security holes area unit found and

patched. whereas you will not wish to upgrade to a brand new unleash even as presently because it is free (give them per week or 2 to

search out any obvious security issues), keeping up-to-date on your software system can facilitate vastly.

Unfortunately, generally this is often rather more tough than it sounds. this is often particularly the case if you have got an

especially custom web site wherever you've got extensively changed the initial CMS. In these cases, you would like to search out

software system that may compare files (your custom version and therefore the latest upgraded version) and show you a line-by-line

distinction. you may then have to be compelled to manually move the modifications over.

A good file to use if you wish to match variations in files on your Windows machine is ExamDiff. On a Mac, the said TextWrangler can

watch out of the work.

Unfortunately, even with all of those ways, you'll be able to still get hacked. Next time we'll scrutinize what measures to require

before and when you are hacked to arrange for that happening.

My Drupal experience