Why Content Management Systems (CMS) are Still a Favorite for Hackers


At the start of 2013 the exploitation of CMS systems like Joomla and WordPress were on the increase, and also the trend continues.


Common setups and non QA’d (Quality Assured)

plug-ins combined with fast development all contribute to form CMS the proper target to take advantage of.

Packages like Joomla and WordPress (our focus) ar common owing to their easy use. This easy use and fast plug-in development does not come back while not some inherent hidden dangers.

Once known, vulnerabilities in one among these common CMS systems ar unremarkably AN “exploit once, repeat many” approach. Hence, websites with these vulnerabilities ar taken advantage of and used quickly by corrupt cyber criminals, typically for the subsequent reasons:

Wide unfold use of the software package – quite five hundredth of WordPress installations ar thought of to possess AN exploit in keeping with numerous analysis.
The standardization ANd automation ability – From an attackers perspective this can be a fast thanks to expand his larva web.
Who’s affected?

There ar 2 main parties plagued by such a security breach, the web site and also the website’s guests.

The main use of this WordPress software package is within the SMB (Small business) bracket. this can be possibly thanks to the very fact that WordPress is a simple to use and have made CMS system, which may be used while not being technically adept. SMB businesses don’t seem to be the sole ones plagued by this however ar typically the smallest amount savvy with securing their web site.

Users connecting to the exploited web site will become potential targets. the rationale being, the assailant can doubtless leave malware embedded within the web site and can attempt to infect every user connecting to that.

What’s the impact and why ought to In care?

The reason hackers and cyber criminals need to take advantage of your CMS system is not essentially solely to steal all of your user accounts and knowledge, however conjointly to infect users (with malware) whom connect with the location. Once the unsuspecting user is infected with malware he’s side to a larva to be exploited at the malware commanders (Master of the BOT’s) can. This typically includes things like mastercard larceny, extracting non-public data or being activated to require half during a DDoS attack or different malicious activity.

IMPACT for web site homeowners WHO ar HACKED:

Being known by Google and different software package as a malicious website that results in a visit traffic
Decline in sales
Loss of client confidence
Potential lawsuits
Time loss
IMPACT for USERS infected with MALWARE:

Financial loss
Privacy loss
Potential fraud
Time loss
No matter however giant or tiny your business is, if you’re plagued by any of the higher than, you may shortly have a significant crisis management situation!

HOW to stop being a simple TARGET!

Security is obtaining the fundamentals right. If you simply do one factor to harden your CMS system, do the following:

ยท FOLLOW the VENDORS tips on SECURITY hardening

By following the default recommendations on hardening you explicit CMS (Below ar a pair of common CMS systems), you avoid being a simple TARGET:

WordPress – WordPress Hardening
Joomla – Joomla Hardening
The default counseled tips from any CMS marketer unremarkably embody the subsequent tasks:

Changing default usernames and passwords
Disable debugging
Remove extra installation files and alter permissions on system files
Remove extra data revealing
Protect numerous files and directories\Keep your software package and plug-ins up to this point
Even though the higher than appears trivial obvious, thousands of systems worldwide don’t implement this. This was noted earlier this year in one more malware outbreak; “Fort Disco” with success exploited a minimum of 25000 Windows (Users) machines and over 6000 websites!


By following these comparatively straightforward to implement steps given higher than combined with one or two of hours of some time, you may considerably increase the protection posture of your web site.

It’s not solely overpriced items of hardware like Firewalls, net Application firewalls (WAF’s), Intrusion interference systems (IPS) that increase your security. With these steps enforced the hacker is additional doubtless to maneuver on to a different additional simply exploitable system.

The best thanks to make certain you do not fall victim to the current and different similar additional advanced security problems is to possess regular “VULNERABILITY SCANNING” done on your web site. this offers you the peace of mind and saves you valuable time and cash in knowing that you just won’t be the simple TARGET!

Etechone Author

Leave a Reply

Your email address will not be published. Required fields are marked *