Keeping Up with CMS Security

Our friends at Andigo Media posted an article earlier this week on CMS security. They were nice enough to include a couple quotes from me as well. Some great points are made regarding the fact that CMS based systems are simply not build and forget about it platforms, but rather require regular attention especially from a security perspective.

I can’t tell you how many times I have had clients and potential clients state that they do not need a regular maintenance plan. The justification being that they can update all content themselves and that is why they paid extra for a content management system (CMS). It is true that a properly setup CMS can allow an administrator to maintain the content of a Website without the need to hire a developer. However this ease of use is made possible by relatively complex systems. And though your site might not be a direct target, these systems are constantly under attack and your site is always under threat. Security is only as good as what we know to protect against and as new ‘holes’ and exploits are found CMS software must be patched.

Systems like WordPress make updates incredibly easy. In fact a lot of the time it can be as easy as clicking a button within the site administration area. Before any update is applied:

  1. Make sure you have a current back up of the site.
  2. Do  your research to ensure that the update wont effect the function of any other portion of your site.
  3. Ensure that your server meets the requirements of the software change.

It is advisable that you have a developer help with updates in case any incompatibilities are found before or after the update. It is also advisable to keep your system up to date on a regular basis. Waiting and applying multiple updates and patches at once greatly increases the risk that incompatibilities will be found and a much higher level of effort will have to be given to bring the system up to date.