linked infacebooktwitter

Website Security: Locking the Front Door

Website Security: Locking the Front Door
By Robert Holzler on December 23, 2010 in Posted in Blue Blog, Web Development | 1 Comment

Locks are there to keep honest people honest. Let’s face it, there are countless bored teens and hackers looking to impress their friends by defacing your website. Most content management systems (CMS) like Joomla, WordPress and Drupal are designed to make it easy for anyone to edit your website from anywhere. While they have good security, there are vulnerabilities. Here are a few things you can do to make your website’s CMS a little more secure. For the purpose of this blog post I will focus on Joomla; however, much of what follows is applicable to all websites that use CMS.

Lock the front door! Your CMS gives you the ability to login to the front end of your website to edit content. It also allows people to create user accounts from the front end of the website. Unless there is a specific reason visitors to your site need to have accounts, disable the Allow User Registration in the Global Configuration settings. If your site does have a reason to allow user registration, consider one or more of the following options:

  • Turn on New User Account Activation – This will require the user to provide a valid email address to activate their account.
  • Registration Approval by Admin – This Joomla plugin requires all new user accounts to be approved by the website’s admin. (See Also)
  • Security Images – This Joomla extension places a Capcha style security to your forms which will prevent form bots from creating LOTS of bogus user accounts and contact form spam. (See Also)

Block brute force attacks with a Failed Login plugin. Brute force attacks are where someone tries huge numbers of username and password combinations; essentially, trying to guess a users login.

Block undesirable and irrelevant visitors. For example, if you do not do business in Russia, redirect or block Russian visitors. If your business is not able to service clients in other countries, take advantage of IP address range blocking. There are extensions like Ban IP Address/Range that allow you to whitelist or blacklist single IP’s or IP ranges. You can also modify your website’s .htaccess file to accomplish the same thing, see ContryIPBlocks.net. Since a large percentage of spammers and hackers use servers in countries like Russia and China to carry out their attacks, this is one easy way to thwart their efforts.

This is not, by any means, a complete list of the things you can do to secure the front end of your website. These are a good start. Remember the effort to proportion rule. Use the amount of security that is appropriate to your website. And have a website disaster and recovery plan, just in case!

About Robert Holzler

Developer
Read More
This entry was posted in Blue Blog, Web Development. Bookmark the permalink.

One Response to Website Security: Locking the Front Door

  1. Pingback: Tweets that mention Website Security: Locking the Front Door | Blue's Inbound Marketing Blog, Website Security: Locking the Front Door | Blue's Inbound Marketing Blog -- Topsy.com

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>