CMS Security 2015: Top 5 Security Tools for WordPress, Drupal, and Joomla

WordPress, Drupal, and Joomla power three-fourths of the world’s CMS-based websites. A few simple steps will keep your CMS-powered website secure:

  • Keep your CMS software up-to-date. Immediately install all updates to core software and plug-ins. If you don’t visit your admin panel daily, schedule a reminder in your smartphone for updating your CMS regularly.

  • Perform regular backups. Backup your site and its database at least weekly, perhaps at the same time you check it for updates.

  • Delete default admin usernames. Also, require strong passwords for admins, and consider adding a two-factor authentication (2FA) plug-in.

  • Keep your computer secure. Secure every machine that you use to access your CMS using an antivirus tool with added Internet security capability.

In addition to following these basic procedures, use these plug-ins, modules, and extensions to keep your CMS safe. Remember to always backup your files before installing a security add-on to your site.

For WordPress

WordPress powers over 74 million websites worldwide. These five community-approved plug-ins will make your WordPress site more secure.

1. iThemes Security

iThemes Security fixes common security holes, scans for website vulnerabilities, and bans IP addresses that are making brute force attempts against your site.

2. WordFence

WordFence constantly scans all of your site’s files for malware. It blocks brute force attacks, detects known backdoors, and utilizes a firewall to block malicious crawlers. It comes with Falcon Engine, a caching capability that speeds up your site, and real-time traffic insights to show you which people and bots visit your site.

3. All-in-One WP Security & Firewall

In addition to providing traditional security features, All-in-One WP Security & Firewall creates a Login Honeypot to lure brute force attacks away from your real login pages. It can backup your .htaccess and wp-config.php files and enable multi-level firewall controls.

4. 6Scan Security

6Scan has an automatic vulnerability fix, which fixes coding vulnerabilities and automatically repairs malware issues.

5. BulletProof Security

BulletProof Security also comes with page caching to speed up your site. It’s characterized by easy four-step setup and convenient maintenance.

For Drupal

Drupal powers about 2.5 percent of the world’s websites. These five modules can work together to keep your Drupal site safe.

1. Security Review

Security Review is a scanning module capable of checking your Drupal site for vulnerabilities and existing malware. It protects against brute force and notifies you of multiple failed login attempts.

2. Paranoia

Paranoia scans your website to detect places where an attacker could probe PHP code to find a weakness. It then blocks attackers who attempt to infiltrate through these vulnerable points.

3. Coder

For Drupal developers, Coder checks code to make sure it doesn’t violate coding standards. It helps you find SQL injection vulnerabilities as well as ways attackers can bypass access controls.

4. XFS

In addition to preventing XSS attacks, the XFS module implements HTTPS to protect you from man-in-the-middle attacks and eavesdropping. It also prevents cross-site request forgery, clickjacking, and content upsniffing.

5. Flood Control

Flood Control extends Security Review’s capabilities by specifically focusing on preventing brute force attacks. It limits failed logins and mitigates small DOS attacks.

For Joomla

Joomla powers 2.7 percent of the world’s top 1 million websites. A comprehensive security extension, plus additions like CMS update and Marco’s, will thwart most attacks against your Joomla site.

1. RSFirewall

RSFirewall provides an on-demand scanner to check your website files for malware. It also prevents SQL injection, XSS, and other common attacks.

2. Akeeba Admin Tools

In addition to providing security features similar to RSFirewall, Akeeba Admin Tools lets you automate maintenance tasks for your website, including optimizing your database tables and cleaning your temporary directory. It’s available in either a core or premium version.

3. jHackGuard

Where RSFirewall and Akeeba Admin Tools are paid Joomla extensions, jHackGuard is free. Simply download it from SiteGround and enable it within your plug-in manager.

4. Marco’s SQL Injection — LFI Protection

This Joomla plug-in provides basic protection against SQL injection and local files intrusion (LFI). It allows you to whitelist safe components, protects you from unknown third-party extensions, and sends an email whenever it generates a security alert.

5. Akeeba CMS Update

Get an email notification whenever Joomla issues an update. You can also use CMS Update to enable automatic updates of some Joomla components.

Make Security a Priority

Security always seems like a low priority until you become the victim of an attack. Don’t let remote attackers destroy the WordPress, Drupal, or Joomla site you worked so hard to build.

About the Author:  Noah Gamer directs the global Internet Marketing optimization and product web reputation strategy as the Senior Manager of Search Marketing at Trend Micro. He specializes in web product strategy development, competitive analysis, targeted content ranking methods and site optimization while influencing online identity and brand for product marketing, public relations, investor relations, technical support and corporate marketing initiatives.