Security: A Massive CMS Problem
If you have a website today that is running on off-the-shelf software, you've most likely experienced the phone call. The call from a customer, or your administrator, telling you that your website has been hacked. "Who did this to me!?" you ask. "Why me?" The simple answer is, the vast majority of the time, it was an automated system looking to take advantage of you.
Off-the-shelf systems have become targets by hackers for the sole reason of scale. Automated systems look to inject code to take control of your site for one reason or another. A common reason is so they can send spam emails from your server instead of theirs.
WPScan's vulnerability database lists over 4,500 different active hacks to WordPress and its plugins. Four thousand five hundred! Yet, it's the most prevalent open-source system out there today.
There Is A Better Way
Imagine a world where your CMS platform can float under the radar. Where you can sleep easy knowing automated bots can’t affect you. And, imagine the base install lasting 5 or more years. This is the peace of mind that a custom CMS solution will offer you.
Specifically, How Do You Secure a CMS?
Tons of ways! Every client is different and each project is its own entity. But various tricks can include:
- Separation of the CMS from the front-end experience: Also known as "Headless" or "Decoupled" CMS solutions. Separating the front-end experience from the back-end controller is a quick and easy way to secure your site.
- Publishing flat HTML files with limited server interaction: something easy to do with custom CMS solutions.
- Network restrictions: Utilizing some simple networking tricks you can lock down admin portals from the world.
There are many more methods available but why spill the beans here?
Because of this flexibility, it's easy to take a custom CMS and secure it as necessary by the government or corporate standards. It's difficult to take off-the-shelf software and secure it to the standards of PCI, HIPAA, or similar standards. Custom CMS systems will be easily amended to meet the standards as required by your application.
Interested in our thoughts about your project? Contact us for a free consultation.