Securing a website is no longer as simple as creating one creative password. The widespread use of content management systems has allowed nontechnical individuals to create and showcase websites. This is all fine and good, but the steps leading up to launching a site still remain complex. Poor forethought into the planning and execution (creation of code) of a website can lead to major vunerabilities.
Unlike HTML-driven sites, CMS-driven sites rely on object-oriented scripting languages to operate. In the cases of ModX, Joomla, Drupal, Xoops, Typo, Radiant, Textpattern, Movable Type, and Word Press, this language is PHP. If PHP is poorly written, outsiders make take advantage of your site and hack into the system. With pure HTML, on the other hand, hackers could break in only if they determined the host username and password.
So keeping a website secure now involves much more than one password. Take Joomla, for instance. This installation runs on the latest version of
Apache, PHP, and MySQL, and requires an SQL database to run. The security of the database relies on the following:
- Security of the host (i.e. Convey Media)
- Vulnerability of the software (i.e. Joomla 1.5.15)
- Vulnerability of the extensions (e.g. Weather)
- Password strength of the username to the host (i.e. when the client or I connect to Convey Media hosting server)
- Password strength of the database username (i.e. when Joomla connects to the database)
- Password strength of the administrator username (i.e. when the client or Convey Media logs into Joomla)
1) I recommend that you host with us. Our provider is an accredited member of the
Better Business Bureau. Their servers are located in Chicago, and their customer support reps are located in the U.S. and Canada. Their servers have Intel Dual Quad Core Xeon processors, 8GB ram, Large Raid 10 storage arrays for maximum performance & redundancy along with 100 Mbps
connectivity to their switches. In addition, their servers are housed in a world class co-location data facility with raised floors, dual city power grid feeds with backup power generators. The facility boasts an FM 200 fire suppression system with early pre-fire detection mechanisms, and is staffed by administrators and security personnel 24x7x365,
including biometric and key card security systems with a rack level
locking mechanism.
2) Joomla 1.5.15 is the latest version available. It utilizes PHP scripts
that execute on the server. What this means is that you, as an Internet
surfer, cannot actually view any .php extension in its original form. The
server converts the necessary data (for the end-user to read) to other
formats such as HTML. The server removes the sensitive data that it itself
needs to connect to the database. If you need an example of this, I can
email you what a page looks like in PHP (for the server) versus what the
code looks like in HTML after it has been processed (what the end-user
sees). Joomla is Open-Source software, and developers worldwide contribute
to its security. Convey Media follows Joomla’s Security guidelines.
3) A calendar and weather button are two examples of Joomla extensions.
These add on files are checked by the Joomla community for security
breaches. All extensions are checked against the “Vulnerable Extensions List“. We will not install any
extension that is on this list.
4) Password strength to a host connection is the first line of defense
against an attack. A weak password can easily become breached. We
require that hosting passwords (that connect you to the hosting
server) be a min of eight (8) characters in length, using UPPERCASE
letters, lowercase letters, alphanumeric characters and numbers. A typical
password would be W3*GhX}4lHJ2.
5) Password strength of the MySQL database username is also critical.
Again, Convey Media uses a password like that shown above. This password is separate
from that of the host password.
6) Each user account within Joomla is prioritized. The “super
administrator” accounts that the clent and Convey Media have unlimited access, while the
“registered” users of the client’s members will be able to only view (not
alter or delete) registered content. All generated passwords will look like the examples listed above.
Joomla has seven (7) user group access levels: Registered, Author, Editor,
Publisher, Manager, Administrator, and Super Administrator.
Webmasters of sites developed by Convey Media can maintain its security by updating Joomla when new versions become available, and by regularly changing all passwords and
keeping passwords in a safe place.
