Beef Up Your WordPress, Joomla! and Drupal Security
Open Source is incredibly popular today.
With the source code being available to the public it is important that users have sufficient security running alongside their source code otherwise they leave themselves vulnerable to attacks. Content Management System’s (CMS) WordPress, Joomla and Drupal offer a wide variety of plugins (also known as extensions and modules) to help beef up web workers security.
Wordfence- Allows developers to see who their traffic is comprised of in real time. Perhaps the biggest selling point is the plugin scans for HeartBleed vulnerability. The security bug drew national attention when dozens of heavily used websites announced that they were susceptible to it and that users should immediately change their passwords. With an average of 4.9 out of 5 stars the plugin has been downloaded 1,871,761 times in total.
iThemes- Formerly known as Better WP Security, is one of the most popular security plugins on WordPress with 2,323,189 downloads. An interesting feature of the plugin is that it will ban users who have logged too many invalid login attempts. The company warns users to back-up their sites before installing the plugin because it can cause significant changes. Users should be aware that this extension only works with the latest version of WordPress. Even with the restrictions and setbacks caused by iThemes, users have still given it 4.7 out of 5 stars.
All in One Security & Firewall- Uses a unique security points grading system that makes it easy for users to understand how well their site is actually protected. The plugin also prevents others from hotlinking the users images saving them money and bandwidth in the long run. All in One has been downloaded a total of 267,125 times and has been given 4.9 out of 5 stars by reviewers.
6Scan Security- This is an auto-fix security extension that scans the developer’s code multiple times every day to find potential weak spots. If it finds a weak spot in the code, it will automatically react and fix the problem. 6Scan has an average rating of 4.1 out of 5 stars. It has been downloaded 63,117 times.
Akeeba Backup Core- Creates a complete backup of the developer’s Joomla! website. The extension does not provide any conventional virus protection so it would be smart to use another security plugin alongside it. Users have given Akeeba a rating of 4.96 out of 5.
RSFirewall- This extension offers a variety of features for Joomla! web workers including the ability to blacklist potential attackers. This means that the extension blocks IP addresses were potential threats are coming from. It also enables users to block entire countries from being able to access their site. Web workers have given RSFirewall a rating of 5 out of 5.
Admin Tools-Created by the same developer as Akeeba, notifies users when new versions of Joomla! are released. The extension also sets up a secure Super Administrator ID for an extra level of protection. Admin Tools is able to run alongside Akeeba. Web workers have given the extension a rating of 4.94 out of 5.
Marco's SQL Injection- The threat of SQL injection is very real (just ask Yahoo!). Luckily for Joomla! developers, this plugin is meant to protect them from such an attack. Web Workers are able to filter requests in the POST, GET and REQUEST statements to search for SQL injection. The extension can also be enabled to automatically block IP addresses that it senses attacks are coming from. Web workers have given Marco’s SQL Injection a rating of 4.9 out of 5.
Password Policy- This module lets the web worker specify password constraints. The module lets developers set 12 different types of constraints. They also have the ability to force users to change passwords the next time they login. 3,363 sites currently report using this module.
Administer Users By Role- Allows developers to declare permissions for allowing users to edit and delete other users. In order for other users to a role in the developer’s site, they must obtain permissions for every role they have. There are currently 2,028 sites using this module.
GoAway-This module has two functions. The first is to redirect users that it deems as offensive to either a local or a remote page. The second is to unban users. That’s it. GoAway currently has 255 sites using it.
Encrypt Submissions- Ecrypts the data that users submit on a web workers Drupal website. Developers can specify what data they want the module to encrypt so that it does not waist time encrypting non-sensitive information. Currently 181 developers are using Encrypt Submission.