Content management systems such as WordPress can give attackers an opportunity to access your internal systems.
Well known Content Management Systems (CMS) products including WordPress and Umbraco are not immune to security risks. Poorly configured or maintained, they can be a useful attack vector to pivot into your business systems. This is especially true when you host the website on your own network. Even when you don’t, they can still be attacked, impacting your brand.
Brandfire have a great deal of experience working with many popular CMS products. We have actively contributed to the different communities over the years, improving the security of both WordPress and Umbraco.
Most of the issues we find in typical hosted environments come down to:
- Misconfiguration of web servers
- Use of outdated CMS software
- Use of off-the-shelf software components and plugins with known vulnerabilities
- Bespoke plugins containing vulnerabilities
For privately hosted websites we tend to see additional concerns:
- Insufficient web server hardening
- No standard web server build
- Poor network configuration
- No Web Application Firewall protection
If you want to use a CMS platform safely, we can advise on the best approaches in terms of architecture and configuration. This will give you the best protection of your internal systems without trading off functionality.
Distributed Denial of Service (DDoS) attacks
A DDoS attack can rapidly take an otherwise healthy server offline. Sometimes as part of a plan for extortion or simply to silence competitors. Your e-commerce platform will go down and as a result you will be losing business with every minute of downtime.
We can advise on and work with providers for DDoS attack mitigation, as well as setting up additional defences such as Web Application Firewalls. We do this because we know DDoS attacks usually go hand in hand with attacks once you are back online.