Contents

Introduction

Chapter 1 Introduction to CMS Security and Operations

Target Acquired

Operational Considerations

Educating Your Employees and End Users

Raising Security Awareness

Training on Information Security Policies

Providing a Standard Protocol for Threat Reporting

Ensuring E-mail Security

Applying Patches and Updates

Being Aware and Staying Safe

Looking at Your Site Through the Eyes of a Hacker

Steps to Gaining Access to Your Site

Researching

Googling Away

Using Google Hacking Tools (Dorks)

Footprinting

Using NMAP for Nefarious Means

Using Traceroute

Finding Subdomains

Enumeration

Attacking and Owning the Site

Wiping Out Their Tracks

Examples of Threats

Social Engineering

Calling into Your Office

Sending in a Trusted Friend

Using USB Keys

Indiscriminate Browsing or Instant Messaging

External Media

Vendors or External Clients/Customers as the Threat

Reviewing Your Perimeter

Using Virus Protection

Banning Passwords on Desks

Enforcing a Password Complexity and Change Policy

Policing Open Wireless

Tools for Wireless Detection

How Will You Respond to an Incident?

Does Your Plan Exist?

Is the Plan Up to Date?

Where Are Your Backup Tapes, Disks, and USBs?

Summary

Chapter 2 Choosing the Right Hosting Company

Types of Hosting Available

Shared Hosting

Virtual Private Server (VPS)

Dedicated Server

Cloud Hosting

Security of Data in a Cloud

Selecting the Right Hosting Option

Budget Considerations

Determining the Appropriate Server Size

Case 1: Light Website Traffic (Shared Hosting) ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.