Content Management System Security. How to secure your CMS? Common rules: + Choose your CMS with both functionality and security in mind + Update with urgency + Use a strong password (admin dashboard access, database users, etc.) + Have a firewall in place (detect or prevent suspicious requests) + Keep track of the changes to your site and their source code + Give the user permissions (and their levels of access) a lot of thought + Limit the type of files to non-executables and monitor them closely + Backup your CMS (daily backups of your files and databases) + Uninstall plugins you do not use or trust.

1. COPYRIGHT 2018 © CYBER GATES
SAMVEL GEVORGYAN
CEO, CYBER GATES
Ph.D. in Information systems and cybersecurity
SECURITY

2. WEBSITE ATTACK STATISTICS
WWW.CYBERGATES.ORG
Attacks around the Worldwide
 Nearly 2 Billion active websites (NetCraft reports)
 Nearly 1 Million hacked websites / year (Zone-H reports)
Over 4K hacked websites since 2011
Top attacks
 Jan 2011 (379)
 Jul 2012 (364)
 Feb 2013 (275)
 Feb 2014 (359)
 Apr 2015 (129)
 Dec 2016 (188)
Attacks in Armenia

3. CMS MARKET SHARES
WWW.CYBERGATES.ORG
 WordPress: 60.0%
 Joomla: 5.8%
 Drupal: 3.8%
 Squarespace: 2.5%
 Shopify: 2.4%
 Magento: 2.0%
 Wix: 1.7%
 Blogger: 1.7%
 Other: 20.1%
Source: https://w3techs.com/technologies/overview/content_management/all
 Nearly 30% of all websites run on WordPress (WebsiteSetup reports)
 WordPress controls nearly 60% of the CMS market (w3techs reports)
 Over 40K WordPress websites in Alexa Top 1 Million are vulnerable (WPwhitesecurity reports)
CMS vulnerability statistics

4. TARGET WEBSITES OF MASS ATTACKS
WWW.CYBERGATES.ORG
Top 5 categories
 Websites that use same CMS (WordPress, Joomla, etc.)
 Websites built by the same developer(s)
 Websites that use same technology, library or certain
component
 Websites served by the same Hosting Provider
 Websites of agencies/companies working in the same
industry

5. TARGET WEBSITES OF TARGETED
ATTACKS
WWW.CYBERGATES.ORG
Top 5 categories
 Online banks and financial institutions
 Cloud services (dropbox, Gmail, iCloud, etc.)
 Government agencies, hospitals
 Hosting and Internet Service Providers (ISP)
 Popular CMS solutions or small outdated websites
that are easy to hack

6. TRADITIONAL CMS ARCHITECTURE
WWW.CYBERGATES.ORG

7. IS MY CMS SECURE?
WWW.CYBERGATES.ORG
Frequently asked questions
 Is your CMS team taking cyber security seriously?
 Avg. time to resolve vulnerabilities?
 Who has developed the CMS component(s) you use?
Why CMS security matters?
 New vulnerabilities and issues emerge all the time
 Popular CMS solutions are an attractive target for hackers
 CMS updates often reveal vulnerabilities in previous
versions in the changelog, exposing websites that are not
automatically updated
 The more you add to your CMS installation, the higher the
risk of your site becoming vulnerable.

8. UPDATES REVEAL VULNERABILITIES?
WWW.CYBERGATES.ORG
Drupal 7.x changelog
 Drupal 7.59, 2018-04-25
- Fixed security issues (remote code execution). See SA-CORE-2018-
004.
 Drupal 7.58, 2018-03-28
- Fixed security issues (remote code execution). See SA-CORE-2018-
002.
 Drupal 7.57, 2018-02-21
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2018-
001.
 Drupal 7.56, 2017-06-21
- Fixed security issues (access bypass). See SA-CORE-2017-003.
Source: https://api.drupal.org/api/drupal/CHANGELOG.txt/7.x

9. INCIDENT AND VULNERABILITY FACTS
WWW.CYBERGATES.ORG
The average number of serious
vulnerabilities per website is 56
Serious vulnerabilities are resolved in an
average of 193 days from first notification
43% of cyber attacks target small
businesses
30% of SMEs lack an incident response plan
68% of funds lost as a result of a cyber attack
where declared unrecoverable
60% of small businesses close their doors
within 6 months after a serious cyber attack.

10. DRUPAL VULNERABILITIES
WWW.CYBERGATES.ORG
“Ukrainian Energy Ministry site downed in
Drupal ransomware attack at the end of April
2018.”
“Drupalgeddon2 is a highly critical remote code
execution bug affecting most Drupal sites
which was disclosed at the end of March 2018.”
“Two months later, over 115,000 Drupal sites
still vulnerable to Drupalgeddon 2.”

11. JOOMLA! VULNERABILITIES
WWW.CYBERGATES.ORG
“Attackers can leverage the Joomla security hole
to compromise servers and use them for
hosting malware and other malicious activities.
They can also sell access to the targeted
servers on the underground market, allowing
others to abuse them for distributed denial-of-
service (DDoS) attacks.”
“On January, 2016, Symantec has detected up
to 20,000 daily attempts to exploit a recently
patched Joomla vulnerability that can be
leveraged for remote code execution.”

12. HOW YOUR SOURCE CODE LOOKS LIKE
WWW.CYBERGATES.ORG

13. HOW YOUR WEBPAGE LOOKS LIKE
WWW.CYBERGATES.ORG

14. COMMON BUSINESS THREATS
WWW.CYBERGATES.ORG

15. HOW TO SECURE YOUR CMS?
WWW.CYBERGATES.ORG
Common rules
 Choose your CMS with both functionality and security in mind
 Update with urgency
 Use a strong password (admin dashboard access, database
users, etc.)
 Have a firewall in place (detect or prevent suspicious requests)
 Keep track of the changes to your site and their source code
 Give the user permissions (and their levels of access) a lot of
thought
 Limit the type of files to non-executables and monitor them
closely
 Backup your CMS (daily backups of your files and databases)
 Uninstall plugins you do not use or trust.

16. IS YOUR BUSINESS IN
COMPLIANCE?
WWW.CYBERGATES.ORG
PROJECT URL
https://websecurity.pro
https://onlineservices.cybergates.org/en/websecurity