Is Your Website Facing a Debilitating Threat Because of Your Choice of CMS Platform?
Ever since the disclosure of a couple of vulnerabilities, all Joomla websites have sustained a number of security threats. Up until a month ago, Joomla used to be the world’s second most popularly known websiteCMS(content management system). Website builders love Joomla because of its marketing features and dedicated SEO settings. All kinds of websites supported by Joomla have dedicated SEO strategies.This includes medical, healthcare and dentist SEO marketing strategies as well.Thanks to a couple of vulnerabilities brought to limelight less than a month ago, its popularity has seen a drastic plunge into oblivion.
The terror of security threats on CMS platforms
There are two consecutive security announcements that describe how it is possible for any attacker to register on a website even when registration has been disabled and then upgrade his plan for “elevated privileges”. This translates to a dreadful fact: any website on a Joomla platform can be unlocked by any attacker on the internet.
Owing to its widespread popularity Joomla has millions of websites out there. This means, there are millions of websites that are sitting ducks, waiting to be hacked and robbed by amateur hackers prying around town. Your own medical or dental website could be facing a threat right now while you are here reading this!
What happened with Joomla
Recent disclosure allowed us to take a close look at the vulnerabilities and the threats that were caused by the incorrect use of unfiltered data and insufficient checking procedures. These discrepancies caused all websites running on Joomla 3.4.4 to Joomla 3.6.3 engines to be affected. This caused multiple medical websites to shut down for hours and small dental practices were not left unscathed.
The only way to salvage your website from this quagmire is to upgrade to the 3.6.4 version that has still not been subjected to any of the above mentioned threats. This upgrade removes all the troubled codes and fixes a relatedvulnerability, 20161003(CVE-2016-9081).
Something similar happened with Drupal
This is very similar to the vulnerability that was uncovered in Drupal in 2014. Drupal supports hundreds of healthcare, medical and dental websites around the globe. Drupal is second to Joomla in popularity and has close to 50,000 websites running on the latest engines. SA-CORE-2014-005 made it evident that Drupal was left vulnerable to a plain SQL injection attack. This meant the attacker could gain complete control over the server once the attack was successfully complete.
After this weakness was made public,Drupal websites were instantly subjected to automated attacks, which left owners in a complete tizzy as they had only seconds to deploy patches after they were released. Although the window was no more than 7 hours,the threats and the attacks caused more than 50 percent of Drupal based websites to be inactive for hours to days.
The threat is not restricted to site owners only!
The reality is that popular CMS sites like Joomla, WordPress and Drupal make them lucrative targets for hackers. A single default in the codes can make them vulnerable to security threats. A single window gives the hackers millions of websites to exploit. A tiny window in the firewall can leave millions of bank accounts and sensitive data about clients exposed to hackers from around the world. All compromised sites can be rallied into a botnets that can extract all usable customer information from the websites. If you medical and dental website was among the thousands of compromised sites then high chances that your patient and client list was left open to the hackers.
What was the reason for the threats spreading like bushfire?
Since the threat affects way beyond the site owners and administrators, the immediate response of warning emails or push notifications sent out to each contact in the consumer database is far from an effective solution or countermeasure.
Modern CMS platforms are still more successful in a sense since they empower all non-technical users with the power to take the key decisions. Hence, there is no point sending emails or push messages containing the necessary security updates and patches that need to be deployed manually.Besides, popular CMS platforms like Joomla have dedicated team of security personnel who try to seal all breaches in the website codes before the threat spreads like wildfire.
Taking a leaf out of WordPress’ book
WordPress had already come up with automated security updates for the most recent engines back in 2013. This definitely keeps the most popular CMS platform way ahead of its contemporaries.
In case of WordPress 3.6.1 users, who might face a security threat, they will be automatically urged to upgrade to 3.7 or above. The automatic updates are extended to support plug-ins and themes of all complete websites that are already up and running. These include the medical and healthcare websitesthat are built using WordPress templates. WordPress uses dedicated SEO plug-ins for all its websites including healthcare that are also upgraded during the process.
Bringing in the automatic updates
We are already in tune with our Android and Windows versions upgrading in the background of our mobile phones and laptops. A similar automated upgradation process for global CMS platforms has been long overdue. According to the experts, the best way to protect your website running on similar CMS platforms is by ensuring that your website runs on the latest version.
As we have shown you before with an example borrowed from the history of threats faced by Drupal in recent past, it is not the availability of the patch that counts. It only makes a difference when it is applied in time. There is no option for CMS websites like Drupal and Joomla other than deploy automatic updates for their most recent engines.
Jason Thomas is a well known name in the field of online marketing and SEO practices. He is a dedicated preacher of healthy SEO practices that keep businesses afloat. His specialty is medical, healthcare, fitness, and dentist SEO marketing strategies that have benefited numerous practices and organizations throughout the country.