Read this article carefully if you are looking to secure your website especially if you're using WordPress, Joomla, or any other CMS .
Q. How do hackers hack my website !?
Hackers can use a weak point inside your control managment script , taking the advantage of an exploit to hack into your administrator panel, from inside your admin panel its easy to modify your website and uploading "Shell" file to take control over your website files and even to take control over your hosing server .
Taking control of your hosting server means all the websites hosted on the same server are in risk , because they could be hacked as the websites considered as files and folders on the server . A same method could an attacker use to hack your CMS website . Another way , hackers may hack directly into your hosting server , and as your website files are on the same server means your hacked , In this article i'm not writing about hacking servers as much as i will talk about how to secure your website specially your CMS .
Tips For Adding More Security To Your CSM
First To be honest with you , there is nothing called 100% security , even my website where your reading this article right now is not 100% secure. because there might be a 0day exploit .
However , there is several methods you can take or you can chose some of them to make your website secure up to 99% .
Chose another user name far from common login names "admin,administrator,root"
Chose a complex password example "2Apples@1MONKEY"
While installing your control managment system make sure to change the prefix of your database table's prefix , most common tables prefix name in joomla is "jos_" and word press is "wp_".
CHMOD your config file to 444 .
Use security plugins , example for wordpress : http://wordpress.org/plugins/login-lockdown/
Add firewall to your admin panel path , from your cpanel navigate to "password protected my files" and add you custom login details .
Add your secure .htaccess and robot.txt files,example : add (Options -Indexes) in your .htaccess file to remove directory browsing.
Feel free to comment for extra tips for making a website more secure .
use google to search for all above tips, feel free to comment with tip you did not find in your search .
I recorded this video last march , i was waiting for it's owner to patch the exploit before releasing it, but the website terminated by it's owner .
This video will show you how easy a website can be hacked by simple SQL injection , Bypassing hashed password .
Alternative Link
Post by Khalil - خليل.