What CMS is your site running on?
Howto detect the CMS and technology behind a website
A lot of webmasters will set up their site using the default setup. Although in a lot of cases the default setup of a CMS is pretty secure, it doesn't try to make ik difficult to hackers to find out what technology and CMS a site is running on. So awareness on what technical site information is available to your visitors, also to the more malicious guys amonst them, is the first step in making your system more secure.
It's fairly easy to get to know your site is running on Joomla, WordPress, Drupal or another CMS. Also the PHP version, the Apache setup, ... are fairly easy to detect. You have a list of sites specialised in analysis of your site responses which they compare to a kind of footprint, so they will quite accurately tell you what CMS your site is running. Check what these sites are telling about the technical setup of your site:
Furthermore, there are even a couple of add-ons for the most popular browers which will do almost exactly the same on the fly when visiting a site:
Technology vulnerability list
There is no need to worry about the information which can be freely found about your sites, as this is only a first meeting with the technological background of your site. But because there is an awfull lot of information available on the internet about vulnerabilities of all kinds of components, it will also show immediately to anyone interested where the possible weak points of your site are situated.
So it's a good idea to subscribe to a couple of mailing lists or feedback lists which do follow up of the technology components you use on your website, especially the core technology of your site and the installed extensions. Some of the main vulnerability lists for the major website components are
- Apache Vulnerability List
- Joomla Core and Extensions Vulnerability List
- WordPress Vulnerability List
- Drupal Vulnerability List
- MySQL Vulnerability List
The importance of choosing the right provider
It's not necessary to harden your website with all possible trics as it's quite possible that your hosting provider has already put in place a major protection wall before your site - especially if you're on a shared hosting system where your provider includes some basic protection in your subscription. Especially the more famous providers make it a sake of honour not to get you hacked as it also pollutes their reputation.
Your security responsibilities when running a website
It's at least a good idea to know if your site has most probably some vulnerabilities. If the vulnerable software is not in your hands, just check with your provider what they are planning to fix the issue. But if the vulnerable component is your responsibility, make sure you update the vulnerable components immediately. ASAP is not enough, as some recent cases have shown - so make sure you check the vulnerability lists regularly and act when necessary.
If you're not in the possibility to do your updates in time and your site has been hacked, there is just one simple solution: re-initialise your site with a recent backup.