Latterly, one of my clients that use an open-source content management system was hacked numerous times. I have discussed CMS's during the past. But I have not especially discussed the incontrovertible fact that open source CMS's are susceptible to hacking by hackers. Well, they are. That is the repugnant truth. Even with a heavily customised open source CMS (like the one my formerly discussed customer is using), the sites are terribly prone to hacking. Usually because any person can view the code and search for weakness in it.

Given my up to date experience, I have been doing a little bit of research on the topic of securing your internet site from hackers. Here are 5 tips on securing any CMS against hackers. A number of these I was implementing on my client's site, some I wasn't.

1. Rename your admin file Many opensource CMS's use simply named admin files, frequently called admin.php.

Rename it to something similar to mysitebackend.php. The sole trick to this is now you've got to rename all references to it in other files in your CMS. What you want to do is employ a programme that will search multiple files for the old name, admin.php, and substitute it with the new name, mysitebackend.php.

For Windows, a good free programme which has that capacity is SciTE. If you are employing a Mac, a very good one is TextWrangler.

2. Don't in public link to your admin file this one is fairly easy. Don't put a link out there to your newly renamed admin file for everyone to see. The most secure (but arguably inconvenient) way is to not link to it anywhere at all, but simply bookmark it in your browser.

3. Remove new features this is one I was guilty of not doing on my client's site. Do not just disable modules / features that you are not using (and have no intention to use). Remove them altogether.

Frequently the safety holes that a hacker finds are in something that you are not using on your internet site anyhow. If the files are not there for him to access, he will not be in a position to use that specific strategy to hack his way in.

4. Use robust passwords the longer the password and the less like Standard English it is, the better. It's moderately likely that your system has a maximum number of characters for a password. On many systems I have faced, the limit is ten characters. I inspire you to have a password that's so long as acceptable if your limit is something tiny like that. Your password should be 10-20 characters in length. The best passwords have numbers and both lowercase and uppercase letters.

5. Keep recent on upgrades the nice thing about many open source CMS's is they have a good community and security holes are found and patched. While you may not need to go up to a new release just as fast as it is released (give them one or two weeks to find any apparent security issues), keeping up-to-date on your software will help enormously.

Sadly, infrequently this is way more complicated than it sounds. This is particularly the case if you've got a highly customised site where you have at length altered the first CMS. In cases like these, you must find software that may compare files (your customised version and the newest upgraded version) and show you a line-by-line difference. You may then have got to by hand move the alterations over. A good file to use if you would like to compare variations in files on your Windows machine is ExamDiff. On a Mac, the already mentioned Text Wrangler will look after the job.

Sadly, even with all these techniques, you can still get hacked. Next time we'll have a look at what measures to take before and after you are hacked to prepare for that eventuality.