A few reminders on computer security

 The 4 main objectives:

integrity: the data present are indeed those that we want to provide,availability: maintain proper functioning of the website (and its IS),confidentiality: some data is only accessible to authorized persons,authentication: access to resources only to authorized persons,

What are the origins of the risks:

-operational origin system (software bug, design, configuration, parameterization error, etc.)
- physical origin (accident, breakage, breakdowns, power cut, etc.)
- human origin (internal: error, incorrect use of the application, opening of emails dangerous or external: embezzlement, hacking, malware, fraudulent smtp use, etc.)

Security must therefore be understood
in a global context

 sensitizing users to security issues.logical security, that is, security at the level of data, applications and operating systems.telecommunications security: network technologies, company servers, access networks.physical security, ie security at the level of physical infrastructures (secure rooms, places open to the public, staff workstations.)

This supposes a security policy with:

A physical and logical security system (tools and user management)An update management procedureA planned backup strategyA disaster recovery plan

What are the answers for a CMS:

Point 1: security of tools and CMS (joomla, WordPress, Prestashop, ...)

update of the web server: application of security patchespassword policymanagement of .htaccess files and robots.txt (exclusions)management of rights on the site's files and directoriesupdate of the CMS and the extensions used

Point 2: security of the hosting / server

data centers placed under high protection and remoteNetwork side security (speed and downtime)Server side security (infrastructure, power supply, card, etc.)Fire and electrical safetyPHP> 5.3Anti-DDoS protection

Points 3 => internal policies of the company or partner 

What can we conclude for a good security policy?

Applying security measures on CMS tools as well as on the server seems obvious.

On the other hand, faced with internet fashions, the obsolescence of information on the internet, the multiplicity of other risks, mainly human (external constantly increasing and constantly evolving and internal, more than 50% of the causes ...), all this indicates that today in our world of "disposable" (we change our site on average every 3 years) or with regular backups of the site and data, the best security seems to be quite simply the change / redesign of the site and / or its hosting!