At JAM, every website we build uses our custom-built content management system. A CMS is the application that allows for publishing, modifying, organizing and deleting content on a website.
To access the CMS, a user types in the URL of their website, followed by a specific subdirectory (like "/admin-login") for example.
From there, the user enters their username and password and is granted access into the "back-end" of the site. Once logged in, the user can make whatever modifications they need to make.
Every website has a CMS. The three most common are Wordpress, Joomla, and Drupal. Together, these three account for more than 70% of the CMS market. These three are very popular because they are relatively easy to use and built on open source frameworks. However, the open source nature of these tools makes them prime targets for hackers. Nefarious geeks from around the world have access to automated tools that can quickly seek out security vulnerabilities in the CMS and related plugins, and give them access to the unsecured site. From there, they can post spam to the site, deface it, or worse, hijack it and demand ransom payment.
Along with employing vulnerable plugins, these CMS platforms also use identical login subdirectories, making them susceptible to brute-force attacks, where hackers check all possible passwords until the correct one is found.
Websites that use a custom CMS don't have these issues. First of all, custom-built plugins are untraceable, meaning there are fewer opportunities for hackers to find an exploit. Also, they utilize unique login subdirectories, mitigating the risk of a brute-force attack. When a hacker has realized the site uses a custom CMS and cannot locate their database using conventional methods, they move on to one where they can. All of our sites have an obvious block of developer code:
Has your Wordpress or Joomla site been hacked? If so, hopefully you have at least created a lengthy username and password and ran a plugin vulnerability check. Need help securing your site? Want to rebuild it so you're not victimized again? Contact us for a free website security consultation. We'll tell you if we find any holes, and how you can fix them.