Content Management Systems Security Tutorial

If you are an uploader of content, and therefore, partially or totally responsible for that content, do you ever consider security as a concern?

As a blogger, perhaps you lean on the security of the “blogging product and/or platform” you “bought” into, be it a social media platform or blogging (or even vlogging) product (sometimes known as CMS (or Content Management System) software as per Content Management Systems Primer Tutorial). We use a blogging platform called WordPress, but when you say “WordPress”, hosting wise it can mean …

WordPress.org that supplies the CMS (blog) product to your hosting arrangement (which we use here) … or …
WordPress.com that supplies the CMS (blog) product to WordPress.com hosting

… and so, as you might surmise, to pick the WordPress.com “product” above abrogates, somewhat, some of your responsibilities regarding security, but not sure about content?! When thinking about some of these “responsibilities”, and thinking in political or to do with points of law, it seems, in Australia the phrase “de jouer” seems to be “carrier service”.

Now WordPress.org security becomes a subject “de jouer” for today, especially so, as we were emailed a very good link the other day by BestVPN.org, thanks, with an excellent article on this very subject, which I implore you to read should you be a WordPress.org user, or generally speaking, regarding the principles of security should you be an “uploader” of content, which is a growing list of people worldwide. The other thing regarding “implorable” qualities, here, is to not get overwhelmed reading such good advice, but to perhaps let it wash over you, and chip away at some of these issues. The most important, as borne out by this article is that of passwords. Forget all the fingerprint and eye recognition talk of where we are going, the here and now is that the passwords we use are the best defence against hacking, and think, perhaps, the best advice “little old me” can give, is to have a paper “password” diary augmenting your online world, but not left out for “real” (ie. flesh and blood) thieves to knick. On this subject, you’d be amazed what gets found out about yourselves by paperwork like envelopes and bills and such like, thrown out, or left in the “snailmail” postboxes, particularly in unit blocks lacking camera control.

And so it seems to me, personal vigilance about online content security, any day, beats government vigilance, as they face challenges from the public, the perpetrators, our content uploading habits, and the law system alike, contributing to them constantly seeming to be behind the “eight ball”. But if you are interested (at least regarding Australian politics) in the political interest in “metadata” … there you go then, there, then. Is that my bus?! But, seriously …

To me, what you should be careful revealing to the world, but I am guilty of, alas, to do with this blog, on occasions, and just to do with “online Internet activities”, are …

family and relative full names
street address for yourself or family or relatives
a photograph, video, audio memo (ie. media) you wouldn’t want anybody else but your close contacts seeing and/or hearing … and also watch out for “smellorama” content … we all know you’re out there, you purveyors of “smellorama” doodahs … how do you live with yourself, let alone those doodahs?!
IP addresses, port numbers, URLs you don’t want public (with Apache/PHP/MySQL you can use the robots.txt file here)
credit card details … do we have to say doh!?
bank account numbers
mobile phone numbers (to unknown people)
landline phone numbers (to unknown people)
passport numbers or healthcare card numbers
bills, invoices, tickets, order numbers, purchase orders, reservations, proof of purchase etcetera, not in attachments nor in file form, where this information is unnecessary because it is “derivable” via attachment or file
family tree, or other personal family history information
screenshots of any of the rest of these thoughts regarding “sensitive information” … Gimp Gaussian Blur filter (as per today’s tutorial picture), anyone?
in the “hard to arrange” category … exact birth day, information regarding those questions like “Your mother’s maiden name”, where and who with and when you are about to go on holiday, offensive (to some) personal opinions, your workplace gossip involving names of people, email address (if you can avoid it)
health records
screenshots of your fingerprint … do we have to say double doh!?
serial numbers, order numbers in imagery (and are they necessary in the email?!)
if you think a (document) file attachment or upload event (going back to the “old days” thinking of “printouts”) is best seen/represented as “hardcopy” then send/attach it, most aptly, this way, as either a PDF or (Microsoft Window’s) XPS formatted file, because this approach hides the “paper trail” (think, “metadata”) appropriately, and which you can read more about off Document Fidelity Primer Tutorial
websites asking for any personal information via an online form are doing so legitimately because you set it in play, or you trust that their SSL HTTPS:// prefixed URL means that the data exchange is subject to encryption … if not, there is nothing stopping you trying the “squeezing” in of the additional “s” into the address bar HTTP:// prefixed URL to see what happens
might be worth reading Scam Tactics Primer Tutorial, here, too

It comes down to this “line of questioning”, in our minds. Once there were no blogs. Once there were no mobile phones nor (mobile) tablets. What are you doing differently, these days, with these technologies, involving the chance for this information to be seen and/or heard (okay … you win … and/or “smelt”) by people outside your normal circle, that is capable of coming back to bite you? Then ask the same question, with the proviso that nothing governmental (and maybe not even “law wise”), very much, was there to help you out, should this content be challenged?

Previous relevant Content Management Systems Primer Tutorial is shown below.

Content Management Systems Primer Tutorial

Here is a tutorial that introduces you to Content Management Systems, or CMS. Let’s have a look at how Wikipedia defines CMS:

A Content Management System (CMS)[1][2][3] is a computer program that allows publishing, editing and modifying content as well as maintenance from a central interface. Such systems of content management provide procedures to manage workflow in a collaborative environment.[4] These procedures can be manual steps or an automated cascade. CMSs have been available since the late 1990s.

CMSs are often used to run websites containing blogs, news, and shopping. Many corporate and marketing websites use CMSs. CMSs typically aim to avoid the need for hand coding, but may support it for specific elements or entire pages.

There are a lot of CMS in the web marketplace as you can imagine, and there is overlapping relevance with eCommerce websites and CRM (Customer Relationship Model) websites. This is because these are all ideas asking for customers to be involved and interactive with commercial (or personal) websites.

The thing about CMS is that it is a very mature concept now, having been around for some time, and there is often an assumption in the marketplace that when you do shopping online, there will be a chance for interactivity, whether that be during the purchasing of products, or even email contact, or giving feedback. CMS has a major role to play, particularly with feedback, and/or with efforts by the website owner to understand their customer requirements. So, another area of overlap is with SEO (Search Engine Optimization … and here for recent thoughts on this is this The Ultimate Guide to SEO in 2019 article, thanks), which is the study of getting your website noticed with the big Search Engines (like Google, Bing, Yahoo). CMS products have been refined out-of-the-box, and with third-party plugins and add-ons to be more attuned to successful attraction of web traffic via SEO principles.

The way you might differentiate the quality of CMS platforms is via:

Does the CMS programming language and database agree with the hosting requirements?
Given databases of the same size which CMS website runs faster (the world gets more impatient, but the data keeps accumulating)?
How good is its content editing?
How easy is it to tailor to your own requirements?
How good is its third-party add-ons and plugins support?
How good is its product support?
What content form is allowed (eg. blogs, forums, pages)?
What content type is allowed (eg. images, videos, audios)?
How friendly are its SEO principles?
How good are the controls for user functionality and restrictions?
If website involves monetary transactions, is SSL supported?
Is there good support for website security related plugins and/or addons or other software maintainance?

Let’s see our tutorial stream of consciousness view of CMS.

Link to CMS information via Wikipedia from which the above quote comes.

With the emphasis on PHP CMS above it does not mean that there are not excellent ASP.NET CMS in the marketplace, and would like to direct you to Mojo Portal as one example, but there are many others.

If this was interesting you may be interested in this too.

Your Numbers Game
Get clue	Your answer	Your Score
Clue?		Score 0/0

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Leave a Reply Cancel reply

Numbers Guessing Game

Your Numbers Game

Recent Posts

Categories

Meta

Your Background Image

OnTopList

Recent Comments