Shared Infrastructure Services - Content Management System Policies

Last Updated: 11/20/2013

Overview

This page covers policies you should be aware of when running your own Content Management System (CMS).

When you are delegated the role of Application Administrator for a Content Management System (CMS), there are a few things you must be aware of:

1. As with any software application, it is very important the CMS be kept up-to-date. This is not just for security reasons, but also because new system software patches can break the CMS. If the CMS is kept up-to-date, there are usually no problems with system updates. Not keeping up-to-date can result in the CMS being suddenly shut off for security reasons if it is found to be compromised.

2. After the initial install YOU are responsible for any updates to the CMS software and any plugins you install. This is critical as there are often security patches released on a regular basis. CMS systems are notorious for security problems and MUST be patched regularly.

3. If you will have people create their own accounts on the CMS, please install a captcha system, like ReCaptcha, which will prevent automated creation of malicious accounts. Otherwise, unauthorized users may gain access to your site resulting in security problems. Captcha plugins are available for many CMS's.

4. Since ensuring the CMS is kept up-to-date and running the latest release is your responsibility as the application administrator, we recommend subscribing to the relevant CMS updates to be sure you are notified of new releases. The following are the locations of security updates for popular CMS's.

5. Here are a few other good URL's to keep on-hand that can help you configure your CMS in a secure way:

If any website hardening tips require access you don't have, just ask and we'll help.