Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,143,163 members, 7,780,150 topics. Date: Thursday, 28 March 2024 at 10:14 AM

How to safely update your content management system - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / How to safely update your content management system (434 Views)

Which Content Management System Is Good For Blogging / Website Security: A General Guide To Protect Your Content Management System / How To Report A High Ranking Blog That Stole Your Content (2) (3) (4)

(1) (Reply)

How to safely update your content management system by todhost(m): 1:01am On Aug 22, 2016
Source: https://www.todhost.com/knowledgebase/818/A-General-guide-to-Safe-Website-Updating.html

Regular website update is recommended for security and improved website performance. Definitely, before a new version of software is released, there are some bugs and improvements that are fixed on the older version. The new version is expected to be better and more user friendly than the old. So running a website update is not suppose to be optional but a highly recommended practice.

On one of the client websites hosted on Todhost, we have found that the website had been updated to the latest software version without a corresponding update on the modules, plugins and components. This created a functionality issue for the database as some of the plugins are not compatible with the newer versions of the software.

The client runs on Joomla and you will remember that Joomla had made public some bugs which has forced nearly over 90 percent of users to upgrade to a perceived safe version. At Todhost, we have been designing with Joomla for over 6 years and we have also been compelled to run upgrades given the alarm raised about the security of running an outdated version.

How Does This Problem Affect You

This kind of problem could occur if you have setup your website using custom setup or installations or you have installed some third party extensions for some reasons. So there are four considerations you need to make before deciding on running an update for your software:

1. Do you have some custom extensions that would require update following your new and planned upgrade.
2. Is your website dashboard showing that there is need to update extensions – plugins, modules or components?
3. Will there be need to change some settings, say php settings, to get your new installation to function properly and will these changes affect the functionality of installed extensions.
4. Will your upgrade be compatible with your website templates?

What’s The Safe Approach

You will simply need to check up updates for your extensions - plugins modules or components and be sure there is no extension requiring an update. If you find any, simply hang on and do not continue with an upgrade of the core installation. Ensure that you have access to the latest version of every extension on your database before you proceed.

What About Old and Outdated Extensions?

Yes! There are extensions that have not been updated by the developers and they have become outdated. You will simply need to uninstall all such extensions and install an up to date extension. Outdated extensions can create complex problems including a white screen of death error, spam email sending, high load issues and even a hack can be possible with a bad extension. Be careful in choosing extensions from the outset and it is recommended that you look up user reviews before you decide on any extension.

Monitor Updates on Your CMS

Joomla
The latest version of Joomla will display updates on the backend dashboard. This will alerst you on any latest updates regarding new version releases and extensions that need to be updated.

WordPress
Sometimes you may know that a theme or plugin has an update available, but you don’t see it in your dashboard. This tends to happen more with commercial themes/plugins that rely on their own update systems.

If this is happening to you, there’s a simple way you can force the update to show. To force an update check, install and activate the Force Plugin Updates Check plugin. This plugin works for both plugins and themes. Once activated, hover over the updates icon in the toolbar, and click on the new Check for Plugin Updates link. The page will refresh and any available updates will be found. It’s as simple as that.

Other CMSs
There are procedures to update all other Content Management Systems and you need to follow the recommended path to perform relevant updates.

How to Identify a Bad Plugin or Extension
Here are some simple guides to identifying a bad extension.
1. Test it on a trial site. May be you can use localhost to test it and see how it performs.
2. Be weary of requests to do a favorable review before you can download and install. In fact any request for a review for a review before you can download or use or have access to certain functionality should be suspicious and we will recommend you drop such extensions.
3. Check up user reviews for any extension you intend to use. This is the most reliable way to know how safe it is to use an extension. Be mindful of functionality complaints and separate it from complaints about not getting the expected support. Most free extensions do not come with regular support and so poor support for any free extension will be sufficient basis to discredit the extension.

Know How to Un-Install a Bad Extension

It is pretty good to arm yourself with this knowledge. Sometimes, you need to unstall a bad or malfunctioning plugin and you find that you just can’t do it. You will need to know how to do it manually. Generally, all un-installation of extensions should be possible within the backend dashboard area. It does not matter the script involved, WordPress, Joomla, Magento and a lot of others. You can uninstall them from their backend.

But there are actually times when you find that unistalling them from the admin area is just not possible. This happens with bad extensions and your solution will be to do the un-installation manually. Follow these steps to uninstall an extension manually. Please note that the suggested steps do not always apply to all website development scripts. They will apply to WordPress and Joomla and a whole lot of others but definitely not to all of them. Now, follow these steps to un-install an extension manually:

1. Locate the folder into which the extension had been installed. It could be in the plugin, module or plugin folder.
2. Open the folder and locate the name of the extension. You will have to be very sure of the folder name so you do not do damage to another useful extension.
3. Rename the relevant folder name once you are able to confirm it is the folder you actually desire to disable.

Website Security Issues

Now, we have recommended that you be mindful of updating when you are not sure of having everything updated. We have also noted the risks associated with running outdated plugins, modules and components. It has also been said that running updates can affect the functionality of templates and other aspects of your website.

So, essentially, when running custom plugins, modules and components, the safe path appear to see how one can stay safe with current versions. A classic example will be a situation where you have bought a WordPress template which includes the full installs and custom plugins. After a period, your subscription runs out and do not see the need to renew or simply does not have the means to do so. How do you now manage the newer updates on WordPress?

Website Security Suggestions

There is one approach we have used to strengthen the security of websites which has helped to keep all the websites safe from external intrusion or compromise. We have used a small file called the .htaccess file.
With the .htaccess file, we have been able to use the rule for access restriction to protect every folder to which we do not want to allow public access or we feel that allowing access to them could a security breach. In some cases, we have restricted access to all folders apart from the image folder.

Below is a sample code you could place in the .htaccess to secure it from unpermitted access:
order deny,allow
allow from 28.206.
allow from 20.74.121.102
allow from 308.74.121.106
allow from 108.74.120.227
allow from 180.229.24.78
allow from 19.211.
deny from all

When you create a.htaccess file in each folder and place these codes in it, you actually deny access to the IP addresses not listed in the code. That way, unpermitted access is not allowed.

General Security Guide for Every Website

1. Be password-savvy: This is an issue that has been re-emphasized over and over again. If your password is still “Password@123,” it’s time to get serious. Create unique codes for each of your accounts, and make sure they’re at least 8 characters long (with a few special ones thrown in). I suggest you use the cpanel password generator if you have access to your website control panel.

2. The security of your email is as important as that of your website. This is because every website is always linked to an email address. Ths is one key area that has been neglected but it's as important as the other items. However, it should also be mentioned that most website hacks have not been linked to weak email passwords. I will still recommend you take your email security important to be protected all round from those who will go all out.

3. Encrypt emails and valuable information. If a hacker does breach your system, encryption makes it that much harder to get away with critical data. Voltage, DataMotion, and Proofpoint are industry leaders worth checking out.

4. Back up your data: Copying your key company data onto a cloud-based system, such as Dropbox or OneDrive, or a USB hard drive takes minutes, and will save you time and anxiety if your system is ever compromised.

5. Maintain updates: This is an aspect that hed been neglected by many. It is important that you check for updates daily on your most critical websites to be able to take action as quickly as possible once there be need for an update. Always ensure that your keep your website up-to-date especially if you run a content management system. Keeping your system updated with the most recent software updates will help you overcome expolitation associated with discovered vulnerabilities.

6. Finally, you will need to check up specific security suggestions associated with your website design tools so that you can implement relevant security advices. The popular website design tools are WordPress, Drupal, Joomla, Magento, OsCommerce, (not in order of popularity). Check specific security guides for these applications to stay safe.

Hope this post was helpful. Please share with others using the Facebook, Twitter and other social sharing links on the page. Remember to share views and suggestions in the comment box below.

Read more: https://www.todhost.com/knowledgebase/818/A-General-guide-to-Safe-Website-Updating.html

(1) (Reply)

Web Designer Needed In Ughelli Delta State / An Angry Open Letter To Aspiring Bloggers / Naija Way Of Blogging (January To December)

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 31
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.