Following the very large number of security vulnerabilities in CMS or modules in systems such as WordPress, Joomla, Drupal … we’ll give you some good steps to protect yourself against it;
1. Update your CMS and extensions / as often as possible module.
2. Use complex passwords (> 12 characters), never used before and change them from time to time.
3. Absolutely never use generic IDs as admin, webmaster, test, …
4. Do not install themes or modules from unknown sources, check the frequency of updates and popularity.
5. Protect yourself against SPAM in the comment fields, use Anti-SPAM / Captcha modules.
6. Disable listing directories without index with this directive in your .htaccess “Options -Indexes”.
7. Do not disable protection systems as mod_security.
8. Enable dual authentication .htaccess (basic auth) on identification pages.
The most popular CMS like WordPress and Joomla are currently being brute force attacked; some thousands of different IPs in the world will try to access these pages to try all possible combinations to recover the password.
Identification pages are constantly being forced by these botnets, and this causes often huge overconsumption of the CPU resources and access to MySQL databases. We applaud in passing the PrestaShop developers who demand during the installation of it to customize the folder name of the dashboard.
Once these tricks used, you should have more peace of mind and tranquility in terms of your sites.