Content Management Systems And Review Of WordPress Security In Terms Of Data Protection

Year 2022, Volume: 4 Issue: 1, 44 - 65, 29.06.2022

Hüseyin Çakır Murat Taşer

https://doi.org/10.53694/bited.1082095

Abstract

Today, Content Management Systems (CMS) is widely used by many institutions and companies, mainly small and medium-sized institutions. When it examine the reasons behind this, It be come across data based on the cost-performance relationship. However, since the widespread use of these systems started to attract attention in the digital world, threats have also increased. These systems are targets of mass attack by hackers who want to exploit the associated vulnerabilities. When it is not maintained regularly, a security framework is not drawn according to risk analysis, it is developed by a company or freelancers who are not technically competent; The same robustness and reliability may not apply to the WordPress site. For this study, a sample Web CMS was created, the dangers waiting for the content and data were discussed, an answer was tried to be sought for the problems that occurred, a result evaluation was made by making use of the findings obtained in the light of these answers in order to protect the data and minimize the risks. With particular emphasis on the security framework, the main lines of what should be done at the point of data protection have been determined.

Keywords

Content Management Systems, WordPress, Content, Data, Security

İçerik Yönetim Sistemleri Ve Veri Koruma Çerçevesinde WordPress Güvenliğinin İncelenmesi

Abstract

Günümüzde küçük ve orta ölçekli kurumlar ağırlıklı olmak üzere, birçok kurum ve şirket tarafından İçerik Yönetim Sistemleri (İYS) yaygın bir şekilde kullanılmaktadır. Bunun altında yatan gerekçeler incelendiğinde, maliyet-performans ilişkisine dayalı verilerle karşılaşılmaktadır. Fakat bu sistemlerin yaygın bir şekilde kullanılması dijital dünyada dikkat çekmeye başladığı andan itibaren tehdit unsurları da artmış bulunmaktadır. Bu sistemler, bağlantılı güvenlik açıklarından yararlanmak isteyen bilgisayar korsanlarının toplu saldırı hedefleridirler. Düzenli bakım yapılmadığında, risk analizlerine göre bir güvenlik çerçevesi çizilmediğinde, teknik anlamda yeterli olmayan bir şirket veya serbest çalışanlar (freelance) tarafından geliştirildiğinde; WordPress sitesi için aynı sağlamlık ve güvenilirlik geçerli olmayabilir. Bu çalışma için örnek bir Web İYS oluşturulmuş, içerik ve verileri bekleyen tehlikeler ele alınmış, oluşan problemlere yanıt aranmaya çalışılmış, verileri korumak ve riskleri en aza indirgemek için bu yanıtlar ışığında elde edilen bulgulardan faydalanılarak bir sonuç değerlendirmesi yapılmıştır. Özellikle güvenlik çerçevesi üzerinde durularak, veri koruma noktasında neler yapılması gerektiğine dair ana hatlar belirlenmiştir.

Keywords

İçerik Yönetim Sistemleri, WordPress, İçerik, Veri, Güvenlik

References

• Abela, R. (2020, Mart). How to Hide the WordPress Version from the Generator Meta Tag. https://www.wpwhitesecurity.com/hidewordpress-version-number adresinden elde edildi.
• Amsler, S., & Churchville, F. (2021, Mart). Content management system (CMS). https://searchcontentmanagement. techtarget.com/definition/content-management-system-CMS? adresinden elde edildi.
• Aslam, N. (2019, Mayıs). 8 Easy Methods To Prevent Image Hotlinking In WordPress. http://www.enquerer.com/8-easy-methods-to-prevent-image-hotlinking-in-wordpress adresinden elde edildi.
• Bartley, M. (2020, Ocak). How to Disable XML-RPC for Better WordPress Security. https://blogvault.net/ wordpress-disable-xmlrpc adresinden elde edildi. Belani, G. (2019, Eylül). Ultimate Guide to WordPress Salts and Security Keys. https://www.wpexplorer.com/ wordpress-salts-security-keys/ adresinden elde edildi.
• Bogdanovic, M. (2020, Eylül). How to Disable WordPress Theme and Plugin Editors from Admin Panel. https://qodeinteractive.com/magazine/disable-wordpress-theme-and-plugin-editors/ adresinden elde edildi.
• Boiko B. (2005). Content management bible, John Wiley & Sons.
• CodeInWP, (2021, Ekim). 25 Simple WordPress Security Tricks to Keep Your Website Safe in 2020. https://www.codeinwp.com/blog/secure-your-wordpress-website adresinden elde edildi.
• Collins H. (2003). Enterprise knowledge portals: next-generation portal solutions for dynamic information access, better decision making and maximum results, Amacom Books.
• Duò, M. (2021, Mart). How to Find Your WordPress Login URL (Change It, Lock It Down). https://kinsta.com/ blog/wordpress-login-url adresinden elde edildi.
• Hallikainen P., Kivijarvi H. & Nurmimaki, K. (2002). Evaluating strategic IT investments: an assessment of investment alternatives for a web content management system. In Proceedings of the 35th Annual Hawaii International Conference on System Sciences, 2977-2986.
• Holcombe, J. (2021, Mart). How To Check For Security Updates in WordPress. https://www.greengeeks.com /tutorials/article/check-for-security-updates-in-wordpress adresinden elde edildi.
• Hughes, J. (2019, Aralık). Wordpress DDOS Protection:5 Methods to Secure Your Website. https://themeisle.com/blog/wordpress-ddos-protection adresinden elde edildi.
• Jackson, B. (2021, Ekim). 17 Best WordPress Security Plugins to Lock out the Bad Guys. https://kinsta.com/blog/ wordpress-security-plugins/ adresinden elde edildi.
• Kinsta, (2020, Eylül). What Is a Content Management System (CMS)?. https://kinsta.com/knowledgebase/content-management-system/ adresinden elde edildi.
• Kohan, B. (2010, Kasım). What is a Content Management System (CMS)?. https://www.comentum.com/what-is-cms-content-management-system.html adresinden elde edildi.
• Paivarinta T. & Munkvold B. E., “Enterprise content management: an integrated perspective on information management”, In Proceedings of the 38th Annual Hawaii International Conference on System Sciences, 96-96, (2005).
• Paulsen, K. (2012). Moving media storage technologies: application & workflows for video and media server platforms, Routledge.
• Ray, J. (2018, Aralık). How to Add HTTP Security Headers in WordPress. https://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/how-add-http-security-headers-wordpress adresinden elde edildi.
• Rockley A., Kostur P. & Manning S., “Managing enterprise content: A unified content strategy”, New Riders, (2003). Smith, H. A. & McKeen, J. D. (2003). Developments in practice VIII: Enterprise content management, The Communications of the Association for Information Systems, 11(1), 41.
• Vetch P. (2006). The Content Management Handbook, Martin White.
• WordPress, (2021a, Mart). Two Step Authentication. https://wordpress.org/support/article/two-step-authentication adresinden elde edildi.
• WordPress, (2021b, Mart). WordPress Backups. https://wordpress.org/support/article/wordpressbackups adresinden elde edildi.
• WPBeginner, (2017c, Mayıs). 12 Most Useful .htaccess Tricks for WordPress. https://www.wpbeginner.com/wp-tutorials/9-most-useful-htaccess-tricks-for-wordpress adresinden elde edildi.
• WPBeginner, (2019b, Mayıs). How to Properly Move WordPress from HTTP to HTTPS (Beginner’s Guide). https://www.wpbeginner.com/wp-tutorials/how-to-add-ssl-and-https-in-wordpress/ adresinden elde edildi.
• WPBeginner, (2021a, Ocak). The Ultimate WordPress Security Guide – Step by Step. https://www.wpbeginner.com/wordpress-security adresinden elde edildi.
• Wright, K. (2019, Ağustos). WordPress File Permissions: A Guide to Securing Your Website. https://ithemes.com/ wordpress-file-permissions/ adresinden elde edildi.