Preventing your MODX site from getting hacked

Please note: I have shifted my focus to Python/ Linux/ embedded development and am no longer accepting MODX or PHP projects. For MODX work, I recommend Grey Sky Media.

The easiest way to reduce the chance your MODX site will be hacked is to keep your site software up-to-date.

Why is this needed? As with any software, security vulnerabilities get discovered with MODX. The MODX security team fixes the vulnerabilities and releases new versions of MODX for FREE. By upgrading your site to the latest version whenever a security update is reported, you help seal the holes that allow hackers and viruses to get in.

Keep backups in either case: Whether you choose to install security updates or not, always back up your website regularly! Backups allow you to revert to the last non-hacked version of your site easily. As history shows us, no-one can be sure their server is absolutely hack-proof. 

How can I keep my site up-to-date?

You have several options:
  1. Request a site upgrade plan. I offer plans to upgrade your site every time there is a security update for a set monthly rate.
  2. Ask me to upgrade your site one time, for a one-time payment.
  3. Upgrade your site yourself. This is FREE. See the instructions lower down on this page.

How can I find out whenever a new security update is available?

You can sign up for email notifications or use the RSS feed. Make sure you know (or ask me) whether you have MODX Evolution or Revolution, because you can safely ignore security updates that do not apply to your version.

How can I upgrade my MODX software myself?

If you cannot afford to pay someone to upgrade your site, you can upgrade your MODX site yourself.

  1. First, find out whether your MODX site is Evolution or Revolution. Ask me if you are not sure!
  2. Evolution sites ONLY: download the latest version of MODX Evolution and follow these instructions on upgrading MODX Evolution sites. Extras that did not come with the base install must be upgraded manually by following the instructions from the author.
  3. Revolution sites ONLY: download the latest version of MODX Revolution and follow these instructions on upgrading MODX Revolution sites. Make sure to also update your packages afterwards. 
  4. TIP: To make Revolution upgrades easy: move your site to MODX Cloud, which provides one-click MODX upgrades and automatic backups. You still need to update the extras and check your site afterwards, though!
  5. After upgrading your site, check to make sure everything still works. It is rare, but sometimes custom scripts and certain extras need to be adjusted to work with new versions of MODX!

How do I back up my website?

Depending on your version of MODX and hosting server, I have already taught you how to back up your site. Ask me if you have questions or if you would like me to set up an automatic, off-server backup service for you. 

How often should I back up my website?

I recommend you download a backup of your website and database whenever you make any major changes to the website.

Having several backups over time allows you to recover the last non-hacked version of your site if your site becomes broken or compromised. Otherwise, you will only be able to recover an older version of the website. 

If your website stores new data regularly (such as purchases, form submissions, statistics, etc...), I strongly recommend you set up automatic, off-site, versioning backups to avoid data loss in the event a hacker or virus wipes out your data. Ask me about options for setting this up.

 

Posted on Sep 11, 2015 by Default Admin User