Improve the security of the website folder

Last updated Friday, February 26, 2016 in Sitecore Experience Platform for Developer, Administrator

After you install Sitecore, you can increase the security if you place the following folders outside the /Website root folder:

  • /data
  • /indexes

Important

After moving the /data folder, you must edit the Sitecore.config file to point to the new location and configure the permissions for the ASP.NET requests.

Depending on how you install Sitecore, the folders may already be located outside the /Website folder. If you install Sitecore using:

  • The installation program, then the /data folder is created outside the website root folder and the Sitecore.config file is edited to point to this location. The /indexes folder is placed in the /data folder.

    This is the recommended configuration and you do not need to make any changes.

  • A .zip file, then the /data folder is created outside the website root folder, but the Sitecore.config file is not edited to point to this location. The /indexes folder is placed in the /data folder. When you run Sitecore for the first time, it creates another /data folder in the /Website folder.

    If you choose to install in this way, you should also edit the Sitecore.config file to point to the correct location.

    The Sitecore.config file should look like this:

      <sitecore database="SqlServer">
        <sc.variable name="dataFolder" value="C:\Inetpub\wwwroot\SitecoreWebsite\data\" />
        <sc.variable name="mediaFolder" value="/upload" />
        <sc.variable name="tempFolder" value="/temp" />
Send feedback about the documentation to docsite@sitecore.net.