Sitecore recommends that you follow all the security hardening instructions described in our documentation. In addition, the way you implement your Sitecore solution has a significant effect on the security of your website and it may require additional security-related coding and configuration.
Sitecore is not responsible for the security of any other software products that you use with your website. We strongly recommend that you install every available service pack and update for all of the software products that you use.
Sitecore follows all the security hardening recommendations for PaaS solutions by default.
General security recommendations
Although Sitecore can run on several different operating systems, we recommend that you use the newest operating systems, supported by Sitecore, with the most up-to-date security features. Use the Windows update/Automatic update service to keep all your client computers and servers up to date with the most recent security updates and service packs.
You should also create a disaster recovery plan to ensure the rapid resumption of services should a disaster occur. The recovery program should include:
- A plan for acquiring new or temporary equipment.
- A plan for restoring backups.
- Testing the recovery plan.
Change the administrator password
As an extra layer of protection, Sitecore recommends that you create a new administrator account, with a unique name, and delete the out-of-the-box administrator account.
Before you deploy your Sitecore installation, you must change the administrator password to a strong password. Changing the password prevents unauthorized users from using the default password to access the admin account.
Enforce a strong password policy
Sitecore leverages the Microsoft ASP.NET Membership Provider as the out-of-the-box user management system. Sitecore recommends that you change the password policies to one that works for your organization.
web.config file, in the
<membership> section, you can set the following properties:
For more information about these properties, see Microsoft’s documentation:
Separate your content management and content delivery servers
As part of a defence in depth strategy, you should aim to reduce the surface area of your deployment.
Sitecore therefore recommends that you deploy separate content management (internal only) and content delivery (internet facing) servers in a production environment. Furthermore, you should not expose your content management environment to the internet.
If you have to expose your content management environment to the internet, you must:
- Use HTTPS to secure the content management server.
- Consider using IP Filtering to allow only whitelisted clients to connect to the Content Management environment
- Consider using the Dynamic IP Address Restrictions feature that is available in IIS.
Protect the connectionstrings section in the web.config file
Sitecore stores sensitive information in the
web.config file in the
You should encrypt the
<connectionStrings> section to prevent this information from being exposed if the
web.config file is accessed without authorization.
The Microsoft ASP.NET IIS Registration Tool (
aspnet_regiis.exe) can be used to encrypt this section with the –pe or –pef options.
The Microsoft ASP.NET IIS Registration Tool uses the machine key to perform the encryption and therefore you must separately encrypt the
web.config file on each computer that you install Sitecore on.
For more information about ASP.NET IIS Registration Tool, see Microsoft’s documentation:
Join the Sitecore Security Notification mailing list
If you would like to receive security notifications by email, please sign-up for our security notifications.