![]() It will run its data through HTML Purifier on save. If you’re using the Redactor plugin, you should make sure the “Purify HTML?” Rich Text field setting is enabled. Enable all “Purify HTML?” Redactor field settings # Ideally, front-end traffic should use SSL, especially whenever sensitive information needs to be transmitted to/from the server. Once you have one in place, you should, at a minimum, enforce that all control panel traffic gets sent over SSL. If you don’t already have an SSL certificate, talk to your host about getting one installed. Install an SSL certificate and enforce it # You should explicitly set the alias to the site’s domain to help avoid host header attacks on loosely configured web servers. ![]() Setting this to false makes production a more predictable and stable environment, and it prevents a host of potential security concerns should an administrator account be compromised. The Settings and Plugin Store sections are hidden, the Craft edition and Craft/plugin versions will be locked, and the project config will become read-only. Set allowAdminChanges to false in production #īy setting allowAdminChanges to false in production, it disables even administrators from making Craft system settings changes in production. htaccess/web.config files, you’ll need to take extra steps to secure the files. htaccess and a web.config file that denies access, but if you’re using Nginx or Apache/IIS isn’t configured to parse. If you have to put your source folder in webroot, you should ensure that users cannot directly access the contents of any files/folders in that folder. If you used the Composer starter Craft project and haven’t modified the folder structure, you are already covered. ![]() The safest way to ensure that Craft’s PHP files and other sensitive information are not directly accessible over HTTP traffic is to put your project’s source folder above your webroot. Place your project’s source folder above your webroot # Do not enable Dev Mode in a production environment #ĭev Mode is meant to help during local development and should not be enabled on a production environment, where it can cause a wide range of security issues. There are many things that you should do to ensure your Craft install is as secure as possible. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |