Security is our number one priority with ProcessWire. Make it your number one priority too.
Beyond just using ProcessWire to power your site or application, a big part of maintaining good security involves securing your web server and file system, writing secure code in your template files, installing only the modules/plugins that you need, securing your admin panel, and adhering to security best practices. In this section we attempt to cover some of the more important aspects in maintaining a secure installation.
Securing file permissions
Getting your file permissions right is one of the most important factors in maintaining the security of your ProcessWire installation, particularly in non-dedicated/shared environments. Yet it’s also one of the most difficult to get right…
Securing your admin
Information on hiding your admin, preventing dictionary attacks, installing SSL certificates, keeping track of logins and more.
Web hosting security
When possible, your production sites running ProcessWire (or any CMS) should ideally be in a dedicated environment. This doesn’t necessarily mean a dedicated server…
Migrating to production
Unless the production server is a completely dedicated environment, don’t assume that what was safe on your development server will also be safe on the production server.
Remove unnecessary files
ProcessWire comes with several files that you will no longer need after installation.
Database-driven sessions offer potentially better security since the session information is not stored on the file system.
Running ProcessWire alongside other software
ProcessWire will happily run alongside almost any other PHP application, including other CMSs. However, security on your site will only be as good as the weakest link.
Third party modules
We can vouch for the security of the code that we write in the ProcessWire core, but we can’t vouch for the security of third party modules. Follow these guidelines to maximize your security with third party modules.
While ProcessWire handles a lot of the common security considerations before your template files are even loaded, you should also follow security best practices within your template files as you would in any other PHP framework.
No comments yet. Be the first to post!
Your e-mail is kept confidential and not included with your comment. Website is optional.