Our best practice guide to Sitecore security
When building Sitecore websites, Sitecore security precautions should be in place from the start. This means you don’t experience any nasty problems with your installation down the road. We’ve put together these best practice guidelines to help you minimise any potential risks. And maintain a safe and secure Sitecore website.
Sitecore needs proper configuration
Sitecore gives you a lot of flexibility and this can lead to complex configurations. During a recent project, we adopted a site that wasn’t encoding data as it should have. By adding a simple setting in the configuration, we made the site less vulnerable.
Don’t forget the code
An application is only as safe as its code. Sitecore is a great foundation for your website. Code should follow coding standards and best practice to provide a “safe house”.
The basic principles any Sitecore development should follow are:
- Validate all input
- Sanitise data from third party systems
- Don’t display error details publicly
Protect sensitive data
For great Sitecore security, reduce the chance of losing sensitive data. Make sure you secure connections (using https) to areas that communicate sensitive data.
Typical areas might be:
- login pages (including the Sitecore login page)
- basket, payment or checkout pages
- pages with custom forms or other data capture methods
https connectivity can be easily configured in Sitecore on a page by page basis to keep the relevant pages protected.
Hide the Sitecore master controls
In the interest of Sitecore security, it may not be ideal to operate from a single server.
If possible, separate your Sitecore instance into two servers:
- A content management (CM) or authoring server
- A content delivery (CD) server
This will have Sitecore licensing, hardware cost and Sitecore hosting implications. There are plenty of advantages. With this setup the authoring environment will remain hidden away. It may only be accessible on your internal network or restricted by IP address.
So in a worst-case scenario, where an attack comprises your website, it wouldn’t affect the master database. The damage would be limited and recovery would be quicker.
Safety in numbers with load balanced servers
Another precaution is using load-balanced servers.
The benefits to this are:
- Scalability – You don’t need to worry how your infrastructure will cope with peaks in traffic. This setup makes it quicker and easier to add new load balanced servers. Instead of migrating your entire site to a new, more powerful server.
- Failover – If a server fails, there’s no need to panic. This Sitecore security measure will automatically transfer site traffic to your other working server(s).
- Flexibility – Your site will still be available during planned maintenance windows. Code or software upgrades can be done to one server at a time (after putting in passive mode). The server can then be reactivated when the work is complete.
Setting Sitecore permissions
An important part of Sitecore security is managing security permissions.
Here are some tips for setting security permissions in Sitecore:
- Always assign roles to users (rather than assigning permissions directly to users)
- Users can be assigned multiple roles
- Remove inherited permissions rather than specifically denying access
- Consider your security requirements when defining your Sitecore website architecture
Defining Roles and editorial workflow in Sitecore
Give the right people control over publishing the right content at the right time. Start by planning the workflow for content from ‘draft’ to ‘published’. Map a simple content workflow which determines who approves content and how many stages of approval there are. Add roles such as an “author” and an “approver” with the appropriate permissions. You can then assign these roles to different users.
Review Sitecore user accounts
Hopefully you never have disgruntled ex-employees. But it’s still a good idea to keep on top of your active user accounts. Consider introducing a step in your staff exit procedure that makes sure user accounts are disabled. On top of that, a regular review of your active accounts is wise.
Focus on the Sitecore user accounts as a priority. But for general good housekeeping do a wider user account review. We have developed custom functionality for some of our customers to aid this process.
Access by default
Ask any Sitecore developer and they’ll know the password for the default admin user. So make sure that you either remove the default admin user completely or change the default password.
Consider implementing a requirement for complex passwords. You know the type that seem more like an endurance challenge? Yup, those.
In all seriousness, users are becoming more accustomed to this requirement. A few rules will encourage your users to have stronger passwords. And for Sitecore security best practice, it’s not a bad idea to require a regular password change.
Don’t have too many administrators
Too many administrators are like too many cooks! Not everyone needs to be an administrator. Instead, create specific site administrator roles which can be configured accordingly.
It is rare that we give our customers’ full Sitecore administrator privileges. This prevents them from accidentally accessing elements that can disrupt the site such as changing templates. Overall, this gives them a simpler user experience.
How we help you master Sitecore security
If you’re having issues with your Sitecore implementation or your site performance, talk to us about a Sitecore audit. If you’re new to Sitecore and want to know more, we can give you a free Sitecore demo.