Sitecore security | Best practice guide for Sitecore security

Sitecore security

Sitecore security
21st July 2020
News and Insights

The Sitecore security model allows businesses to lockdown any part of their website to meet their business needs. Find out the advantages of this best of breed security model.

What is the Sitecore security model?

Out of the box, the Sitecore security model allows you to lockdown any part of your website that you desire and conversely allows you to relax these restrictions to meet your organisational needs.

‘That’s great’ you might be thinking, but how exactly do we do that? The answer comes in the form or Sitecore security accounts and domains.

What are Sitecore accounts?

Sitecore accounts are one of two things, either an actual user whom you set permissions on directly or a role which you can assign permissions to and then add associated users to this role, the latter being best practice and makes it simpler in the long run.

Sitecore does come with some predefined roles as standard, however, we would almost always recommend custom roles for your organisation as that gives you tailored roles that match your needs. This gives you the ability to add users to multiple roles and define their ability to see different parts of the content tree as an example.

Security domains on the other hand are another level of separation, whereby a collection is created of security accounts that have something logical in common. The easiest example is users who need to access Sitecore vs users who simply use the public website. These could be grouped logically into a Sitecore domain and an Extranet domain. This makes it even easier to manage each of these collections for high-level rules which you need to put in place.

Sitecore security best practice guidelines

At the start of any implementation of your Sitecore website, Sitecore security should be taken into consideration. By doing this you prevent issues from arising further down the line that could have been prevented with a small amount of planning upfront.

Having over 20 years’ experience of delivering hundreds of Sitecore best practice implementations, at Kagool, we’re well-versed in Sitecore security and its value to businesses. To help organisations get the most from Sitecore, our specialists have produced a set of guidelines that we use to help clients minimise any potential risks and maintain a safe and secure Sitecore website.

Sitecore security roles

Sitecore uses a role-based approach to security which is great in giving flexibility, however if not set up correctly, it can also lead to a less secure implementation than required. So, there are a few things to consider when setting these up and on an on-going basis.

Setting Sitecore permissions

An important part of Sitecore security is managing security permissions.

Here are some tips for setting security permissions in Sitecore:

  • Always assign roles to users (rather than assigning permissions directly to users)
  • Users can be assigned multiple roles
  • Remove inherited permissions rather than specifically denying access
  • Consider your security requirements when defining your Sitecore website architecture

Defining Roles and editorial workflow in Sitecore

Give the right people control over publishing the right content at the right time. Start by planning the workflow for content from ‘draft’ to ‘published’. Map a simple content workflow which determines who approves content and how many stages of approval there are. Add roles such as an “author” and an “approver” with the appropriate permissions. You can then assign these roles to different users.

Review Sitecore user accounts

Hopefully you never have disgruntled ex-employees. But, to be on the safe side it’s still a good idea to keep on top of your active user accounts. Consider introducing a step in your staff exit procedure that makes sure user accounts are disabled.  On top of that, a regular review of your active accounts is wise.

Focus on the Sitecore user accounts as a priority. But for general good housekeeping do a wider user account review. We have developed custom functionality for some of our customers to aid this process.

Access by default

Ask any Sitecore developer and they’ll know the password for the default admin user. So make sure that you either remove the default admin user completely or change the default password.

Strong Passwords

Consider implementing a requirement for complex passwords. You know the type that seem more like an endurance challenge? Yup, those.

In all seriousness, users are becoming more accustomed to this requirement. A few rules will encourage your users to have stronger passwords. For Sitecore security best practice, it’s not a bad idea to require a regular password change.

Don’t have too many administrators

Too many administrators are like too many cooks! Not everyone needs to be an administrator. Instead, create specific site administrator roles which can be configured accordingly.

It is rare that we give our customers full Sitecore administrator privileges. This prevents them from accidentally accessing elements that can disrupt the site such as changing templates. Overall, this gives them a simpler user experience.

Sitecore hardening

Sitecore have always maintained a set of instructions for every version of the software that they have released focused solely on how to ensure that your production instance of the website is as secure as possible from known threats. We see these as the following points.

Protect sensitive data

For great Sitecore security, reduce the chance of losing sensitive data. Make sure you secure connections (using https) to areas that communicate sensitive data.

Typical areas might be:

  • login pages (including the Sitecore login page)
  • basket, payment or checkout pages
  • pages with custom forms or other data capture methods

https connectivity in the latest versions of Sitecore is out of the box and enforced so all connections between pages and requests mean they are secure.

Sitecore needs proper configuration

Sitecore gives you a lot of flexibility and this can lead to complex configurations. During a previous project, we adopted a site that wasn’t encoding data as it should have. By adding a simple setting in the configuration, we made the site less vulnerable.

Hide the Sitecore master controls

In the interest of Sitecore security, it may not be ideal to operate from a single server.

If possible, separate your Sitecore instance into two servers:

  • A content management (CM) or authoring server
  • A content delivery (CD) server

This will have Sitecore licensing, hardware cost and Sitecore hosting implications. There are plenty of advantages. With this setup the authoring environment will remain hidden away. It may only be accessible on your internal network or restricted by IP address.

So, in a worst-case scenario, where an attack comprises your website, it wouldn’t affect the master database. The damage would be limited and recovery would be quicker.

Sitecore security technical tips

Safety in code

An application is only as safe as its code. Sitecore is a great foundation for your website. Code should follow coding standards and best practice to provide a “safe house”.

The basic principles any Sitecore development should follow are:

  • Validate all input
  • Sanitise data from third party systems
  • Don’t display error details publicly

Safety in numbers with load-balanced servers

Another precaution is using load-balanced servers.

The benefits to this are:

  • Scalability– You don’t need to worry how your infrastructure will cope with peaks in traffic. This setup makes it quicker and easier to add new load-balanced servers. Instead of migrating your entire site to a new, more powerful server.
  • Failover– If a server fails, there’s no need to panic. This Sitecore security measure will automatically transfer site traffic to your other working server(s).
  • Flexibility – Your site will still be available during planned maintenance windows. Code or software upgrades can be done to one server at a time (after putting in passive mode). The server can then be reactivated when the work is complete.

How can your organisation master Sitecore security?

At Kagool, our entire approach to enterprise website design begins with Sitecore security measures. We follow best practice to deliver easy-to-use, safe Sitecore websites to our customers.

If you’re having issues with your Sitecore implementation or your site performance, contact us about your requirements and to learn more about a Sitecore audit. If your business is considering Sitecore as a new platform and you’d like to know more, get in touch or book a demo, we’d love to help.