Outdated TYPO3 Version
This documentation refers to an outdated TYPO3 version - either select a supported version or make sure to use a TYPO3 Extended Long Term Support (ELTS) version to continue getting security updates.
General rules¶
- Subscribe to the “TYPO3 Announce” mailing list at http://lists.typo3.org , so that you are informed about TYPO3 security bulletins and TYPO3 updates.
- React as soon as possible and update the relevant components of the site(s) when new vulnerabilities become public (e.g. security issues published in the mailing list).
- Use different passwords for the Install Tool and the backend login. Follow the guidelines for secure passwords in this document.
- If you are administrating several TYPO3 installations, use different passwords for all logins and components for every installation.
- Never use the same password for a TYPO3 installation and any other service such as FTP, SSH, etc.
- Change the username and password of the “admin” account after the installation of TYPO3 immediately.
- If you are also responsible for the setup and configuration of TYPO3, follow the steps for TYPO3 integrators carefully, documented in the next chapter.