- Subscribe to the “TYPO3 Announce” mailing list at
http://lists.typo3.org , so that you are
informed about TYPO3 security bulletins and TYPO3 updates.
- React as soon as possible and update the relevant components of the
site(s) when new vulnerabilities become public (e.g. security issues
published in the mailing list).
- Use different passwords for the Install Tool and the backend login.
Follow the guidelines for secure passwords in this document.
- If you are administrating several TYPO3 installations, use different
passwords for all logins and components for every installation.
- Never use the same password for a TYPO3 installation and any other
service such as FTP, SSH, etc.
- Change the username and password of the “admin” account after the
installation of TYPO3 immediately.
- If you are also responsible for the setup and configuration of TYPO3,
follow the steps for TYPO3 integrators carefully, documented in the