All “general rules” for a system administrator also apply for a TYPO3 integrator. One of the most important rules is to change the username and password of the “admin” account immediately after a TYPO3 CMS system was handed over from a system administrator to an integrator, if not already done. The same applies to the Install Tool password, see below.
In addition, the following general rules apply for a TYPO3 integrator:
- Ensure backend users only have the permissions they need to do their work, nothing more – and especially no administrator privileges, see explanations below.
- Ensure, the TYPO3 sites they are responsible for, always run a stable and secure TYPO3 core version and always contain secure extensions (integrators update them immediately if a vulnerability has been discovered).
- Stay informed about TYPO3 core updates. Integrators should know the changes when new TYPO3 major versions are released and should be aware of the impacts and risks of an update.
- Integrators check for extension updates regularly and/or they know how to configure a TYPO3 system to notify them about new extension versions.