TYPO3 Logo
TYPO3 Security Guide
Release: 8.7

Loading data.

  • Introduction
    • About this document
    • History
    • Credits
    • Feedback
    • Target audience
  • The TYPO3 Security Team
    • Contact information
    • Incident handling
  • General Information
    • TYPO3 CMS versions and lifecycle
    • Difference between core and extensions
    • Announcement of updates and security fixes
    • Security bulletins
  • Types of Security Threats
    • Information disclosure
    • Identity theft
    • SQL injection
    • Code injection
    • Authorization bypass
    • Cross Site Scripting (XSS)
    • Cross Site Request Forgery (XSRF)
  • General Guidelines
    • Secure passwords
    • Operating system and browser version
    • Communication
    • React quickly
    • Keep the TYPO3 core up-to-date
    • Keep TYPO3 extensions up-to-date
    • Use staging servers for developments and tests
  • Guidelines for System Administrators
    • Role definition
    • General rules
    • Integrity of TYPO3 packages
    • File/directory permissions
    • Restrict access to files on a server-level
    • Directory indexing
    • Database access
    • Encrypted client/server communication
    • Other services
    • Further actions
  • Guidelines for TYPO3 Integrators
    • Role definition
    • General rules
    • Install Tool
    • Encryption key
    • Global TYPO3 configuration options
    • Security-related warnings after login
    • Reports and Logs
    • Users and access privileges
    • TYPO3 extensions
    • TypoScript
    • Content elements
  • Guidelines for Editors
    • Role definition
    • General rules
    • Backend access
    • Restriction to required functions
    • Secure connection
    • Logout
  • Backup Strategy
    • Components included in the backups
    • Time plan and retention time
    • Backup location
    • Further considerations
  • Detect, Analyze and Repair a Hacked Site
    • Detect a hacked website
    • Take the website offline
    • Analyze
    • Repair/restore
    • Further actions

PAGE CONTENTS

  • Security-related warnings after login
  1. Start
  2. Guidelines for TYPO3 Integrators
  3. Security-related warnings after login
View source How to edit Edit on GitHub

Outdated TYPO3 Version

This documentation refers to an outdated TYPO3 version - either select a supported version or make sure to use a TYPO3 Extended Long Term Support (ELTS) version to continue getting security updates.

More information about ELTS

Security-related warnings after login¶

A TYPO3 integrator is responsible for the correct configuration of the TYPO3 system. Usually, an integrator has administrator privileges and logs in to the backend from time to time or regularly. If a user with administrator privileges accesses the system, TYPO3 CMS triggers some basic system checks and shows an error or warning message in a box right after the login.

These checks are for example: administrator user name and password (e.g. does the user still use the default password?), Install Tool password, etc.

If you, as an TYPO3 integrator, should ever come across those warnings, react immediately and update the appropriate setting (e.g. change the password).

  • Previous
  • Next
  • Issues
  • Repository

Last updated: Jun 21, 2016 14:31

Last rendered: Jul 22, 2021 19:10

TYPO3 Theme 4.6.2

© Copyright since 2011 by the TYPO3 Documentation Team
  • Legal Notice
  • Privacy Policy