.. include:: ../../Includes.txt


.. _about:

About this document
^^^^^^^^^^^^^^^^^^^

Security is taken very seriously by the core developers of TYPO3 projects
and especially by the members of the official TYPO3 Security Team. It is
also in the interest of system administrators, website owners, editors
and everybody who is responsible for a TYPO3 site, to protect the site
and its content against various threats. This document describes some
typical risks and advises on how to protect a TYPO3 site in order to
ensure it is and stays secure and stable.

The terminology "TYPO3" used in this document refers to the TYPO3 family
including TYPO3 CMS and TYPO3 Neos. This version of the document focuses
on TYPO3 CMS. However, a lot of information also apply to TYPO3 Neos and
some of the general advices are also relevant for other content managing
websites. If it is not clear from the context, which specific project
(TYPO3 CMS or TYPO3 Neos) the word "TYPO3" in this document refers to,
please assume TYPO3 CMS.

This guide also explains how the TYPO3 Security Team deals with
incidents, how security bulletins and security updates are published
and how system administrators should react when their system has been
compromised.

It replaced the "TYPO3 Security Cookbook" published in 2006, without being
a simple checklist but a comprehensive guide how to ensure and maintain
security of a TYPO3 instance.

It is important to understand that security is not a condition –
security is a process with ongoing tasks and regular reviews are
essential.