Attention
TYPO3 v11 has reached end-of-life as of October 31th 2024 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.
Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v11 here: TYPO3 ELTS.
Guidelines for System Administrators
General Rules
- Subscribe to the "TYPO3 Announce" mailing list at https://lists.typo3.org, so that you are informed about TYPO3 security bulletins and TYPO3 updates.
- React as soon as possible and update the relevant components of the site(s) when new vulnerabilities become public (e.g. security issues published in the mailing list).
- Use different passwords for the Install Tool and the backend login. Follow the guidelines for secure passwords in this document.
- If you are administrating several TYPO3 installations, use different passwords for all logins and components for every installation.
- Never use the same password for a TYPO3 installation and any other
service such as
FTP
,SSH
, etc. - Change the username and password of the "admin" account after the installation of TYPO3 immediately.
- If you are also responsible for the setup and configuration of TYPO3, follow the steps for TYPO3 integrators carefully, documented in the next chapter.
Further topics
Please see the chapters below for further security related topics of interest for administrators: