Security guidelines This chapter describes some typical risks and advises how to protect a TYPO3 site in order to ensure it is and stays secure and stable. Introduction The TYPO3 Security Team General Information Types of Security Threats General guidelines Guidelines for System Administrators Role Definition Integrity of TYPO3 Packages File/directory permissions Restrict access to files on a server-level Disable directory indexing File extension handling Content security policy Database access Encrypted Client/server Communication Other Services Further Actions Guidelines for extension development Guidelines for TYPO3 integrators Install tool Global TYPO3 configuration options Security-related warnings after login Reports and logs Users and access privileges TYPO3 extensions TypoScript Content elements Guidelines for editors Backup strategy Detect, analyze and repair a hacked site Detect a hacked website Take the website offline Analyzing a hacked site Repair/restore Further actions