:navigation-title: System Administrators .. include:: /Includes.rst.txt .. index:: Security guidelines; Administrators .. _security-administrators: ============================================= Security guidelines for system administrators ============================================= #. Follow the `TYPO3 Security Advisories `_. Subscribe to the advisories via mailing list or RSS feed. #. Update the TYPO3 Core or any affected third-party extensions as soon as possible after security fixes are released. #. Use individual account names. Do not share accounts. For example, administrator and system maintainer account names should be something like `john.doe`. Do not use general usernames like "admin". #. Use different passwords for the `Install Tool `_ and your personal backend login. Do not reuse passwords across multiple TYPO3 installations. #. Follow the guidelines for `secure passwords `_ in this document. Implement secure `password policies `_. #. Never use the same password for a TYPO3 installation and other services such as FTP, SSH, etc. #. If you are responsible for the setup and configuration of TYPO3, carefully follow the `Guidelines for TYPO3 integrators `_ which are documented in the next chapter. Please refer to the chapters below for security-related topics of interest to administrators: .. toctree:: :caption: Further topics :titlesonly: RoleDefinition IntegrityOfTypo3Packages FileDirectoryPermissions RestrictAccessToFiles DirectoryIndexing FileExtensionHandling ContentSecurityPolicy DatabaseAccess Backups EncryptedCommunication OtherServices FurtherActions