Return to doc.sitecore.com

Valid for Sitecore 6.x
Security Hardening Guide

Audience: Administrators, Developers.

This document is designed to help you make your Sitecore installation as secure as possible and contains details of our best practices and recommendations for ensuring that your Sitecore installation is a secure as possible.

To download the document, click one of the below links.
Sitecore CMS 6.5-6.6 versions:

Sitecore CMS 6.0-6.4 versions:

The following zip file contains the Security Hardening Guide in Pdf format and a Sitecore package that contains the Upload Filter-1.0.0.2 tool that is explained in the Security Hardening Guide. Download this zip file to get access to both the Security Hardening Guide and the tool.

Table of Contents (valid for Sitecore CMS 6.0-6.4)

Introduction 
    Secure Software
        General Recommendations
Security Settings
    Security Settings
    Limiting Access to .XML, .XSLT, and .MRT Files
    Protecting Folders in the IIS
        Limiting Anonymous Access to Folders in IIS 6       
        Limiting Anonymous Access to Folders in IIS 7
    The Structure of the Website Folder
    Turn off Auto Complete of Username in the Login Page
    Controlling File Upload
    Disabling the Upload Watcher
    The Upload Filter Tool
            Installing the Upload Filter Tool
            Configuring the Upload Filter Tool
    Security and Client RSS Feeds
        Disabling Client RSS Feeds
    Recommended Reading
        Other Resources