{"id":2349,"date":"2019-02-15T15:40:27","date_gmt":"2019-02-15T10:10:27","guid":{"rendered":"https:\/\/www.idslogic.com\/blog\/?p=2349"},"modified":"2025-02-25T12:10:38","modified_gmt":"2025-02-25T06:40:38","slug":"how-to-super-secure-your-sitefinity-cms-website-and-be-safe","status":"publish","type":"post","link":"https:\/\/www.idslogic.com\/blog\/how-to-super-secure-your-sitefinity-cms-website-and-be-safe","title":{"rendered":"How to Super Secure Your Sitefinity CMS Website and Be Safe"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Security has always been one of the most important features of any web application or Sitefinity CMS application. Sitefinity implements security that is based on the ASP.Net model and the prime goal behind this decision is that the <span style=\"color: #ff0000;\">ASP.NET developers<\/span> should always feel comfortable while working with the security API.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">The Sitefinity CMS Administrative Web Interface is accessed with \/Sitefinity to the website URL. It is then that the users are asked to provide a specific and valid username and password that helps to gain access to the CMS. Since in the past few years there has been an increasing trend of cyber attacks, security has become a high priority item on any organization\u2019s agenda.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">In this blog, we will discuss how you can add some extra layers of security to your <span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/www.idslogic.com\/sitefinity-development\/\">Sitefinity development<\/a> <\/span>process and backend login page by using some of the out of the box security features and ASP.NET mechanism and protect your data and your site.<\/span><\/p>\n<p><span style=\"color: #008000; font-size: 18pt;\"><strong>Create a Strong Password Policy: <\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">With plenty of password cracking tools available that will help to create variations, it is now easier to create various login attempts. And within several hours or days, such automated tools will finally stumble over a valid password and pick the right one for the attack. Here are some important password guidelines:<\/span><\/p>\n<ol>\n<li><span style=\"font-size: 14pt;\">Your password should be of at least 8 characters long and the longer the better.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">It should be a mixture of letters and numbers<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">It should be of mixed case<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">It should not be a common word that is very easy to guess<\/span><\/li>\n<\/ol>\n<p><span style=\"font-size: 14pt;\">A good password often makes it very difficult to choose the right combination of letters or numbers. \u00a0The first step that can be taken to protect your Sitefinity website is to choose a strong password policy so that you can also have a complete control on the password policy settings on a membership provider level.<\/span><\/p>\n<hr \/>\n<p><span style=\"color: #008000; font-size: 18pt;\"><strong>Add a Server Signing Certification for the IdentityServer: <\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sitefinity CMS comes with a lot of out of the box features like IdentityServer. This has brought a lot of flexibility and security improvements. By default, Sitefinity uses a X509 certificate that helps to sign the identity and also JWT access tokens that are issued by the IdentityServer.<\/span><\/p>\n<p><a href=\"https:\/\/www.idslogic.com\/dedicated-sitefinity-developer\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-2971 size-full\" src=\"https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer.png\" alt=\"Hire Sitefinity Developer\" width=\"790\" height=\"94\" srcset=\"https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer.png 790w, https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer-300x36.png 300w, https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer-768x91.png 768w, https:\/\/www.idslogic.com\/blog\/wp-content\/uploads\/2017\/02\/Hire-Sitefinity-Developer-560x67.png 560w\" sizes=\"auto, (max-width: 790px) 100vw, 790px\" \/><\/a><\/p>\n<p><span style=\"font-size: 14pt;\"><br \/>\nThis helps to prevent the attackers from counterfeiting the security tokens that helps to gain unauthorized access to the federated resources. You can also configure your website to your own private certificate instead of using the default one.<\/span><\/p>\n<hr \/>\n<p><span style=\"color: #008000; font-size: 18pt;\"><strong>Turn Off the Auto-Complete Option for the Login Page: <\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Autocomplete option often comes handy for the developers since they don\u2019t want to bother remembering the password and the username that is created. Once it is in production, it is better to instruct the browsers not to consider the autocomplete option.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">However, the username field is of great importance as an attacker who is exploiting the autocomplete option can easily achieve the privacy violations via harvesting email addresses or username. Sitefinity allows you to easily customize the backend login page and set the autocomplete as off for the input fields or the form.<\/span><\/p>\n<hr \/>\n<p><span style=\"color: #008000; font-size: 18pt;\"><strong>Leverage the Web Security Module:<\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sitefinity CMS offers a powerful Web Security Module and it comes with a fine tuned security setting and this was introduced in version 11.\u00a0 In case you have not activated the security module, then go ahead with it as it offers advanced protection against MITM, content sniffing, XSS and etc.<\/span><\/p>\n<blockquote>\n<p style=\"box-shadow: 0 0 16px #cccccc; padding: 10px;\"><span style=\"font-size: 14pt;\"><span style=\"color: #800000;\"><strong>Related Blog:<\/strong><\/span>\u00a0<a href=\"\/blog\/how-to-make-sitefinity-backend-more-secure\"><span style=\"color: #ff0000;\">How to Make Sitefinity Backend More Secure<\/span><\/a><\/span><\/p>\n<\/blockquote>\n<hr \/>\n<div class=\"newsletter_form\">\n<h2>Sign up our Newsletter!<\/h2>\n<div class=\"emaillist\" id=\"es_form_f0-n1\"><form action=\"\/blog\/wp-json\/wp\/v2\/posts\/2349#es_form_f0-n1\" method=\"post\" class=\"es_subscription_form es_shortcode_form  es_ajax_subscription_form\" id=\"es_subscription_form_6a54b762bda99\" data-source=\"ig-es\" data-form-id=\"0\"><div class=\"es-field-wrap\"><label>Name<br \/><input type=\"text\" name=\"esfpx_name\" class=\"ig_es_form_field_name\" placeholder=\"\" value=\"\" \/><\/label><\/div><div class=\"es-field-wrap\"><label>Email*<br \/><input class=\"es_required_field es_txt_email ig_es_form_field_email\" type=\"email\" name=\"esfpx_email\" value=\"\" placeholder=\"\" required=\"required\" \/><\/label><\/div><input type=\"hidden\" name=\"esfpx_form_id\" value=\"0\" \/><input type=\"hidden\" name=\"es\" value=\"subscribe\" \/>\n\t\t\t<input type=\"hidden\" name=\"esfpx_es_form_identifier\" value=\"f0-n1\" \/>\n\t\t\t<input type=\"hidden\" name=\"esfpx_es_email_page\" value=\"2349\" \/>\n\t\t\t<input type=\"hidden\" name=\"esfpx_es_email_page_url\" value=\"https:\/\/www.idslogic.com\/blog\/how-to-super-secure-your-sitefinity-cms-website-and-be-safe\" \/>\n\t\t\t<input type=\"hidden\" name=\"esfpx_status\" value=\"Unconfirmed\" \/>\n\t\t\t<input type=\"hidden\" name=\"esfpx_es-subscribe\" id=\"es-subscribe-6a54b762bda99\" value=\"15c9239884\" \/>\n\t\t\t<label style=\"position:absolute;top:-99999px;left:-99999px;z-index:-99;\" aria-hidden=\"true\"><span hidden>Please leave this field empty.<\/span><input type=\"email\" name=\"esfpx_es_hp_email\" class=\"es_required_field\" tabindex=\"-1\" autocomplete=\"-1\" value=\"\" \/><\/label><input type=\"submit\" name=\"submit\" class=\"es_subscription_form_submit es_submit_button es_textbox_button\" id=\"es_subscription_form_submit_6a54b762bda99\" value=\"Subscribe\" \/><span class=\"es_spinner_image\" id=\"spinner-image\"><img decoding=\"async\" src=\"https:\/\/www.idslogic.com\/blog\/wp-content\/plugins\/email-subscribers\/lite\/public\/images\/spinner.gif\" alt=\"Loading\" \/><\/span><\/form><span class=\"es_subscription_message \" id=\"es_subscription_message_6a54b762bda99\" role=\"alert\" aria-live=\"assertive\"><\/span><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Security has always been one of the most important features of any web application or Sitefinity CMS application. Sitefinity implements security that is based on the ASP.Net model and the prime goal behind this decision is that the ASP.NET developers&#8230;<\/p>\n","protected":false},"author":1,"featured_media":2350,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[256,251],"tags":[252,723,226,268],"class_list":["post-2349","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cms","category-sitefinity","tag-sitefinity-cms-development","tag-sitefinity-cms-website","tag-sitefinity-development","tag-sitefinity-partner-company"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/2349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/comments?post=2349"}],"version-history":[{"count":4,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/2349\/revisions"}],"predecessor-version":[{"id":10751,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/2349\/revisions\/10751"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/media\/2350"}],"wp:attachment":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/media?parent=2349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/categories?post=2349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/tags?post=2349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}