CMS security

Security is our number one priority with ProcessWire. Make it your number one priority too. In this section we attempt to cover some of the more important aspects in maintaining a secure installation.

Beyond just using ProcessWire to power your site or application, a big part of maintaining good security involves securing your web server and file system, writing secure code in your template files, installing only the modules/plugins that you need, securing your admin panel, and adhering to security best practices. In this section we attempt to cover some of the more important aspects in maintaining a secure installation.

Securing file permissions
Getting your file permissions right is one of the most important factors in maintaining the security of your ProcessWire…
Securing your admin
Information about the design and purpose of the admin environment and how to protect it. Overview of securing your admin…
Web hosting security
When possible, your production sites running ProcessWire (or any CMS) should ideally be in a dedicated environment. This…
Migrating to production
Unless the production server is a completely dedicated environment, don't assume that what was safe on your development…
Database-driven sessions
Database-driven sessions offer potentially better security since the session information is not stored on the file system.
Third party modules
We can vouch for the security of the code that we write in the ProcessWire core, but we can't vouch for the security of…
Template files
While ProcessWire handles a lot of the common security considerations before your template files are even loaded, you should also…
2-factor authentication
Two factor authentication gives you an extra layer of account security relative to just using a password. ProcessWire comes…

Securing file permissions

Securing your admin

Web hosting security

Migrating to production

Database-driven sessions

Third party modules

Template files

2-factor authentication