Plone has strong built-in security controls and a defined security team process. Hardening should leverage role and workflow permissions plus add-on governance.
¶ 1) Protect secrets and administrative access
- enforce role and workflow permissions so editors cannot gain site admin capabilities
- protect management interfaces from public internet access
¶ 2) Control extensions and update cadence
- track Plone security advisories and patch promptly
- install add-ons only from trusted, maintained sources
¶ 3) Harden runtime and deployment perimeter
- secure ZODB and blob backup sets and encrypt at rest
- enforce HTTPS and modern TLS settings at proxy
- Plone security docs: https://plone.org/security
- Plone docs: https://6.docs.plone.org/
Any questions?
Feel free to contact us. Find all contact information on our contact page.