Umbraco runs on ASP.NET and exposes a backoffice interface. Security requires ASP.NET secret handling, backoffice hardening, and package control.
¶ 1) Protect secrets and administrative access
- secure appsettings secrets and connection strings with external secret providers
- enforce strong backoffice authentication and MFA
¶ 2) Control extensions and update cadence
- restrict backoffice URL access to trusted networks where possible
- apply Umbraco and .NET runtime updates through tested patch windows
¶ 3) Harden runtime and deployment perimeter
- review installed packages for maintenance and security status
- enforce HTTPS, HSTS, and anti-forgery protections
- Umbraco docs: https://docs.umbraco.com/
- Umbraco source: https://github.com/umbraco/Umbraco-CMS
Any questions?
Feel free to contact us. Find all contact information on our contact page.