This document describes some typical risks and advises on how to protect a TYPO3 site in order to ensure it is and stays secure and stable. It also explains how the TYPO3 Security Team deals with incidents, how security bulletins and security updates are published and how system administrators should react when their system has been compromised.
You can find old published versions of the documentation in the TYPO3 Extension Respository (TER):
and the latest version online:
This document replaces the "TYPO3 Security Cookbook" published in 2006, without being a simple checklist but a comprehensive guide how to achieve a high-level of security of a TYPO3 instance.
The TYPO3 Security Guide is an essential lecture for everyone who works with TYPO3 (system administrators, TYPO3 integrators, editors, extension developers, etc.) and who is responsible for a publicly accessible TYPO3 site in particular.