This project is closed and read-only.
This document describes some typical risks and advises on how to protect a TYPO3 site in order to ensure it is and stays secure and stable. It also explains how the TYPO3 Security Team deals with incidents, how security bulletins and security updates are published and how system administrators should react when their system has been compromised.
You can find the latest version online:
The TYPO3 Security Guide is an essential lecture for everyone who works with TYPO3 (system administrators, TYPO3 integrators, editors, extension developers, etc.) and who is responsible for a publicly accessible TYPO3 site in particular.