Umbraco Security Settings

Password settings

The settings for Umbraco passwords are configurable in appsettings. There are two different configuration objects - One for Umbraco Members and one for Users.

For more information see the Security Settings documentation.

Password reset settings

Umbraco backend users can reset their own password, or if they try too much, have a locked out account.

To deactivate the User password reset look at the Umbraco Settings Security section.

To configure password reset verify the Backoffice Login Password Reset section.

Other security settings

The Umbraco timeout in minutes
disableAlternativeTemplates If set to false this can be used to try to render pages in a way that they are not supposed to
disableFindContentByIdPath If set to false this can be used to do an enumeration of the nodes in your website and find hidden pages.
Umbraco Forms: AntiForgeryToken and DisableFormCaching

PreviousUmbraco Security Hardening NextSensitive data

Last updated 4 months ago