Security
Configure authentication, authorization, SSL, hardening, and other security options in Umbraco.
Umbraco supports a range of security features for both the backoffice and front-end of your website. Use these guides to configure authentication, harden your installation, and manage sensitive data.
Authentication
External Login Providers - configure OAuth/OpenID Connect providers such as Entra ID, Google, or Facebook for backoffice users and members.
Two-Factor Authentication - implement a TOTP-based two-factor authentication provider for members.
BackOffice User Manager and Notifications - work with the ASP.NET Core Identity UserManager implementation for Umbraco users.
Custom Password Check - validate username and password credentials against a custom credentials store.
Lightweight External Members - authenticate members through an external identity provider without storing them as full content entities.
Basic Authentication - protect the front-end of your website using backoffice user credentials.
Hardening and Configuration
SSL/HTTPS - configure your Umbraco site to use HTTPS.
Security Settings - configure password and security settings in Umbraco.
Security Hardening - harden your Umbraco installation against common threats.
API Rate Limiting - apply rate limiting to Umbraco using ASP.NET Core's built-in middleware.
Azure Key Vault - store and retrieve secrets using Azure Key Vault.
Cookies - understand the cookies required for accessing the Umbraco backoffice.
Server-side File Validation - implement file validation for uploaded files.
Server-side Sanitizing - sanitize Rich Text Editor content on the server side.
Setup Umbraco for a FIPS Compliant Server - configure Umbraco to run on a FIPS compliant server.
Members and Data
Sensitive Data on Members - mark member fields as sensitive to restrict access in the backoffice.
Reset Admin Password - reset the password of the admin user.
Password Reset - reset passwords for non-admin backoffice users.
External Resources
The Umbraco Trust Center - security details, vulnerability reporting, and compliance information for Umbraco CMS.
Security on Umbraco Cloud - security details specific to Umbraco Cloud hosting.
Health Checks - run health checks to verify the security and configuration of your Umbraco installation.
Umbraco Training
Umbraco HQ offers a full-day training course covering an overview of Transport Layer Security (TLS), understanding threats, two-factor authentication, and more. The course targets frontend and backend developers, designers, and technical users.
Explore the Security Training Course to learn more about the topics covered and how it can enhance your Umbraco development skills.
Last updated
Was this helpful?