Skip to main navigation Skip to main content Skip to page footer
Become a Member

Security Corner

TYPO3 invests in security

The digital world is riddled with risk, and those risks can bring consequences. We infuse  security best practices, staying watchful, and responding quickly into our methodology to remain ahead of security threats.

Agile, responsible, consistent

The best offense is a great defense. TYPO3’s security practices establish multiple layers of protection that shield you from common and uncommon threats. With TYPO3, your security reputation remains intact, ensuring customer confidence and client satisfaction.

At TYPO3, we:

  • Deploy best practices. We endorse secure passwords, update the TYPO3 Core regularly, and use staging servers for testing and development.
  • Remain vigilant. We monitor carefully, coordinate our communication, and react quickly when a threat is flagged.
  • Define access. Our user roles ensure appropriate permissions.
  • Always improve. We add at least one new security feature per cycle.

An open source mindset strengthens our security

Our open source principles are more than buzzwords: we put them into action. Our security process is iterative, community-oriented, inclusive, and transparent—ensuring a codebase that is highly tested, unified, and maintained for the long term.

Our open source values include:

  • Accessibility. Security features come out of the box, making good security available to all by default.
  • Sustainability. By embracing open source sustainability, we ensure our code is maintained for the long term.
  • Visibility. Our code is viewed by millions, an approach that identifies and removes vulnerabilities quickly.
  • Team approach. Our dedicated team covers all aspects of security, together.

Easy to stay informed, educated, and engaged

Communication is key, especially when it’s high-stakes. TYPO3 offers up myriad opportunities to engage with us through resources, regular updates, and education about TYPO3 security. We’re available when you need us.

With TYPO3, you can:

  • Be in the know. We send regular security bulletins for Core and extension updates.
  • Connect in real-time. You can talk to the TYPO3 Security team through our dedicated Twitter channel.
  • Learn the risks. The TYPO3 Security Corner Team educates at conferences and events.
  • Rely on us. We provide connections to security audit agencies.

We follow your lead

Our engagement with our community ensures that when you speak, we listen. Many of our current security features originated from community feedback. With TYPO3, you can rest assured that we take your needs into account when it comes to security.

Asked-for features from our community include:

  • Common Vulnerability and Exposure (CVE) Scores
  • ELTS (extended long-term support)
  • Bug Bounty Program

Secure your website and your reputation by getting started with TYPO3.