Make a Lasting Impression
ImpressCMS Blog > 5 Security Features That Make ImpressCMS Really Safe

5 Security Features That Make ImpressCMS Really Safe


PadlockThe web is not necessarily a safe place to be and ImpressCMS takes your online security very seriously.

Like in real life where we use doors and windows to secure our home and our loved ones, these 5 security features make sure that your website powered by ImpressCMS is secure against those of ill will.

1. Trust path

The reason of being for most, if not all, websites is to be accessible from the outside world. For the most part of your site, that is true. But there are some things that better remain hidden from the outside, such as confguration files, security data and log data.
The trust path is a part of ImpressCMS that isn't directly available from the internet, to store that sensitive information in a secure way.

2. One-way password encoding

Your website is running on a server, and servers can be compromised outside of the ImpressCMS installation running on it. Even in this eventuality, you can rest assured that your user's passwords will not be at risk. ImpressCMS uses 2 different keys to encode the passwords before storing the result in the database, with an algorithm that only works one-way. So even if someone gets a hold of your password database, the logins of your users are safe.

3. HTMLPurifier built-in

Unless you have a static documentation site, most sites nowadays rely on user interaction. Most of your users are genuine, but for those few that aren't, the industry-standard HTMLPurifier library cleans up any nastyness (like Javascript or database commands that expose internals of your system) before it gets into the site, keeping you safe from the so-called 'script kiddies'.

4. StopForumSpam integration

The quality of a community is largely dependant on how good you are at keeping bogus and spammy accounts out. As a standard feature, ImpressCMS checks with the StopForumSpam service if a new user is a probable spam account in order to help you with that. The creation of accounts with a high probability of being a spam or bogus account are automatically blocked by ImpressCMS, keeping your member database cleaner.

5. Protector module

The protector module does what it name implies, it protects your site. Protector is integrated into every ImpressCMS installation, and constantly monitors users' activities on your site for suspicious behaviour. When a certain IP address shows suspicious behaviour, Protector will preventively block access from that computer to your site for a certain period, and take some extra countermeasures.

In summary

These are just 5 of the most visible security measures that are integrated in ImpressCMS from the start. In fact, we constantly get praise from site builders, security auditors and hosting companies that ImpressCMS site security is rock solid. And if we find a vulnerability, we patch it quickly, like ImpressCMS 1.3.7.

Do you need a fast and secure CMS for your website? Check out our latest releases!

All posts by fiammybe
Subscribe to latest posts
The comments are owned by the poster. We aren't responsible for their content.
Poster Thread