It is extremely important to make your Sitecore installation configured properly in order to protect it against attacks from malicious forces. In this recipe, you will learn security hardening using some settings and coding.
We will first perform security hardening recommendations on the Sitecore application:
Create a new admin user and delete the default admin user. Also, try to create as few admin users as possible.
From IIS, navigate to the following folders. From their properties, disable their anonymous access. You can even secure admin folders using Windows authentication.
/App_Config
/sitecore/admin
/sitecore/debug
/sitecore/shell/WebService
From IIS, deny the execute permission on the
/upload
folder (mediaFolder
) so that any executable file uploaded to the server in this folder won't get executed on downloading it.Install and configure the Upload Filter Tool (https://sdn.sitecore.net/upload/sitecore6/security_hardening_guide_upload_filter_tool...