CastleCMS Security Features Overview
This is an overview of CastleCMS’ security features and settings (see the administrator guide for more details).
CastleCMS: Based on Plone
What makes CastleCMS so secure? At its core, CastleCMS uses Plone, the open-source CMS that has been in continuous development by a thriving worldwide community for almost 20 years. Plone has the best security track record of any CMS. It is not vulnerable to the wide array of PHP and SQL attacks, and it includes baked-in protection from cross-site request forgery (CSRF), cross site scripting (XSS), and clickjacking attacks. The Plone security team proactively audits the code base and provides security hotfixes to address any discovered issues. Wildcard contributes to the ongoing evolution of Plone and to the Plone community in many ways, including through its membership on the Plone Foundation Board and the Plone security team.
Let’s take a closer look at the security features of CastleCMS. All of the security settings are gathered together in a single control panel accessible to site administrators.
Security Model
Everything in CastleCMS is protected by a sophisticated security model based on users, groups, permissions, roles, and workflow states. User accounts and groups can be created and managed locally within a CastleCMS site, or they can be sourced from a connected Lightweight Directory Access Protocol (LDAP) directory or OAuth source, such as Google or Twitter.
CastleCMS is ready to use out-of-the-box with an intuitive state-based workflow which determines who can view or otherwise operate on any content as it goes from being created, to reviewed, and published.
CastleCMS allows you to assign dozens of permissions to roles, and roles to groups, through the easy-to-understand Users and Groups control panel. This gives you the finest-grained control over who gets to see and do what across your site.
Login Shield
The simplest way to prevent bad actors from getting into your website is to make it inaccessible from the public Internet, but this is impractical for your legitimate users: they would need to use a virtual private network (VPN) to get to your website.
Instead, you can use CastleCMS’ Login Shield, which requires users log in *before* they can see any element of your website. Only on successful login will they be taken to the website.
As a site administrator, using the CastleCMS Security control panel, you choose how Login Shield protects your site:
- By default, it is not enabled
- You can enable it to protect only your site’s backend URLs (the web addresses that content editors use to create and manage content on the site)
- You can enable it for all access to your site, whether you use separate backend URLs or not (this is the highest level of security)
Limiting Failed Login Attempts
CastleCMS includes a configurable limit on the number of failed login attempts before it disables an account. No more endless doorknob rattling and unlimited password guessing attempts!
Site administrators are able to re-enable disabled user accounts though the Users and Groups control panel.
Removing Disabled Accounts
Site administrators normally do not need to remove or delete disabled user accounts, CastleCMS does this for them automatically after a configurable number of days.
Two Factor Authentication
CastleCMS includes two factor authentication (“2FA”) to protect against guessed or stolen passwords.
When 2FA is enabled, users are sent an authorization code to their registered email address or to their mobile phone via text message. Only after entering this code are they prompted for their password. This makes it much more difficult for a bad actor to gain access to an account even if they’ve guessed or obtained the password.
Restrict Logins to Countries
CastleCMS lets you limit which countries a user can log in from. This is useful for preventing login attempts and scripted attacks that come from countries from which your users normally do not access your website.
Audit Log
CastleCMS includes an audit log that site administrators use to view all operations carried out by users on the site, including logins, workflow transitions, content creation, modification and deletion. The audit log can be filtered by action type, user, date, and content item. The audit log information can also be exported for reporting or other external use.
Session Management
Using CastleCMS’ session management control panel, site administrators can see who is currently logged into the site and can terminate sessions as needed.
User Account Management
CastleCMS’ user control panel gives site administrators the ability to create, disable, or delete user accounts. They can also re-enable accounts that have been locked out after reaching the maximum number of login attempts.
Metadata Scrubbing
When a content editor uploads an image or a PDF document, CastleCMS automatically removes all its metadata before saving it. This prevents inadvertent disclosure of sensitive information such as the location a photo was taken or the name and email address of a document author.
Cloudflare Integration
Cloudflare speeds up and protects websites with a web application firewall, detects and disrupts distributed denial of service attacks, and delivers content from caching servers located around the world.
CastleCMS incorporates cache invalidation functionality that tells Cloudflare when your website content has been updated.
HTML Filtering
By default, CastleCMS filters out potentially harmful HTML and JavaScript before it is even saved to content on your website. This protects your users and website visitors from attacks that could otherwise be hosted on your website.
Site administrators can customize the filters and can even disable filtering entirely.
Other Security Settings
CastleCMS includes other security-related features. Out of the box, the default setting for these options maintain a high level of security for your website.
- User self-registration is not allowed.
- When a user account is created through self-registration, the new user cannot specify their password immediately; Instead, they receive an email with a confirmation link that allows them to specify their password (this verifies the correctness of their email address).
- User folders are disabled. These are private folders in which users can create and upload their own content (pages, documents, images, news items, events, and so on), something you may wish to enable for more collaborative, community content-driven websites.
- Information about content authors is not displayed.
For More Details
See the administrator guide for more details on each of the security features and settings.
Photo Credits