To keep a TYPO3 installation secure, you should not only make sure that it is always up to date with updates (both TYPO3 and extensions).
If you have several backend users (admins, editors, etc.), you should also make sure that these users use secure passwords. This is because an insecure password is an invitation to hackers.
With the help of the be_secure_pw extension, you can enforce secure passwords by specifying certain criteria that a password must fulfill, e.g. the length or the use of special characters, capital letters or numbers. Users can also be automatically reminded to choose a new password at regular intervals.
Updated: 17.07.2024