Umbraco Sticker On Lock (1)


How we keep Umbraco secure

In today’s world, a continuous focus on security is essential. No doubt. That’s why following best practice and performing regular testing is all part of our security operations, ensuring that you can use our products and services with peace of mind. 

Security and Open Source

The Umbraco CMS is Open Source which means that the core code is open and accessible to everyone. This, however, does not mean that everyone is able to alter the code. We, Umbraco HQ, ensures that the core of the CMS, Umbraco Cloud, Forms and Courier, stays as bullet-proof as possible - and if a vulnerability is discovered, we make sure to fix the vulnerability automatically (Umbraco Cloud) and provide information about manual fixes in a timely and secure manner.

How to get informed about security advisories

Developer focusing on security development task

3rd party penetration tests

Apart from doing regular internal testing, we have an external security company doing thorough penetration testing of Umbraco CMS and Umbraco Cloud to detect possible vulnerabilities.

These penetration tests are done twice a year.

The results of the tests are not published online, but we share the confirmation letter as proof. 

Confirmation letter download

Questions regards this can be forwarded to 

How to report a vulnerability

If you through your internal use and testing of Umbraco come across a vulnerability, we’d, of course, like to hear about it. In order to take care of the vulnerability in the most responsible manner, we ask you to follow the guidelines for how to report a vulnerability.

Smallercroploveisinthecloud (1)

Security in Umbraco Cloud and Heartcore

As part of the Umbraco Cloud offering, we've added extra security-related features to your project set-up. Features that, for example, automatically make sure your sites are always running the latest, most secure version of Umbraco.

Added security in Umbraco Cloud

Security tips for you

We have structured ways of testing and keeping the Umbraco foundation secure. Due to the open-source nature of Umbraco, there are also ways for you to ensure that your project is set up in the best way possible security-wise. That’s why we have gathered a number of tips for you on this right here:

How to make your Umbraco set-up more secure

Umbraco Security Features

  • Automated Security updates (Umbraco Cloud) ✔️
  • Automated HTTPS certificate (Umbraco Cloud) ✔️
  • Hashed passwords ✔️
  • Support for HTTPS ✔️
  • Support for OAuth login system ✔️
  • Possible to set-up password rules ✔️
  • Possible to implement two-factor authentication ✔️ 
  • Default log-out of backoffice due to inactivity ✔️ 
  • Built-in security Health Checks ✔️ 

Loved by developers, used by thousands around the world!

One of the biggest benefits of using Umbraco is that we have the friendliest Open Source community on this planet. A community that's incredibly pro-active, extremely talented and helpful.

If you get an idea for something you would like to build in Umbraco, chances are that someone has already built it. And if you have a question, are looking for documentation or need friendly advice, go ahead and ask on the community forums.

Want to be updated on everything Umbraco?

Sign up for the Umbraco newsletter and get the latest news and special offers sent directly to your inbox