Secure
For more than 15 years, security has always been a central focus of ProcessWire, and it has the track record to prove it.
Even sites running the original ProcessWire 1.0 still run smoothly without issue, and with no need for regular maintenance to do so. ProcessWire includes numerous security-related features to help safeguard your installation. A few examples include (but are not limited to):
- Support for multi-factor authentication (such as TTOP)
- Session login throttling to prevent dictionary attacks
- Session highjack prevention and fingerprinting
- Zero front-end inputs to the system other than the URL
- Role based access control system with granular permissions
- File system protection controlling file access
- Notifications of configuration-related security issues
- Cross-site request forgery protection (CSRF)
- Support for custom and obscure admin URLs
- Support for caching of expensive renders to prevent denial of service targets
- Ability to control when sessions are allowed and created
- Extensive .htaccess protection with advanced conditions and rules
- Support for database-driven sessions
- Constant and thorough code review and testing
- All core commits are run through a security gatekeeper