Sitecore Security - Beyond the hardening guide
As with any publicly (or internally) accessible web application, it is vitally important to make sure that your Sitecore installation is appropriately configured to protect it against attacks from malicious forces on the net. The primary reference to follow when configuring the security of your Sitecore instance is of course the Sitecore Security Hardening Guide . However there are a few additional steps that you should consider following when configuring Sitecore to provide additional security against some known attack vectors where your Sitecore installation may be vulnerable. All the recommendations and issues listed below appear to still be valid as of Sitecore v7.1 Extra restrictions on the /sitecore folder on delivery servers The Hardening Guide recommends restricting Anonymous user access to the /sitecore/admin , /sitecore/debug and /sitecore/shell/WebService folders. My recommendation on delivery server instances is to go further and restrict anonymous access to al