Area: Episerver CMS
Applies to versions: 10 and higher
Other versions:

Securing edit and admin user interfaces

Recommended reading 

This topic discusses security considerations related to unauthorized access to the editing and administration user interfaces of Episerver CMS, when running the Episerver Customer-Centric Digital Experience  Platform (DXP).


Episerver is built to provide easy access for multiple editors to work with content across sites in a collaborative manner, using devices of their choice. This may in some instances raise concerns about unauthorized access to the editing and administration interfaces of Episerver CMS. 

Security and privacy are built into both the Episerver platform, and the Azure cloud services upon which the Episerver DXP is based. Any feature that Episerver develops must meet the highest quality standards, including security measures. See Security.

Below are some additional precautions to consider to prevent unauthorized access:

  • Ensure that the connection is secure, use a SSL server test tool to verify.
  • Use federated authorization to a trusted authority to secure editor identities. 
  • Use a Web Application Firewall (WAF) to protect against threats such as DDOS.
  • Run penetration tests regularly, use a web security scanning tool.

Decoupled setup

See Decoupled setup if you are running a solution with physical separation of servers.

Related topics

Do you find this information helpful? Please log in to provide feedback.

Last updated: Nov 01, 2017

Recommended reading