Security Steps to Protect Your DotNetNuke CMS What to do to protect your eCommerce website DNN Security Out Of The Box DNN (DotNetNuke) is already the premier CMS of the US Government due to its robust security and integration with existing security features. However even DNN isn't absolutely perfect out of the box, and there are many additional security features that can be put in place depending on your specific DNN eCommerce requirements. These security recommendations range from simple to complex and cover many different aspects of potential security risks. No guide can accurately assess your specific security needs. If you would like to adequately secure your DNN website, contact Clarity today. Increase Password Complexity and Use Requirements Increasing password complexity is one of the easiest and most effective ways to significantly increase security. The most common and effective requirements are length and complexity. 8 or more characters and a minimum of one capital letter, one lowercase letter, and one number is a great start. You can consider requiring a non-alphanumeric character as well as placing restrictions on how long a password may be used. Even with strong password requirements, you are only preventing brute-force attacks. Change 'Host' and 'Admin' Passwords and Limit Their Use Changing the Host and Admin password to extremely complex passwords is the single most effective step for security, as both accounts are known to exist and are the most vulnerable to brute force attacks because of that. Make sure that any password you set for these accounts exceeds the password recommendations listed above. You should also consider limiting access to these accounts, as they are the most powerful accounts and would leave your site the most vulnerable if they were compromised. Hash Password Storage By default, DotNetNuke uses encryption of user passwords. This provides a good level of protection and allows you to retrieve your password as encryption is a reversible operation. However, if you do not wish to support password retrieval, or want to ensure maximum protection, you may choose to use Hashing instead. Hashing is a non-reversible operation, so even if your database is accessed or stolen, a hacker cannot reverse engineer your password. Clarity Can Help Security is a serious matter and is not something that can be fully accomplished with generic steps. Clarity Ventures is a DNN Gold Partner and can help with any DNN requirements you may have. From the creation of an entirely new website and modules to an audit of your current website. Call Clarity today for a free quote. Get a Quote: 800.928.8160 (toll-free)