Is it safe to expose Umbraco to the public internet?
My team is working on a proposal for replacing an in-house built CMS with Umbraco for a client.
The client has people working remotely without a VPN, so the CMS must be exposed to the public internet.
My experience with Umbraco is limited and I would like to know if the general consensus is that Umbraco is / isn't safe to be exposed over the public internet.
We'll be using SSL and each user will have an individual account. But we're worried about vulnerabilities and preventing brute-force attacks
You would need to patch Umbraco regularly, but it is (very simply put) a CMS like Wordpress, Joomla, ...
Only expose the needed ports, use SSL and work with timeouts, follow the best practices for Umbraco, Visual Studio C# if you are planning to use this and IIS.
If you are really sceptic about exposing it to the internet, use a VPN and do not expose to the internet.
You could also scope the IIS allowed IP ranges for the website in question and look into IP blocking after failed login attempts.
Is it safe to expose Umbraco to the public internet?
My team is working on a proposal for replacing an in-house built CMS with Umbraco for a client.
The client has people working remotely without a VPN, so the CMS must be exposed to the public internet.
My experience with Umbraco is limited and I would like to know if the general consensus is that Umbraco is / isn't safe to be exposed over the public internet.
We'll be using SSL and each user will have an individual account. But we're worried about vulnerabilities and preventing brute-force attacks
https://jiofi-localhtml.gen.in/ https://router-network.uno https://19216881.link
You would need to patch Umbraco regularly, but it is (very simply put) a CMS like Wordpress, Joomla, ...
Only expose the needed ports, use SSL and work with timeouts, follow the best practices for Umbraco, Visual Studio C# if you are planning to use this and IIS.
If you are really sceptic about exposing it to the internet, use a VPN and do not expose to the internet.
You could also scope the IIS allowed IP ranges for the website in question and look into IP blocking after failed login attempts.
is working on a reply...