Our security recommendations

Essential tips to keep your fortrabbit Account and your code base secure.

Dashboard and passwords security

  • The password to login with the fortrabbit Dashboard must be secure.
    • Use a password manager or a long pass-phrase.
    • Don't share your Account password, use our collaboration features instead.
  • Enable two-factor authentication (2FA) with your fortrabbit Account.
  • Use SSH key authentication to access code instead of username+password
  • Rotate internal passwords via the Dashboard for your App:
    • MySQL database
    • Object storage
    • When company members leave
  • Go over the list of imported SSH public keys periodically and keep only those being used.

PHP code security

  • Make sure to follow common security guidelines - see PHP the right way.
  • Mind the OWASP Cheat Sheets to negate attacks before they can start.
  • Best practice for security and portability is to store secrets like database password not with code but with our App Secrets or ENV vars (as long as they are not exposed as well).
  • Don't store sensitive information in plain text in the database, use ciphertext.

All articles

Craft CMS

Statamic

Install guides

Code access

Deployment

Git

SSH

SFTP

Troubleshooting

DNS

MySQL

TLS (SSL)

htaccess

Development

Teamwork

Platform

Billing

The Dashboard

Stacks

Tips & tricks

Quirks

Support

FAQ

Need individual help?
Learn about Company plans ›
Looking for an old article?
See the full list of articles ›
Found an error?
Contribute on GitHub ›