Your site audience is the life of your site, but you should not assume that everyone visiting your site does so with the best intentions.
ImpressCMS takes great care to provide you with functionality that will keep your site visitors and their data safe.

HackerOne Bug hunting program

ImpressCMS has it's very own hacker program on HackerOne, where you can participate in finding security issues and solving them in a well-organised and responsible manner. We don't believe in security by obscurity so we encourage everyone to look at our code from different angles, and try to make it do something it is not supposed to.


Security Features

ImpressCMS uses a combination of the following techniques to make sure that access to non-authorised information by non-authorised users is as hard as possible.

Input filtering

As a rule of thumb, you should not trust input coming from users on the web. In the cases that you have to accept user input, it should be sanitized. For that, we use the well-respected HTMLPurifier library to clean up input data before using it on the site.


Trustpath for sensitive files

Never place files with sensitive, security-related information, such as passwords to your database for example, on a location that is potentially open to the internet. ImpressCMS places sensitive information on your server in a location that cannot be reached from the internet.


Hashed and salted passwords

ImpressCMS takes password security seriously. Every user password is padded with a unique code (a technique called 'salting') and is then hashed with a one-way function to make it impossible to decode. If you give us a password, the system can verify that it is correct. But it is impossible to retrieve the password from the hashed value in the database.


Email verification

New users  need email verification before they are activated on the site.


SSL support

ImpressCMS works very well on a HTTPS SSL secured server, no special configuration required.