Skip to main content

Security Best Practices for MODX Cloud Managed Hosting Customers

  • Updated

At MODX, we prioritize the security of your hosted environment. This article outlines our security measures and provides recommendations for clients to enhance their sites’ security.

Host-side Security Measures

MODX is responsible for and implements the following security measures to protect your hosted environment, including but not limited to:

  • Regular Patching
  • Firewall Protection
  • DDoS Protection
  • Limit Open Ports
  • Encourage SSH Access using Keys
  • Regular Security Audits
  • Client Isolation on multi-tenant platforms

For more details of MODX Cloud’s security measures on the host side, see that section in our Overview of MODX Cloud Infrastructure KB article.

Recommendations for Customer-side Security

Customers are responsible for the implementation of their website and likewise for taking security precautions. To further enhance your site’s security, we recommend the following measures:

  1. Deploy Cloud Edge WAF/CDN: Powered by Cloudflare Enterprise, our Cloud Edge Web Application Firewall (WAF) is tailored to our environment for additional protection against web threats. Our MODX and WordPress plugins for the Content Delivery Network (CDN), which are included with Cloud Edge, will automatically clear the CDN cache when pages change and let you create allow/block rules directly inside your CMS admin. 
  2. Keep CMS and Plugins Updated: Regularly update your content management system and all plugins to the latest secure versions. Learn more about the best practices for upgrading your CMS and its Plugins and Extras
  3. Use Strong Authentication: Implement strong passwords and two-factor authentication (2FA) for all user accounts, especially admin accounts. We recommend a minimum of 16 mixed-case alphanumeric characters with special characters for passwords.
  4. Limit Admin Access: Restrict admin access to trusted IP addresses where possible.
  5. Regular Backups: Implement your own backup strategy for your specific application data in addition to our server-level backups. You can easily download copies of our backups within the MODX Cloud Dashboard. Learn more about how backups work in MODX Cloud
  6. SSL/TLS Implementation: Ensure your site uses HTTPS with up-to-date SSL/TLS protocols. MODX Cloud makes this an easy button with free, auto-renewing SSL certificates powered by Let’s Encrypt.
  7. Content Security Policy (CSP): Implement a robust Content Security Policy to prevent cross-site scripting (XSS) and other injection attacks. A Content Security Policy (CSP) can help detect and mitigate certain types of attacks, including XSS and data injection attacks. It specifies which content sources the browser should consider valid for your website. This means you can whitelist trusted sources of scripts, styles, images, and other resources, effectively blocking any malicious content from untrusted sources. By implementing a CSP, you add an extra security layer that complements your defenses and helps protect your users from potential threats.

    For more detailed information on Content Security Policies, including implementation guidelines and best practices, you can refer to the Mozilla Developer Network (MDN) Web Docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP 
  8. Regular Security Scans: Conduct regular security scans of your application to identify potential vulnerabilities. For more information on understanding and evaluating security scan results, see our article on understanding security scans and security backports.
  9. Secure Coding Practices: Ensure your development team follows secure coding practices, including input validation, output encoding, and proper error handling. For MODX websites, this happens by default when using the xPDO data access API and has led to a very robust security track record as a result: https://modx.com/security 
  10. API Security: If your application uses APIs, ensure they are properly secured with authentication and rate limiting.

Shared Responsibility

While MODX is committed to maintaining a secure hosting environment, security is a shared responsibility. By combining our host-side measures with these customer-side best practices, we can significantly enhance your site’s overall security posture.

Support

If you need assistance implementing any of these measures or have further questions about security, please contact our support team. We’re here to help ensure your site remains secure and performs optimally.

Remember: Regular communication with our team about your security needs and concerns is crucial for maintaining a robust security posture.

Related articles