Ensuring roles in Sitecore

Roles are easy to create in Sitecore but sometimes you might want to ensure that some specific roles always exists. Not a very common scenario but nonetheless it happens. Once upon a time we needed to be able to ensure that a long list of specific roles always existed on the production instance otherwise some […]

Disable the Sitecore admin user

A basic Sitecore 1-0-1 security check is to see if the admin account still uses the standard password. It is commonly seen that sites go into production with the admin / b still working. A way to ensure this does not occur is simply to disable the admin account when building to release or other […]

HTTPS in Sitecore

I would always recommend running all production site cms’ using security on the transport layer (https). Sitecore or no Sitecore, it is not safe to first send username and password unencrypted and then following having an insecure session cookie for the authentication information. This applies for both extranet users and the backend administrators. A basic […]