Security

Security in Evolution CMS starts with administration, updates, and careful package choices. Most issues come from weak permissions, outdated code, or careless deployment.

Manager Security

• use strong manager passwords
• do not hand out administrator rights casually
• separate manager accounts from frontend user accounts
• review roles and document-group access regularly

Project Security

• keep Evolution and extras updated
• remove or protect installers after setup
• keep writable paths limited to what actually needs writing
• review old snippets, plugins, and custom modules before reusing them

Server Basics

• serve the site over HTTPS
• use correct rewrite and public path configuration
• store secrets in the environment, not in random project files

See Permissions and Bugs and Security.