Sitefinity’s Administrative Web Interface is accessed by adding /Sitefinity to the web site’s URL.  Users are then required to provide a valid username & password to gain entry to Sitefinity.  By default, Sitefinity’s administrative username is set to admin.

A few customers have expressed concern that this does not offer enough protection from malicious users or bots.  If an attacker knows a web site is using Sitefinity then they also know the login URL and the admin username. The only thing that remains is the admin password. 

This article explains how Sitefinity (and ASP.NET) help protect your web site.  This article also suggests a few techniques for adding additional layers of protection to Sitefinity’s Administrative UI.

Too Many Invalid Password Attempts

There are plenty of password cracking tools that will bombard a web login form with password variations.  These login attempts can stream as fast as the web server ...

This webinar examines user management and security in Sitefinity.

Out of the box, Sitefinity empowers you to easily manage CMS users and roles. However, there are alternatives to the default user management provided by Sitefinity. Sitefinity can also integrate with an organization’s Active Directory. In addition, an entirely custom membership provider can be created and applied to Sitefinity. In this webinar, we’ll explore various strategies for managing Sitefinity’s users and roles.

The notes page, referenced by this webinar, can be found here.

I truly appreciate everyone who attended this webinar live.  I apologize for my bad Internet connection that caused the audio and video problems.  The webinar posted above is re-recorded to eliminate some of the Internet problems I encountered on the live version.

This webinar covers the following topics:

• Overview ASP.NET Membership & Role Providers
• Overview of User Management in Sitefinity
• Adding custom fields to Sitefinity’s Membership Provider
• Overview ...