Concrete CMS now has a Configuration Best Practices documentation page which provides a checklist to help you make sure that your Concrete site is secure!
Most are Concrete CMS security hardening recommendations. We also include a few “common sense” pointers.
While we do give some suggestions for securing your webserver based on our team’s site setup checklist, the source of truth for your site’s infrastructure configuration should be the best practices documentation for whichever webserver you are using.
This is a shameless plug but a while ago I wrote an article on my blog with 8 easy ways to harden concrete’s security. It’s a non-technical article really, for beginners. But anyway, I just updated it with a link to your list (at the bottom under “Where to go from here”) and it also offers a list of a few security-related packages from the marketplace.
Not ashamed to admit that I learned a thing or two when I read that blog post a year or so ago, @mnakalay. It’s a good intro to securing a Concrete site.
I read your article, @mnakalay, when we were creating this Concrete hardening page! Your article was one of the only “how to secure Concrete” sources out there and was the impetus to put out an official Config Best Practices.