High Security

CastleCMS is based on Plone, which has the best security track record of any enterprise-scale content management system, but we have gone further, adding many security features to Castle:

• built-in two-factor authentication that protects you from stolen password exploits
• auto-lockout: after a maximum number of login attempts, users are automatically locked out
• user session management that allows administrators to terminate suspicious sessions
• a login-secured, customizable dashboard for each user
• integrated reCAPTCHA to keep spammers and bots at bay
• metadata is automatically stripped from uploaded Office documents, PDFs, and other file types
• deep content delivery network (CDN) integration with CloudFlare for caching and an intelligent web application firewall

Castle’s security is granular, letting you secure individual content items (pages, files, images, news items, calendar events) or entire sections of your site. If a user isn't authorized to access a content item, they won’t even know it’s there.

Castle's built-in search engine knows what each person is authorized to see, so you can rest easy knowing that private data will remain private.