TYPO3 is an open source content management system (CMS) that can be used to create websites free of charge. TYPO3 is used for websites of different sizes and with different requirements.
Table of contents
1. Field of application of TYPO3
TYPO3 offers a lot of features directly, such as multilingualism or rights management for editors. In other CMSs, such functions are often only accessible via plugins and work more or less well.
Advantages of TYPO3
- Open source and free of charge
- Good documentation
- Multilingualism
- Rights management
- Relatively widespread in German-speaking countries
- Easy to extend via extensions
- Many free extensions for download in the TER (TYPO3 Extension Repository)
- Community in German-speaking countries - support via the TYPO3 Forum and the Facebook group (german)
- Regular events - Developer Days, t3con (every year in a different city), etc.
- Various certifications - TYPO3 Editor, TYPO3 Integration, TYPO3 Developer, TYPO3 Consultant
Use of TYPO3
- Often used for large websites that offer multilingual content and have several editors
- Used for large sites that have a complex page tree
Comparison with other CMS
The comparison with other CMS such as WordPress is irrelevant from our point of view, as it depends on the website requirements which CMS is best used.
For small sites or one-pagers, TYPO3 can be overkill, but for larger, complex sites, TYPO3 is definitely the better choice, as it offers a better overview and a better data structure than WordPress, for example.
2. Installation
TYPO3 is installed on your own server (or web space) and is installed by yourself, so it is not a cloud solution. You must therefore ensure that the software is updated regularly (or when required). An update is necessary if security vulnerabilities in the TYPO3 core or an installed TYPO3 extension are disclosed, which usually happens a few times a year.
3. TYPO3 Releases
After the official release (Longterm Release LTS), each TYPO3 major version has a specific runtime, which is divided into different phases:
- Regular Maintance
The version is further developed and receives new features; usually a period of 18 months. - Priority Bugfixes
Only bugs are fixed; normally a period of 18 months - Extended Support - Extended Longterm Support (ELTS)
Paid support; normally 3 years, but can be extended - for version 8 it was 4 years
This means that a TYPO3 version has a runtime of 3 years from the start of the official release until the end of security support.
You can find more information about the TYPO3 roadmap here.
If a TYPO3 version is no longer updated, it is End-Of-Life (EOL) and should be updated to the next version.
4. TYPO3 & Security vulnerabilities
If there are security updates for the TYPO3 core or TYPO3 extensions, this information will be made available on the TYPO3 website. To be informed about security updates for TYPO3 and TYPO3 extensions by e-mail, you can subscribe to the TYPO3 Announcement List free of charge.
If you are now informed about security vulnerabilities, you have to determine whether or which website is affected by the vulnerability and that is the real challenge. With a large number of web projects, it can take a considerable amount of time to find out which project needs to be updated.
Our tip
With SYSSY you can get an overview of updates. A traffic light display shows which projects are affected by a security update.
5. TYPO3 Updates
Manual TYPO3 updates
Once it has been determined which TYPO3 websites are affected by the security update, the update process can begin. The updates can vary in complexity depending on the size of the website, as the entire site should be tested after an update. Especially if the website has not had any updates for some time, it is essential to carry out the update beforehand using a test installation to ensure that the system update does not cause any problems.
In any case, a backup copy of the website should be created before the update.
Our tip
It is better to wait 3 days, sometimes the next release comes out shortly after a release. You then have double the work if you were very early with the updates.
Automatic TYPO3 updates
Some hosters offer pre-installed TYPO3 installations and the automatic installation of security patches. However, these functions should be used with caution, as updates that are installed immediately after the release may contain as yet undetected bugs. Your website may then be secure, but the entire website (or parts of it) may no longer function properly.
6. Why is TYPO3 monitoring important now?
Regular website monitoring at various levels makes sense so that you can gain a comprehensive overview and act quickly in the event of problems in the various areas.
Security
To make sure that you don't overlook any TYPO3 security updates, you should keep a constant eye on the TYPO3 version and the versions of the extensions and be informed quickly of any security gaps so that you can act promptly.
Monitoring PHP and MySQL versions provides an additional overview of the server's status and can provide information on whether security updates need to be installed.
Availability
Furthermore, an uptime monitor can be used to determine whether there is an increase in server downtime and whether there is a need for action.
SEO
SEO monitoring draws attention to SEO errors and can enable quick action to be taken.
GDPR
An automated GDPR check can protect against warnings and expensive penalties and legal fees.
Performance
Regular performance monitoring can make you aware of long loading times and allow you to take action.
Why are security gaps dangerous?
If there are open security gaps in the TYPO3 core or a TYPO3 extension, hackers can exploit these security gaps and hack the website. Hacked websites can lead to data loss, downtime, poor SEO performance or even legal consequences.
What happens to the website if it is hacked?
Hackers can do many different things to websites.
Some of the most "popular" hacks are as follows:
- Redirect the website to another domain where advertising or a virus is waiting
- Inject text, links or banner ads
- Sending spam mails via the mail server
- Infiltrating keywords to achieve a ranking in the search engine for dubious keywords
What do security vulnerabilities have to do with the GDPR?
From a GDPR perspective, security gaps must be closed as quickly as possible if personal data of individuals is stored in the system. Personal data is already stored as soon as data from a contact form is saved in the database. If you operate an online store with TYPO3, the situation is even more explosive. Especially if you have stored customer payment information.
Our tip
Regular updates and prompt closure of security gaps reduce the risk of being hacked.
Let us help you with TYPO3 monitoring
Do you want help with website management?
SYSSY works for you in the background!
