Nowadays, we hear about new attacks on popular websites almost every day. Security is a key element in demonstrating a company’s professionalism, which is why more and more people, when installing something on their server, ask themselves whether given scripts are safe. So how does FlatlyPage CMS compare?

Our system is built simply, but we do not cut corners when it comes to security. The first line of defense against an attack is hashing the administrator’s data in the login file, so even if a hacker manages to obtain the admin credentials file, with a strong password consisting of at least 8 characters including special symbols, it would take them thousands of years to crack it, which is practically impossible.

If, however, a hacker somehow successfully logs into FlatlyPage CMS, that is still not the end of the story. A different IP address or device triggers an immediate email notification — provided that the administrator has supplied their email address. This means you receive instant information about unauthorized access.

But secure code requires more than just that. Modern hackers are extremely skilled, which is why we need mechanisms that protect users from malicious content. Renderion v3 is a dedicated engine that prevents XSS (Cross-Site Scripting) attacks. This is the most important security feature of FlatlyPage CMS. Even if malicious data enters the system, the engine neutralizes it before it can be executed in visitors’ browsers.

Renderion also includes protection against Cache Poisoning. RenderCache does not trust keys provided directly by users. Instead of using raw data as file names or cache keys, the system generates a SHA-256 hash. This prevents attackers from manipulating file paths. Additionally, whenever data is read from cache, Renderion verifies that its size does not exceed MAX_VALUE_SIZE and that it does not contain suspicious code.

Beyond this, the engine protects the server from overload, which directly improves website availability — for example during DDoS attacks.
Renderion does not stop there: instead of allowing arbitrary SVG file uploads (which could contain malicious XML scripts), the system uses a whitelist to permit only safe files.

FlatlyPage CMS also includes properly configured HTTP headers — something many developers neglect when building flat-file CMS platforms.

The system blocks MIME type guessing, which protects against MIME sniffing attacks. It also prevents clickjacking by ensuring your site cannot be embedded in an iframe on another domain. In addition, it enhances user privacy by not sending full referrer URLs to external services.

Thanks to all of this, FlatlyPage CMS — despite weighing less than 2 MB — is resistant to many common attacks. However, an important note: even with our efforts, you must also ensure that your hosting provider is secure. Choose reliable, well-reviewed hosting services rather than risky or poorly maintained ones.

FlatlyPage CMS combines lightweight design with strong built-in security mechanisms. While no system is 100% invulnerable, FlatlyPage provides solid protection against the most common web threats, as long as it is paired with trustworthy hosting.