Blend Interactive proud to be included on Inc. Magazine's Best Workplace for 2023 list.

Keeping Your CMS Secure

Unauthorized meddling in your content management system can lead to loss of reputation, loss of income, and even loss of actual assets. Enabling multi-factor authentication protects your site and makes sure only the right people can access it.


Authored by


  • Development

We live in a world of passwords. And we live in a world in need of security.

Passwords surround everything we do. For those responsible for managing passwords across family, children, or business, collection and safekeeping of passwords simply become one of the day’s tasks, just like brushing your teeth or putting on socks.

But keeping those passwords safe and hidden is just one side of the battle. Programs like 1Password provide access to easily saved and totally random password strings, helping stay away from basic passwords like “1234” or “password,” but even the longest passwords can be cracked if given enough time — and enough motive.

This means we need more than just a password to protect highly valuable sources of information. Like your personal contacts and photos. Like your bank account information.

And like the content and permissions with your content management system (CMS) or digital experience platform (DXP).

That’s where multi-factor authentication comes in.

Why multi-factor authentication is important.

As a reminder, when we talk about multi- or two-factor authentication (2FA), we’re talking about asking for a second or third (or, in rare cases, even more!) pieces of evidence in order to authenticate a user. This most often manifests as entering a second unique ID that’s based on something in close proximity, such as a key fob with an ever-changing number, or a code sent to a secondary device.

What’s important is that the additional layers of authentication happen separate from your already accessible online accounts — something that can’t already have been hacked. For example, when you log in to something like Apple’s iCloud, and a notification pops up on another linked device asking for confirmation — that’s two-factor authentication.

The truth is, strong passwords are still valuable and important, but they’re not perfect. In a lot of cases, a password may have been cracked for days before there’s any indication, simply because there’s rarely any notification when a password has been entered on a strange or new device. Given that your CMS or DXP might be accessed multiple times by different people on different devices, this seems obvious — no one wants to get an email every time someone logs in.

But, in reality, most people ultimately do not know when — or how — their sites are compromised. In an article written about Two-Factor Authentication in WordPress sites, it was found that 61.5% of respondents had no idea how an attacker compromised the site.

Even scarier, there’s little idea of what someone might do once they’re in there. They might change a line of text.

Or, they might attempt to throw the site into chaos.

Why you need it for your CMS or DXP.

Of course, this is more than just someone getting access to your social networks or streaming queue. Unauthorized access of your content management system is akin to gaining control of your business’s entire online persona — and, in the case of an organization that depends on content as a business asset or, even more critical, a business that depends on uptime to sell online products, unauthorized meddling in the content management system can lead to loss of reputation, loss of income, and even loss of actual assets.

With the understanding that your CMS or DXP is as valuable and private of a tool as your CEO’s laptop or a safe of petty cash, it makes the necessity of two-factor authentication even more crucial. You need to protect your site and make sure only the right people can access it, and this cannot be done through passwords alone.

Because, let’s face it; even the most secure password can fall into the wrong hands, especially for those who don’t depend on password protection software, or those who log in so infrequently that they wouldn’t notice any malicious action for weeks after a security breach.

So let’s get that site protected.

How to enable it.

Two-factor authentication plugins and functionality are available for most major content management systems and digital experience platforms. Blend most often works with Optimizely and Umbraco, so we'll talk about those here.

First, Umbraco has outlined the steps for implementing two-factor authentication — "Two-factor Authentication" — as a part of its existing documentation. 2FA can be set up using several different services.

Meanwhile, Optimizely facilitates their 2FA process through the developer community — an article from friend-of-Blend developer Joshua Folkerks from the Episerver days offers a walkthrough: "2 Factor Authentication In EPiServer."

Google Authenticator and other two-factor authentication methods can be used to secure any modern content management system. If you’d like additional information, drop us a line and we’ll see how we can help!

Resources on .NET development.

We’ve written at length, both here and beyond, on .NET development.

Optimizely Release Notes — July-August 2023

The following release notes highlight major or interesting changes in Optimizely's products from July and August 2023.

September 15, 2023

Episode 22: Test and Launch the Site (w/ Bob Davidson) Off-site link

Corey and Deane talk about the concept of the “Nails List.” Then, Bob Davidson, Director of Development at Blend Interactive, joins to talk about how to get your site ready for launch, what makes a good QA practitioner, the role of quality assurance and testing in the development process, and how to prep the site so it doesn’t fall over when exposed to the real world. We also spend a lot of time talking up Jenna Bonn, Blend’s QA Practice Manager.

August 16, 2023 | The Web Project Guide Podcast

Journaling as a Management Tool

Bob Davidson

In management, your team depends on you to help follow up on solving pain points and barriers. But, for the mind of an engineer with a spotty memory, managing this workload can be difficult. Blend's Director of Development Bob Davidson explains how he supplements his workflow with a mix of technology, process, and habit through daily journaling.

August 9, 2023

Optimizely Release Notes — May-June 2023

The following release notes highlight major or interesting changes in Optimizely's products from May and June 2023.

July 14, 2023

Check out our most recent articles on development.