Jump directly:


From the system architecture to our development and testing methods, papaya CMS is designed with an eye on security. Here is an overview of the most important safety features and criteria.

Control is important when it comes to your data.


Logins and error messages are protocoled and can be clearly linked to a specific account and IP address.

Blacklist and Whitelist

Using the blacklist you can block certain IP addresses from accessing your website’s backend. If you choose to use the whitelist, then the backend can only be accessed from IP addresses on the list.

Brute Force Protection

papaya CMS eliminates the danger from program-controlled login attempts by unauthorized persons.

Double Opt-in

This multi-step review procedure ensures, for example, that entries into your newsletter subscription list have to be confirmed in a separate step. The subscriber receives an email with a confirmation link. The registration only takes effect if the user clicks on the link. Email verification is a recommended method that prevents the abuse of email addresses.

Roles and Access Rights System

Using finely graded approval processes, you can determine exactly which content each user can see and edit. Backend users can be given different access levels and editing/viewing rights. Access rights can be limited to certain nodes of the organizational structure and applications. The ability to create, publish and delete pages is limited to users with specific editing rights.

Content Versioning

Older versions of published pages are not deleted but archived. You can see them in the preview and re-release them if you wish.

Error Messages

Simultaneous editing of a page can be prevented using error messages.

Captchas for Forms

papaya CMS has a standard databank inquiry level that “cleans” form entries. This means that certain letters or symbols are masked to prevent bad code being secretly entered into the system (SQL injection). The form fields have also been designed to prevent cross-site scripting. To further protect against automated form completion, you can also add a Captcha to the page.


papaya CMS supports the establishment of secure connections.

During the installation of papaya CMS, you can choose to save not only the file directory with the webpage templates and the multimedia content but also the entire program library outside of the root directory for HTML documents. By doing this, you make it technically impossible to access and manipulate the data over the internet.

Data and privacy protection means observing the relevant national laws and also any existing internal agreements. For this reason, user behavior data is always saved anonymously and can only be used for gathering statistical data.

Another feature of papaya CMS is that registered Frontend users are saved in a separate databank (Community Module). This prevents registered Frontend users from obtaining editing or administering rights, through either intentional or accidental manipulation.