I have a Pimcore 4.x (latest) running and I think we’ll need at least 1 more year before we can upgrade to the 5 branch. Given that I was looking into ‘hardening’ the current install with these simple measures:
- /admin/ only available with certain IP address (configured trough Apache), or valid user (basic auth)
- Disable API
Would that already protect me from Pimcore ‘bugs’ & security risks (I trust my users so elevated right bugs inside Pimcore are not a thread).