Secure your websites and data

Secure your Kentico Xperience websites with confidence by implementing multiple security layers to ensure your customer data, the administration interface, and the live site are kept separate. Additionally, eliminate threats by protecting your data with various authentication methods, permissions, and user management. Tailor the security posture of your digital experience platform to meet your business requirements and compliance obligations.

Create multiple security layers

With Kentico Xperience, you can separate data, administration, and the live site with different servers to strengthen the security of your overall solution. MVC routing also passes executed data in a secure way to avoid exploitation or exposure.  

Choose your preferred authentication method

Kentico Xperience offers a range of authentication methods for both the live site and administrative interface to support B2E, B2B and B2C use cases. From simple forms authentication based on standard ASP.NET authentication, to social logins, SSO and multi-factor authentication, you can implement standard or customized authentication solutions to support your customers and employees.

Apply roles and permissions to sites, applications, pages, and content

Open or restrict access as you wish! Create user profiles, extend them with custom fields, import them from external systems, or let visitors create accounts directly from your website. Kentico Xperience has a set of default roles and permissions, in addition to the ability to fully customize roles to suit your needs and ways of working. You can even grant users access to particular areas of the administration or website content. Personalized permissions can be applied to restrict access to individual documents or pages as necessary.

Cover yourself with double opt-in and reCAPTCHA

Reduce spam captured by your website forms. Spam protection controls like Google reCAPTCHA are familiar and easy for visitors to use and enable you to detect bots in just one click. Double opt-in also ensures new users are who they say they are, by requiring them to confirm their registration via email. You can even set up an approval process before allowing them to complete their registration and login.

Stay protected with Anti-CSRF tokens

Hackers can also try to weasel their way into your website via multiple pathways. A Cross Site Request Forgery attack, for example, exploits a vulnerability in a web application if it cannot differentiate between a request generated by an individual user and a request generated by a user without their consent. Kentico Xperience’s Anti Cross-Site Request Forgery (CSRF) uses tokens to validate requests and protect websites against CSRF vulnerabilities with no reduction in website performance.  

Be confident in our quality testing and secure development processes

ISO 27001 security certified, Kentico Xperience regularly undergoes security testing and security-focused code reviews. We develop according to OWASP secure development principles and processes and respond quickly and efficiently to security vulnerabilities that may arise. We are also proud of our 7-day bug fixing policy, which not only means issues are fixed fast, but we also plant a tree for every bug found by one of our customers–helping you and our environment!

Try Kentico

Beat the competition and start delivering results with the only digital experience platform that combines advanced capabilities, a short time to value, and ease of use.

Key platform features

Scalability and Performance

Deliver high-performance websites with the latest ASP.NET technology.


MVC Development

Speed up development with ASP.NET Core MVC and make marketers more productive with widgets.


Deployment Tools

Benefit from straightforward deployment and server maintenance. Create and synchronize multiple environments effortlessly.



Eliminate threats and secure your websites. Stay protected with Anti-CSRF tokens and create multiple security layers.


Cloud Deployment

Deploy your websites in the cloud.


Headless API

Publish content to any channel with a powerful headless API layer.


Extensibility and Customization

Extend the platform with your code. Add custom functionality and customize the user interface to fit specific use cases.

Cookie consent

We use necessary cookies to run our website and improve your experience while browsing to provide you with relevant information in your searches on our and other websites. The additional cookies are only used with your consent. With your consent, we may also transmit certain personal data to marketing platforms for targeted marketing purposes.


We're sorry, but your browser is currently not supported. Try using our website in other browsers like the new Microsoft Edge, Google Chrome, or Mozilla Firefox.
Should you have any query or want to report any issue, feel free to send us an email to