We listened! Concrete CMS now has a Configuration Best Practices documentation page which provides a checklist to help you make sure that your Concrete site is secure!

Most are Concrete CMS security hardening recommendations. We also include a few “common sense” pointers. 

We do also give some suggestions for securing your webserver based on our team's site setup checklist. However, the source of truth for your site's infrastructure configuration should be the best practices for whichever webserver you are using.

Concrete's Configuration Best Practices will only get better with time as we, and the community, make additions and tweaks!