netgrade Zum Inhalt springen

What is TYPO3?

The content management system TYPO3 (CMS) is ideal for more complex requirements. The software is open source and available free of charge under the GNU General Public License version (licences TYPO3).

  • TYPO3 is very widespread in German-speaking countries. By the end of 2017, more than 500,000 websites had been implemented with the system.

  • More than 79,000 developers are officially registered at, active developers are estimated at around 25,000.

  • In 1997 Kasper Skårhøj starts the development of the system, in 1998 the first versions are available.

  • The release of the first official TYPO3 (version 3.0) follows three years later in 2001.

  • In 2004, the TYPO3 Association is founded and coordinates the further development of the system.

  • The programming languages PHP, SQL and Javascript are used.

  • The CMS is independent of the operating system.

Who is behind TYPO3?

The further development of the system is coordinated by the TYPO3 Association. The Association is an association under Swiss law with headquarters in Baar (Canton Zug). Its members are mainly digital agencies and other technology companies that rely on TYPO3. Financing for the further development of the system comes from membership fees, donations and fee-based events.

In 2016, the TYPO3 GmbH was also founded. It offers various services related to the system, importantly, for example, extended support for older TYPO3 versions. In addition, project reviews and various service level agreements can be booked.

When does TYPO3 make sense?

TYPO3 is an enterprise CMS and is suitable for the implementation and operation of websites with complex requirements. These requirements can be divided into the five sub-areas described below.

Dimensions of a CMS

Asset Management

The core task of every CMS and one of the great strengths of TYPO3 is the management of the various contents of an Internet presence. Even with large amounts of data, TYPO3 runs with high performance and stability.

A powerful file abstraction layer makes it possible to organise files and enrich them with any meta-information. This serves, for example, to categorise or link content according to defined rules.

TYPO3 storage management means that data storage is not limited to the TYPO3 server, i.e. external services (e.g. Amazon Cloud or Dropbox) can be used for data storage.

Languages and countries

TYPO3 offers all possibilities for localising website content, i.e. for handling language and country variants. The convenient translation handling and multi-domain capability are components of the TYPO3 core and are delivered accordingly with every core update. No extensions need to be installed for the administration of language and country variants. If certain content is to be displayed on different country portals but only maintained once centrally (shared content), this is also possible within the framework of a multi-domain instance.

Rights and roles

The TYPO3 rights and role management is very granular. A multitude of authorisation options makes it possible to configure precisely tailored roles for all relevant user groups. The roles and rights management is also part of the TYPO3 core and can be applied to all extensions.


In combination with role and rights management, TYPO3 workflow management can map a wide variety of processes for the step-by-step production, release and publication of website content. The workflow is also a TYPO3 core functionality.


Thanks to clean data storage, TYPO3 is very well prepared for any form of data exchange. The identification and access to desired data sets is cleanly possible. TYPO3 can be configured to output data in different formats, e.g. JSON, XML, and others. This increases flexibility enormously, as the desired formats of the receiving agency can be taken into account.

How secure is TYPO3?

A very large developer community ensures independence from individual agencies and continuous further development of TYPO3. The further development of the system is controlled by the TYPO3 Association. TYPO3 has its own security team, which continuously provides security updates for the core. Furthermore, security gaps in 3rd party extensions are also reported centrally. In the case of critical patches, advance notice is given. This means that an update can be scheduled before the security gap is officially "disclosed". TYPO3 is generally considered to be more secure than other open source CMS projects (see also

Measures kultwerk

  • Use of core components or APIs: Avoid unnecessary complexity and potential security vulnerabilities.
  • Core components and TER extensions are not overwritten in order to maintain the updateability of the system as far as possible. 
  • When developing custom extensions (e.g. event module), kultwerk pays particular attention to ensuring that all user input in the frontend is properly "sanitised". Both in the persistence, to prevent SQL injections, for example, but also in the output, to prevent XSS attacks, for example. 
  • 3rd party extensions are only allowed if they are really needed. This reduces the code base and avoids potential security gaps.
  • Coding Guidelines PSR-1 and 2, regarding autoloading 0 or 4

Maintaining content with TYPO3

All content is maintained via the TYPO3 backend. Frontend editing, i.e. the possibility of moving around the website while logged in and clicking on the content to be edited in order to access an editing view, is only provided for in TYPO3 from version 9 onwards.

TYPO3 Backend Administrator & Editor

The view of the backend depends strongly on the role. The administrator sees all areas and can use the full range of functions of the system. A classic editor's view is much more streamlined, which makes orientation in the backend much easier. Via the tree structure in the backend, which generally defines the navigation in the frontend, the editor can reach the page to be edited and edit content elements there or create new elements. Access to module content is via the TYPO3 list view or own backend modules.


TYPO3 is continuously being further developed. The TYPO3 Association communicates the roadmap for further development transparently on its website (cf. Development Roadmap


Larger system leaps (major releases, e.g. from TYPO3 version 8 to 9) were last published approximately every two years. (Security) updates are also offered for the respective overhauled version for a period of approximately two years after the release of the newer version.

A major release includes a core update and an update of the so-called system extensions. Other system extensions are not always available at the time of the release.

In addition, the last teething troubles are always fixed in the initial phase of live operation of a new version. Therefore, it is advisable to build on a new version only when it has been in operation for some time and can be better assessed.

TYPO3 Support Timeline

Smaller (security) updates are continuous (e.g. from TYPO3 version 8.2.14 to 8.2.15) and should also be installed regularly. The update cycle can be made dependent on how complex and how security-critical the application is. In general, however, it is advisable to check the necessity of updates once a month.

Regular MaintenancePriority BugfixesExtended Support (optional) / ELTS

Regular Maintenance

While the TYPO3 organisation is already working on a new major version, it provides security and bugfix updates for the current version free of charge.

Priority Bugfixes / Patches

Following this, critical security updates will continue to be made available for the version in question. These are also available free of charge for approximately one and a half years.

Extended Support (with costs) / ELTS

After this period, free support from the TYPO3 organisation ends.  Extended Support can be purchased from TYPO3 GmbH for a further two years. Prices and availability ELTS:

How is TYPO3 structured?

The core of TYPO3 is written in the script language PHP. TypoScript is also used for the basic configuration of a TYPO3 instance. TypoScript is a system-specific configuration language. MySQL is generally used as the database, but other SQL-based databases such as MariaDB, PostgreSQL or Oracle are also possible.

Which TYPO3 extensions are available?

TYPO3 extensions serve to expand the scope of services of the core system. Extensions that are used particularly often or that are absolutely necessary for the operation of the website are called system extensions. These extensions are part of the official TYPO3 version and are delivered directly by the TYPO3 Association with so-called major updates. The majority of the available extensions are so-called TER extensions. These are stored in the TYPO3 Extension Repository (TER), a central server from which these extensions can be downloaded free of charge.

TYPO3 Extensions

Core Extensions 

Core Extensions are developed by the TYPO3 Association and delivered with the core of the system. They form the basis for the development of basic modules (e.g. contact form, search).

TER Extensions

TER extensions come from the TYPO3 community (third parties) and are published and documented in the TYPO3 Extensions Repository (TER). These extensions are only used by kultwerk if they are absolutely necessary. This reduces the code base, avoids potential security gaps and reduces problems with future updates. The following TER extensions are generally part of our projects:

Custom Extensions

Custom Extensions are programmed for very specific project requirements based on TYPO3 Extbase and TYPO3 Core development standards.

What are the hosting requirements for TYPO3?

Requirements server

  • Operating System: Unix (z.B. Linux), Windows or Mac
  • Webserver: Apache, NGINX, IIS
  • Middleware: PHP
  • Data base: MySQL (or other databases, which are supported by Doctrine DBAL)
  • Hardware: min. 256 MB RAM
  • (Quelle: Requirements
  • learn more about the requirements

Client for using the TYPO3 backend

In principle, any modern browser with a graphical interface and activated JavaScript can be used to maintain content in the TYPO3 backend. We recommend the latest versions Google Chrome or Mozialla Firefox.