(4 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
<ul> | <ul> | ||
<li>[[Security Settings#Common_Settings|Common Settings]]</li> | <li>[[Security Settings#Common_Settings|Common Settings]]</li> | ||
− | <li>[[Security Settings# | + | <li>[[Security Settings#Two_Step_Authentication_Settings|2-Step Verification Settings]]</li> |
<li>[[Security Settings#Password_Settings|Password Settings]]</li> | <li>[[Security Settings#Password_Settings|Password Settings]]</li> | ||
<li>[[Security Settings#Website_Security|Website Security]]</li> | <li>[[Security Settings#Website_Security|Website Security]]</li> | ||
<li>[[Security Settings#Captcha_Settings|Captcha Settings]]</li> | <li>[[Security Settings#Captcha_Settings|Captcha Settings]]</li> | ||
+ | <li>[[Security Settings#Profile Lock Field Settings|Profile Lock Field Settings]]</li> | ||
</ul> | </ul> | ||
</div> | </div> | ||
Line 27: | Line 28: | ||
</div> | </div> | ||
<p>Click on <b>Update</b> to apply the Common Settings.</p> | <p>Click on <b>Update</b> to apply the Common Settings.</p> | ||
− | <div class="subtitle" id=" | + | <div class="subtitle" id="Two_Step_Authentication_Settings">2-Step Verification Settings</div> |
<p>You can set Google's 2-Step Verification settings here, which will provide enhanced security.</p> | <p>You can set Google's 2-Step Verification settings here, which will provide enhanced security.</p> | ||
<div class="docs"> | <div class="docs"> | ||
Line 103: | Line 104: | ||
</ul> | </ul> | ||
</div> | </div> | ||
+ | <div class="subtitle" id="Profile Lock Field Settings">Profile Lock Field Settings</div> | ||
+ | <p>You can Lock/Unlock member's Email, First and Last Name and Processor ID by checking respective check boxes. If you do not want to allow members to change their Email, First and Last Name and Processor ID once they enter these details in system, then check all boxes.</p> | ||
[[Category:Settings]] | [[Category:Settings]] |
Latest revision as of 05:59, 9 March 2019
Security Settings can be set from here.
-
- Use Static IP : Static IP protects Adminpanel logins from other IP Addresses. When enabled, Admin Has to Verify every new IP Address he tries to log in with to the Adminpanel. So, Admin will receive a Verification Mail every time there is a login attempt from an Unverified IP Address.
- Verification Mail Expiration Time (Hours) :* Specify Number of Hours the verification mail will be valid.
- Anti Brute Force :* This option saves you from the hackers trying to get into the Adminpanel using different possible passwords. Here, you can specify the number of consecutive failed login attempts after which user's IP Address will be blocked for the number of hours specified here.
- Anti Brute Force :* This option is little different from the one above. You can permanently lock the Adminpanel for everyone if someone tries to login here with incorrect details for a specified number of consecutive attempts within a specified number of minutes. This can be useful especially when someone tries a heavy brute force attack on the Adminpanel where different combinations of passwords are used to login. After the permanent lock, a mail containing the verification link will be sent to the admin email address. Lock will be removed only when admin unlocks the Adminpanel using the link.
Click on Update to apply the Common Settings.
You can set Google's 2-Step Verification settings here, which will provide enhanced security.
- Admin Area
- Enable Google 2-Step Verification : Choose Yes if you want to enable Google's 2-Step Verification feature for Admin area. This feature is the latest and safest security measure.
- Select A Means To Set up Google 2-Step Verification : Select how you want to setup Google's 2-Step Verification security measure. There are 2 options available: via QR Code or Security Key.
- Admin Password :* Please enter current Main Admin's Password. Sub Admin password will not work here.
Click on Update to Enable Google 2-Step Verification for Admin Area.
- Member Area
- Enable Google 2-Step Verification : Choose Yes if you want to enable Google's 2-Step Verification feature for Member's area.
- Enable Secondary Password : For Enhanced Security, enable secondary password from here. When enabled, members can set their secondary password which will be asked every time they log in to their account.
Click on Update to Enable Google 2-Step Verification for Member Area.
You can specify password policy settings here. Member's passwords must meet below criteria when they Set/Update their passwords.
-
- Minimum Password Length :* Set the minimum password length here.
- Maximum Password Length :* Set the maximum password length here.
- Minimum Numeric Characters in Passwords :* Specify the minimum number of numeric characters should be there in the passwords.
- Maximum Numeric Characters in Passwords :* Specify the minimum number of numeric characters allowed in the passwords.
- Allow Non-Alphanumeric Characters in Passwords : If set to Yes, then passwords with Non-Alphanumeric characters will be allowed. That is, passwords that include non-alphanumeric characters like $,#,& etc. will be allowed.
- Minimum Number of Non-Alphanumeric Characters in Passwords :* This setting doesn't matter if you have selected 'No' above. Mismatches may happen otherwise. If you select Yes above, then you need to specify the minimum number of Non-Alphanumeric characters that have to be there in the passwords.
Click on Update to apply the Password Settings.
Admin can add a record to Block New Registrations from any particular Email, Domain, IP Address or Country. Specific Username can also be banned. Delete a record any time to again allow new sign ups from those particular Emails, IP Addresses, Domains or Countries.
Click on Add New to create a new record for blocking a particular Email, Domain, IP Address or Country.
-
- Block Signups By : Choose whether you want to block signup by Domain Name, IP Address, Email, Username or Country.
- Enter Value :* Specify the value depending on what you have chosen in the Block Signups By field.
Click on Submit to apply the Website Security changes.
You can Set settings for Captcha here.
-
- Captcha Characters :* Specify list of characters you wish to show in Captcha.
- Captcha Character Length :* Specify the Captcha length. Minimum 5 characters are recommended.
- Captcha Text Color :* Specify the Captcha Text Color in R, G, B format.
- Captcha Background Image :* Enter the captcha background image name. It should be uploaded to 'vendors/captcha/images/' directory.
- Captcha Font File :* Specify the captcha font file name and upload the file to 'vendors/captcha/fonts/' directory if you want to show captcha in different fonts.
- Enable Captcha For : Select the pages where you want to enable captcha. Pages for which you can enable the captcha are: Admin Login, Member Login, Member Signup, Member Profile, Public Support, Member Support, Public Support Search, Add Member Testimonial, Advertisement Banner Ad, Advertisement Text Ad, Advertisement Solo Ad, Advertisement Solo Saved Ad, Member Add Fund and Member Purchase Position.
You can Lock/Unlock member's Email, First and Last Name and Processor ID by checking respective check boxes. If you do not want to allow members to change their Email, First and Last Name and Processor ID once they enter these details in system, then check all boxes.