Advanced Security Settings
Advanced Security Settings
The advanced settings page contains a number of options for keeping your Product Cart store safe, protecting your customers’ accounts and preventing spam messages.
The advanced settings page contains a number of options for keeping your Product Cart store safe, protecting your customers’ accounts and preventing spam messages.
Overview
This section explains the requirements of the Advanced Security options and has a master switch for turning security on and off.Storefront
The storefront area allows you to choose which storefront pages use Advanced Security features.- Add advanced security to User Login, Registration, Affiliate Login, Affiliate Registration pages options will force those pages to use the settings checked in the Password & Login section below.
- Add CAPTCHA to Login/Registration, Guest Checkout, Product Review and Contact Us will add a human verification section to those pages where a user must go through a series of steps that malicious computer programs can’t perform but a human can do with ease. The type of CAPTCHA presented to a user is selected in the CAPTCHA Settings below.
- Add Advanced Security to the gateway pages allows you to lock a user account after a number of failed tries. This can help prevent malicious users from trying multiple fake cards and other types of abuse.
Control Panel
This section allows you to add further security options to the login page on your Product Cart Control Panel.- If Add advanced security to the Control Panel is selected then the Control Panel login.
- Add CAPTCHA to Control Panel Login adds the CAPTCHA option selected in the CAPTCHA settings section to the login page.
Alerts
Here you can choose to send an email notification to the store administrator if anyone tries to log in unsuccessfully several times. You can set how many times it takes before the notification is sent.Password and Login
This section lets you select which advanced security options are in place on login pages selected in the Storefront section above.- Enforce strong password security requires users to use more secure passwords.
- Prevent customers from using the same password more than once makes users select a unique password each time the password is changed.
- Send email to customer when their password is reset can help alert a customer who’s account may be compromised.
- Record all login attempts keeps a record of when an account was accessed and notes if the attempt was successful of not.
- Keep track of failed attempts and lock the account allows you to temporarily prevent a user from logging in if they try unsuccessfully too many times. This helps prevent malicious programs that try to get into an account by trying hundreds of times a minute with random passwords hoping for to guess the right password. You can choose this option by user and by IP address.
- Use CAPTCHA on the password reset prompts a user to verify they are a human by completing the CAPTCHA selected in CAPTCHA settings.
CAPTCHA Settings
Here you can choose if you want to show the older CAPTCHA option or the new Google reCAPTCHA option on any pages where you have specified users should respond to a CAPTCHA.- The default CAPTCHA will show users a series of random letter and numbers in unusual fonts, shapes and colors. The user must read and type the letters and numbers into a form before they can continue.
- Google reCAPTCHA shows a box with a message that the user must click to verify they are not a robot. In most circumstances this is all a user will need to do. In some cases a user may be prompted to preform another task, often identifying a picture out of a group of pictures. This option is more user friendly and less likely to stop a legitimate customer from being able to complete the action. There is some additional set up required for reCAPTCHA and the settings link will take you to the required page.