Security is a top priority when managing an online platform. The OrderingPlus Dashboard offers a range of security settings designed to protect your business, customers, and data. Here’s a clear guide to help you navigate and utilize these security features effectively.
1. User Verification Settings
Require Email Verification After Signup
To prevent unauthorized access, you can require users to verify their email addresses after registration. This involves sending a one-time password (OTP) that must be confirmed before they can access the platform.
How to Use It: Enable this setting to send a verification email with an OTP whenever a user signs up. Users must confirm their email before proceeding.
Require Mobile Phone Verification After Signup
For added security, you can enforce mobile phone verification via SMS. Users will receive an OTP they need to enter before accessing your platform.
How to Use It: Enable this setting to send an OTP to the user's phone number. Users will have to validate it to complete their registration.
Allow Business Owner to Register Additional Businesses
Give business owners the ability to expand by allowing them to register multiple businesses under a single account.
How to Use It: Toggle the setting to let registered business owners create additional business profiles.
Verify App Version
Ensure that users are operating on a supported app version to avoid security vulnerabilities.
How to Use It: Activate this feature to automatically check the app version and require updates if an outdated version is detected.
2. reCAPTCHA Security
Protect your platform from automated bot activity using Google's reCAPTCHA service.
Add Your reCAPTCHA Keys
Input the necessary site and secret keys from your reCAPTCHA account to enable the service.
How to Use It: Enter the keys in the designated fields under reCAPTCHA settings.
Enable reCAPTCHA for Sign-Up and Online Ordering
Use reCAPTCHA during the sign-up and order processes to minimize fraudulent or automated actions.
How to Use It: Enable these settings to incorporate reCAPTCHA into critical user actions, enhancing security.
Choose Your reCAPTCHA Version
Select between reCAPTCHA v2 or v3 based on your platform’s security needs. Adjust the score threshold to set the sensitivity level for reCAPTCHA v3.
How to Use It: Select the preferred version and input the necessary site and secret keys for integration.
4. Login Attempt Limits
Limit Login Attempts by Email, Phone, or IP
Prevent brute-force attacks by setting a limit on the number of login attempts per email, phone number, or IP address.
How to Use It: Activate these limits and specify the maximum attempts allowed and the penalty duration for exceeding them.
Authentication Penalty Duration
Define how long users must wait before attempting to log in again after exceeding the limit.
How to Use It: Set the penalty duration in minutes for email, phone, or IP-based restrictions.
5. Verification Code Limits
Restrict One-Time Code Generation
Control the frequency of verification code generation to prevent misuse.
How to Use It: Set the maximum number of codes that can be generated within a specific time window for receivers, IP addresses, emails, or projects.
Penalties for Exceeding Code Limits
Define penalties if the code generation exceeds allowed limits, like delays before another code can be sent.
How to Use It: Establish penalties in minutes for each category—receiver, IP, email, or project.
6. Password Reset Controls
Enable Rate Limits for Password Resets
Limit how often users can request password reset emails to protect against abuse.
How to Use It: Specify the maximum number of reset attempts allowed and set a time window for these requests.
Maximum Forgot Password Attempts
Control how many password reset attempts a user can make within the set time frame.
How to Use It: Adjust the number of attempts and the corresponding time window in minutes.
By configuring these Security Settings, you can create a safer and more reliable environment for both customers and business owners. Adjust these features according to your security policies to maintain a strong defense against potential threats.