Security

Overview

The Security category provides comprehensive tools to protect your admin panel and monitor security-related activities. These modules help you enforce security policies, track user actions, implement multi-factor authentication, and respond to security threats.

Security is critical for protecting sensitive data and maintaining the integrity of your system. The modules in this category work together to create multiple layers of defense against unauthorized access and malicious activities.

Modules in This Category

Security Settings

Configure system-wide security policies including password requirements, two-factor authentication, IP whitelisting, file upload security, account lockout policies, and security monitoring.

Read full documentation →

Audit Logs

View and analyze a comprehensive log of all administrative actions performed in the system. Track who did what, when, and from where to maintain accountability and investigate issues.

Read full documentation →

Two-Factor Authentication

Set up and manage two-factor authentication (2FA) for your account to add an extra layer of security beyond passwords. Generate and manage recovery codes for account access.

Read full documentation →

IP Whitelist

Restrict admin panel access to specific IP addresses or ranges. Prevent unauthorized access by only allowing connections from trusted locations.

Read full documentation →

Security Events

Monitor and respond to security-related events such as failed login attempts, suspicious activities, and potential security threats. Configure alerts to stay informed of security issues.

Read full documentation →

Common Security Workflows

Setting Up Basic Security

1. Configure password policies in Security Settings
2. Enable two-factor authentication for admin accounts
3. Set up IP whitelisting for admin access (if needed)
4. Enable security monitoring and configure alerts
5. Review audit logs regularly

Investigating Suspicious Activity

1. Check Security Events for unusual patterns
2. Review Audit Logs for specific user actions
3. Verify IP addresses in access logs
4. Check for failed login attempts
5. Take appropriate action (disable accounts, update IP whitelist, etc.)

Responding to Security Incidents

1. Review Security Events to identify the issue
2. Check Audit Logs for affected resources
3. Disable compromised accounts if necessary
4. Update security settings to prevent recurrence
5. Document the incident and response

Regular Security Maintenance

1. Review audit logs weekly
2. Monitor security events dashboard
3. Update IP whitelist as needed
4. Verify 2FA is enabled for all admin users
5. Review and update password policies periodically

Security Best Practices

Password Security

• Enforce strong password requirements (minimum 12 characters)
• Require a mix of uppercase, lowercase, numbers, and symbols
• Enable password expiration (90-180 days recommended)
• Prevent password reuse (last 5-10 passwords)
• Check passwords against compromised password databases

Access Control

• Use IP whitelisting for admin access when possible
• Require 2FA for all administrator accounts
• Review user permissions regularly
• Remove access for inactive users promptly
• Use the principle of least privilege

Monitoring and Auditing

• Enable security event monitoring
• Configure alerts for critical events
• Review audit logs regularly
• Investigate all failed login attempts
• Monitor for unusual access patterns

Account Protection

• Enable account lockout after failed attempts
• Set reasonable lockout durations (15-30 minutes)
• Implement session timeouts
• Require re-authentication for sensitive actions
• Use impersonation feature instead of sharing credentials

File Upload Security

• Enable malware scanning for uploaded files
• Validate MIME types match file extensions
• Enforce file size limits
• Restrict allowed file types
• Scan file content for images

Incident Response

• Have a documented incident response plan
• Know how to quickly disable compromised accounts
• Keep backup recovery codes in a secure location
• Document all security incidents
• Review and update security policies after incidents

Quick Links

• Configure Password Policy
• Enable Two-Factor Authentication
• Add IP Whitelist Entry
• View Recent Security Events
• Export Audit Logs
• Generate Recovery Codes

Related Documentation

• User Management - Managing user accounts and permissions
• System Settings - General system configuration
• Getting Started - Initial setup and configuration