How to secure your website

Introduction

There are a number of methods you can use to help make sure that you, your website, and your users are protected from unwanted interactions. Enjin expects these methods of protecting your website and users to be used before contacting official support.

 

Banning a user

There's 3 methods of banning a user on your website.

Hint: NEVER REMOVE THE TROUBLESOME USER FROM YOUR USERS LIST! - This will leave you incapable of IP banning the user in the future.


Regular User Ban

To perform a regular ban on a user, you can visit your admin panel > Users tab. Within this area, select the name of the user you would like to ban. Click the button "User Actions". And click "Ban Users".

Note: A regular ban only bans the account of the user. If the user creates a new account, they will not be banned on the second account. If this is the case for your website, we highly encourage you to proceed with IP banning this user.


What does regular banning do?

If you place a regular ban on the user, the user will be tagged as a banned member throughout the website, and they essentially become a 'non-member' of the site.


IP Ban

To perform an IP ban you will need the user's IP. To get the user's IP, you will need to visit your admin panel > Users tab. There, edit a user's details to locate the user's IP and copy the user's IP. After you have the IP, you should visit your admin panel > Bans > IP Bans, there IP ban the IP 

Note: The free plan does not have access to view IP addresses of users, only the Advanced and Ultimate plans can view user IPs freely on the user panel of the site. In this case, IP banning is only an option if you can obtain the IP address of the user. 


What does IP banning do?

IP banning a user will prevent the user from viewing your website entirely. When they visit your website, they will be presented with a snow white screen with no navigation, or means to search through your website.

 

ID Ban

Different from a Regular User ban, an ID ban can be issued even if a user is not a member of your Enjin website. An ID ban will ban a user according to their Enjin profile ID number, preventing them access when logged into that profile. You can locate a users account ID from their Profile -> About Me section.

To initiate an ID Ban, you just need to head over to Admin > Users Tab > > Bans > ID Bans. Enter the users profile ID, and press Ban User ID.

 


Registration access

Your website's registration access can be controlled. To modify how user register on your website, visit your admin panel > Users tab > Join Settings. Within this are you have the following options:

  • Anyone can register -  Anyone can join your site freely
  • Users cannot register - No one is allowed to register on the website if this is activated
  • Users can only register after approval by admin - The site admin or owner will need to accept or reject users who request access tojoin the site.
  • Users must register via Application Form with approval - You can select the Recruitment Form module you want to use for user registration.

 


Set page view access

Page view access is yet another way to control who can and who cant view your website. You can do this per page. To set view access per page, please visit your admin panel > pages tab > select the desired page > click "Edit Page" button.

Within the "edit page" pop up, you have the option to set view access to any website tag, or permanent tag on your website. This is great for setting admin only pages, or keeping out users that may or may not be harassing your website.

 

Container view access

In addition to page view access stated above, you can also set container view access. Containers hold your modules on each page.

To set container view access, please visit your admin panel > pages tab > select your desired page > click the "cog" gear icon on the top of each container. Within the popup, you can set container view access per tag. This is great for managing specific areas on each page that you only want certain people to view.

 


Create private forums

You have the ability to set many options for keeping your forums safe and secure. To set these permissions, please visit your admin panel > modules tab > edit your forums module > edit a single forum area

  1. Forum view access - Set which website tags can view single forum area
  2. Forum post access - Set which website tags can post within threads per forum area
  3. Forum thread creation access - Set which website tags can create threads within each forum area


Akismet spam filter

Overall, every Enjin website including the free plan website have very secure forums. Enjin works very hard to secure your forums and prevent spammers from visiting your website. But like any other forum board, some pesky users still get through. Here's a method of preventing this.

To enable the Akismet spam filter, please visit your admin panel > modules tab > edit your forums module > settings tab > Akismet spam filter area. Enable this checkbox to enable akismet within your forums.

Set a time frame or minimum post count to disable akismet scanning on users who have reached this limit. It is recommended that you keep these numbers low to prevent normal users from having a hard time posting.


What does this spam filter do?

This spam filter will scan posts / threads being made by your users to see if the post contains spam. Within the akismet spam filter settings, you are able to choose when this scanning should stop. Whether it be [x] number of posts, or [x] amount of days within the forum.

Note: The Akismet spam filter option is only available to the Ultimate website plan

 

Personal login security

It is each user's personal responsibility to keep their own login credentials safe. We have prepared a small list of things you can do to make sure your account is safe.

  • NEVER give out your account credentials
  • DO NOT share accounts
  • DO NOT share or give out email credentials
  • Be mindful of the hyperlinks you are clicking
  • Enable Two Factor Authentication to add an additional layer of security to your account.
  • If you are a website owner or administrator, it is EXTREMELY crucial that you do not give out your account credentials. This has lead to many compromised websites.

Enjin cannot be held responsible if your website or login details have been compromised due to personal negligence or through means beyond Enjin's control.

 

Admins

Full administrators of each Enjin website have the capability of viewing the majority of the admin panel, and the main website. Administrators have the capability to do serious damage if tempted. We urge you to please keep full administrators to a minimum.

Note: Only provide full administrator to the user you trust with your entire website. Keep in mind they have the ability do delete serious information.


Fake Admins

Fake admins is a term I like to use for admins who look exactly like a full admin, but have specific roles in what they can manage and control.

Within your admin panel > users tab, you can create website tags. If you create a website tag named "Administrator", you can then give that specific tag access to whatever admin panel areas you want within your admin panel > settings tab > admin panel access.

With this new tag, you can also set what modules he can manage within your admin panel > modules tab > admin access per module.

By using the fake admin tag, you can successfully manage your website safely without having to worry about certain admins becoming a problem and destroying your website.

 

Admin Panel Access

Setting admin panel access allow you (the website owner) to ensure that each individual on your website has access to the correct areas and can only manage what you want them to manage. You can set access to various locations of your admin panel and access can be given to any tags created on your website. For a full guide on using admin panel access, please visit this page.


Concern for Other websites and members

If you are concerned about another community or website on Enjin you can contact us at www.enjin.com/support/form. However please note we do not remove websites or communities unless they are directly infringing on Enjin's Terms of Service. Copyright issues and/or internal disputes regarding your own website pages, members, and content is not something we get involved with, regulate or assist with. Please be mindful of your own content, members and security by following the steps above.

Requests for removal of another website or member is assessed case by case and not regularly done unless there is solid evidence provided, proving clear infringement on Enjin's terms. Please also note that not all infringements warrant a deletion or removal of a website and/or a member's account and is ultimately up to Enjin's discretion.

 

Profile security

Please be aware that your profile on Enjin is public. Anything you put there can be accessed and viewed publicly. Photos, personal details such as full name, addresses, phone numbers and email addresses are disclosed at your own risk.

If there is a user that is posting spam or other unwanted content on your wall or Private Messaging you, please block the user by going to their profile and Block user. We cannot regulate everyone's actions, so we recommend either making your wall available to just your friends, or just continue to block unwanted posts and users.

Want someone's IP?

We don't give it to you via email. But if the user is signed up on your website and you are an admin or owner you can check IPs there. Again, we do NOT provide IP addresses of users.

Was this article helpful?
4 out of 4 found this helpful