Login & Registration Security Panel
This panel allow to control the security settings for login and registration:
- Require SSL: Requires to use
http:) for transmitting passwords. In order for this to work, your site must be properly set-up for SSL.
- Password hashing during Login: This is useful when you are on
http:. It is redundant if you are on
https:. You should turn in off when using
HTTP Authentication / HTTP Authorization
HTTP Authentication: allows to log in to b2evolution using an HTTP Authorization header, like the "HTTP BASIC AUTH" scheme.
- The first checkbox will return a
401 UnauthorizedHTTP response code when requiring a log in. This may be needed to trigger client / proxies to send the
Authorization: <type> <credentials>HTTP Header.
Checking this automatically check the second checkbox below:
- The second checkbox will accept an
Authorization: <type> <credentials>HTTP Header on any page of the site (if no user logged in yet) and automatically log in the user. b2evolution will accept the
Authorization: <type> <credentials>header on any page, no matter if a
401 Unauthorizedwas sent before and no matter if authentication is required or not.
Username & Password Complexity
- Minimum password length:, Require specials characters:, Require strict logins: allow to control username & password complexity.
In this panel, you can modify the required password length, enable strict logins, require SSL, enable password hashing during login, and choose whether or not special characters are required for the user-generated passwords.