New Features: Security Enhancements
There are import security related changes with this release. These include the following:
- Blog spam filtering
- New Password Strength Requirements
- Incorrect Password Lockout
Blog Spam Filtering
Basic spam filtering is available with Captcha. For advanced spam filtering, you need to obtain your own Akismet API subscription. After you obtain the subscription, you can enable advanced spam filtering by adding your API key in the website settings for your website. After you do this, spam filtering will be applied to all blogs on your site.
New Password Strength Requirements
Passwords are now subject to more secure restrictions. Previously passwords had to be at least six characters in length. With this release, passwords must be a minimum of 10 characters. The password must also contain at least three of the following character types:
- lowercase letters
- uppercase letters
- special characters
After the release, existing passwords will continue to work, but any new passwords are subject to the new requirements.
Incorrect Password Lockout
This release also introduces a new security measure for password entry. Now if a user enters an incorrect password the user account is locked for a configurable amount of time. After the specified time lapses, the user can attempt to login again. As an alternative to waiting, users can contact support to have their account unlocked.
Posted on Tue, April 24, 2018
by David Dorrell