For what/what not?

Improve the security of your OXID eShop with the OXID Security Module.

Take advantage of the following features:

Enforcing strong passwords

A password policy enforces the security of passwords.

The system validates your customers’ password entries based on the criteria you configure.

Your customers are shown the requirements when they click in the password input field (Fig.: Requirements for passwords, item 1).

A password strength indicator and a password generator help your customers to fulfill the requirements.

Requirements for passwords

Fig.: Requirements for passwords

If required, configure the minimum length of the password and the standard requirements for the composition of the password that your customers must enter when registering.

For more information, see Setting password policy.

Using CAPTCHA protection against bot attacks

The CAPTCHA mechanism in OXID eShop protects form areas from automated bot attacks.

This feature is available for key forms and includes two different types of CAPTCHA.

Background

Automated requests can lead to spam, security vulnerabilities, or increased server load.

The CAPTCHA mechanisms prevent such automated inputs either through active user interaction or through invisible validation methods (e.g., honeypot).

Available CAPTCHA Types

Image CAPTCHA

Users must correctly enter the text displayed in an image.

To assist users, a Reload button and an audio playback option for accessibility are available (Fig.: Image CAPTCHA with audio playback and reload).

Image CAPTCHA with audio playback and reload

Fig.: Image CAPTCHA with audio playback and reload

Honeypot CAPTCHA

An invisible field identifies automated bots without affecting the user experience (Fig.: Testing the Honeypot CAPTCHA, item 1).

This CAPTCHA is not visible to human users.

Applicable Forms

The CAPTCHA check is integrated into the following forms:

  • Registration

  • Login

  • Newsletter subscription and unsubscription

  • Contact form

Implementation

Use the settings to define which CAPTCHA types should be active.

For more information, see Configuring CAPTCHA Verification.