This section shows an overview of your Security Settings. We will walk through each system setting to assist you to tailer for your site to your specific needs.
To access, navigate to Settings on the side menu, then select System Settings and Security tab from the Platform Settings:
IMPORTANT: Changes will not be updated until the SAVE button is clicked at the very bottom of the page.
Lockouts
Navigate to the Security link in the right-hand menu
Assign a maximum number of login attempts by a user, along with a lockout period. For infinite attempts set to 0
Set lockout duration. This will activate once a user has reached the maximum number of login attempts
Password Options
Set the minimum characters for users’ passwords
Set the maximum characters for users’ passwords
Toggle YES if passwords require an upper case letter
Toggle YES if passwords require a number
Toggle YES if passwords require a symbol
SameSite Protection
SameSite is a cookie attribute designed to block Cross-Site Request Forgery (CSRF) attacks by restricting how cookies are sent with cross-site requests. It basically limits when cookies are included, making it harder for attackers to misuse them.
But sometimes, strict SameSite settings can cause problems, especially with Single Sign-On (SSO) systems or Payment Gateways that rely on cross-site cookies to work properly. In those cases, you might need to loosen the SameSite rules to ensure these features work smoothly while balancing security.
Click on the drop-down box and select an option
XSS Security
Content-Security-Policy (CSP) is a security feature that controls which sources a website can load resources from, like scripts and images. It helps protect your site from attacks such as Cross-Site Scripting (XSS) by restricting where content can come from, making your site safer.
X-Frame Options
X-Frame-Options is an HTTP response header that controls whether your web pages can be embedded inside frames or iframes on other sites. This is important because attackers sometimes use framing to trick users into interacting with hidden or disguised content—known as clickjacking. By setting the right X-Frame-Options, you can reduce or eliminate this risk.
The main settings are:
DENY
This setting completely blocks your page from being displayed inside any frame or iframe, regardless of where the request comes from. It’s the strongest protection because no other site, including your own, can embed the page. Use this when you want to fully prevent framing and clickjacking.SAMEORIGIN
This allows your page to be framed only by pages that come from the same origin (same protocol, domain, and port). This is useful if your site relies on framing internally but you want to block external sites from embedding your pages. It still protects against clickjacking from third-party sites but lets your own site embed pages where needed.ALLOW-ALL (or no X-Frame-Options set)
This means your pages can be framed by any site, without restriction. It provides no protection against clickjacking and can leave your users vulnerable to malicious framing attacks. This is generally not recommended unless you have a very specific use case requiring open framing.
Copyright Protection
Toggle the slider to enable or disable copyright protection. When enabled, it stops users from right-clicking on course content, helping to prevent copying or saving.
Toggle YES to enable the use of copyright protection. This prevents right-clicking on course content or any learning material on the platform
Click ‘Save’ to save any changes made in the Security section
Restricting Account Creation via Email Address
Toggle the slider to enable the restrict registrations via approved email domain setting. When enabled, Administrators can specify which email domains are allowed for learner registrations via the front end.
When you're done with your updates, make sure to click Save to apply the changes.