What are the securities provided by EE?

ExpressionEngine has the most comprehensive suite of security features of any publishing platform on the market.

160 Bit SHA1 Password Encryption: - SHA1 is the worlds most secure password hashing scheme.

Session Management: - ExpressionEngine has three separate session management systems, based on your security needs. Your control panel and your public site can each utilize its own session preferences.

Secure Form Processing: - Forms can only be submitted once per page load. This prevents duplicate submissions and deters spamming.

Captcha: - ExpressionEngine can generate "captcha" images for member registration and comment posting to prevent spamming.

Throttling: - This feature lets you manage the frequency that any given IP address can access your site in order to help prevent denial of service attacks.

Duplicate Data Denial: - When enabled, this preference denies any user-submitted data that already exists in the database, providing increased spam protection.

Multi-Password Denial: - Multiple users can not access the system using the same password simultaneously.

IP and User Agent Logging: - Our Session Management system tracks both IPs and User Agents for more precise authentication.

Password Lockout: - Users can be locked out after several invalid password attempts. This is a deterrent to collision and brute force hacking attempts.

Secure Password Mode: - User can not choose passwords that are based on the username, or that appear in a dictionary.

IP Banning: - Users can be banned by full or partial IP addresses. Wild-cards can be used.

Email Banning: - Email addresses can be banned or restricted from use. Wild-cards can be used.

Username Restriction: - This permits you to designate names that you do not want your members using.

Word Censoring: - Define a list of banned words. When submitted by your users, the words are replaced with ###