Security

General

Disable Password Forgot

When enabled, the password forgot feature will be disabled, helps to avoid spam bots and unethical hackers to brute-force the password forgot URL and guess a user email.

Block bad visitors

When this option is enabled, a list of bad user agents, ip addresses and referrers will be checked for each guest visitor, note that this feature is applicable only for non logged-in users.

ReCaptcha

Concord CRM ReCaptcha is powered by Google reCaptcha v2

It's important to configure reCaptcha v2 not v3

First, you need to generate Secret key and Site Key.

  • Go to Google reCaptcha Admin
  • On Register new site enter Label for example Concord CRM -> reCaptcha
  • Add your domain name
  • Click Register

Before adding the site key and the secret key in Concord CRM it's important to verify that they are copied correctly and you are not misplacing them e.q. putting the site key in the secret key field.

After you generated the reCaptcha keys, in Concord CRM navigate to Settings->Security->reCaptcha and add the Site Key and Secret Key into the appropriate fields.

To perform a test and verify that the reCaptcha is working, you can enter your Concord CRM installation URL in Incognito Mode and try to login to verify that the reCaptcha is configured properly.

It's also recommended to before saving, to add your IP address in the ignored IP addresses area, in case, you performed the steps wrong, this will help not getting locked from Concord CRM.