Security Settings
General Security Features
Enhance the security of your Concord CRM installation with these settings.
Disable Password Forgot
- Enabling this option disables the password forgot feature, reducing the risk of spam bots and hackers attempting to access user accounts.
Block Bad Visitors
- Activating this feature checks guest visitors against a list of known bad user agents, IP addresses, and referrers.
- Note: This is only applicable to non-logged-in users.
ReCaptcha Configuration
Implement Google reCaptcha v2 for enhanced security.
Important: Ensure you configure ReCaptcha v2, not v3.
Setting Up ReCaptcha
- Generate Keys:
- Visit Google reCaptcha Admin.
- Register your site with a label (e.g., Concord CRM -> reCaptcha) and add your domain.
- Obtain the Secret Key and Site Key.
Verify the accuracy of the keys and their correct placement in Concord CRM settings.
- Configuring in Concord CRM:
- Go to Settings -> Security -> reCaptcha.
- Enter the Site Key and Secret Key in the respective fields.
Testing ReCaptcha
- Test the setup by accessing your CRM URL in Incognito Mode and attempting to log in.
- This confirms if ReCaptcha is functioning correctly.
To prevent lockout, add your IP address to the ignored list before saving, especially if unsure about the configuration steps.