Security improvements for CMS access against BOT attacks.
User Story
Hello everyone, I noticed that some recent security improvements have been implemented in the CMS starting from V3.3.5, and this has prompted me to make some suggestions. In the year 2023, I’ve heard reports from some partner companies that have suffered hacker attacks involving brute force access breaches.
The use of bots for such attacks is becoming increasingly common.
Currently, I use the strong password policy feature available in the CMS, but I would like to see a few more options in the CMS that the administrator can choose to use (similar to the password policy).
These options would mainly include:
Use of Captcha on the login screen
User deactivation after X failed login attempts (the number of attempts would be chosen by the Administrator).
Password recovery can be done directly through the registered user’s email.
I believe that these implementations would add significant value to all users of the Xibo CMS.
Oh, yes, that was just a suggestion. I still agree that the CMS administrator should grant access. Perhaps this could be replaced by a way to notify the administrator to approve user access, which is also useful for the administrator to contact the user before granting access.