Security

Your customers can trust your community with their data and personal details.

Privacy and security for your customers

Your customers can be reassured that you are responsible for their content and data.

XenForo provides multiple levels of security and protection to keep that data where it belongs.

Your community, your data

When you run a XenForo community, you control everything about it, including where and how the data is hosted.

Unlike huge social media platforms, discussions within your community will not result in ever more concerning levels of personal data being mined in order to build detailed profiles of individuals for sale to advertisers.

Your customers will appreciate the privacy and potential anonymity this can provide.

Something you know, something you have

Image showing a two-factor authentication code from Authy

Passwords alone are no longer enough.

Secure your customers' accounts with two-factor authentication from a variety of sources, including push-notification 2FA from Authy.

Auto-lock

Image showing a message that would be displayed in the event of an account lock-out

Prevent brute-force attacks against your members' accounts with an automatic locking system that enforces increasingly long waits between failed attempts.

Security locking

Sometimes, accounts need to be locked.

If you suspect a user's account has been compromised or is otherwise in need of protection, you can manually lock an account and require a password change or reset.

Keep the robots out

Different communities need to protect themselves from automated agents with different defence mechanisms.

XenForo provides integrations with a range of CAPTCHA systems including reCAPTCHA, hCaptcha and others, and even a bespoke Q&A system unique to your own forum as a final line of defence.

Password hashing

Image showing hashed authentication data

User passwords in XenForo are stored using a one-way hashing algorithm, so even in the event of a catastrophic data loss, your customers' original passwords can never be discovered.

Input filtering

Image showing input filtering in XenForo code

The XenForo architecture enforces rigorous filtering of any user input.

Any data output to templates is automatically filtered to remove any possible malicious code, unless it is expressly flagged to be output in its raw state.