Security

Your customers can trust your community with their data and personal details.

Privacy and security for your customers

Your customers can be reassured that you are responsible for their content and data.

XenForo provides multiple levels of security and protection to keep that data where it belongs.

Your community, your data

When you run a XenForo community, you control everything about it, including where and how the data is hosted.

Unlike huge social media platforms, discussions within your community will not result in ever more concerning levels of personal data being mined in order to build detailed profiles of individuals for sale to advertisers.

Your customers will appreciate the privacy and potential anonymity this can provide.

Something you know, something you have

Image showing a two-factor authentication code from Authy

Passwords alone are no longer enough.

Secure your customers' accounts with two-factor authentication from a variety of sources, including push-notification 2FA from Authy.

Auto-lock

Image showing a message that would be displayed in the event of an account lock-out

Prevent brute-force attacks against your members' accounts with an automatic locking system that enforces increasingly long waits between failed attempts.

Password hashing

Image showing hashed authentication data

User passwords in XenForo are stored using a one-way hashing algorithm, so even in the event of a catastrophic data loss, your customers' original passwords can never be discovered.

Input filtering

Image showing input filtering in XenForo code

The XenForo architecture enforces rigorous filtering of any user input.

Any data output to templates is automatically filtered to remove any possible malicious code, unless it is expressly flagged to be output in its raw state.