Community Support Forums

[pualsline]

I am not very familiar with website design. I am getting a lot closer and have learned a lot (mostly thanks to this site). Thanks for all your help first of all.

Secondly, I am wanting to make sure my site is secure. I made an Unique Security Encryption Key, Brute Force Login Protection, and added Unique IP Access Restrictions. The only thing left is One-Way Password Encryption for me to get my security badge. I read through the description

This website stores passwords with a One-way Encrypted Hash, using only a "hashed" version of your password for future comparison. This means that your plain text password is not stored anywhere, and therefore cannot be stolen and/or shared through this website. Only an encrypted "hash" is known, with no way to decode the actual value of the password itself (e.g. a One-way Encrypted Hash). This One-way Encrypted Hash allows the site to verify a cryptographic hash algorithm, and if the hash value generated from your entry ( during an attempt to log in ) matches the One-way Encrypted Hash stored in the password database, you are permitted access. The One-way Encrypted Hash value is created by applying a hash function (using cryptographic methodologies) to a string consisting of the submitted password, and another value known as a Salt. The Salt is unique to this site, and it prevents attackers from easily building a list of One-way Encrypted Hash values for common passwords.

This is my limited knowledge coming out, but I don't understand how to do this. Please help...I want my site to be secured.

[Cristián Lávaque]

I'm glad we've been able to help you so far.

The password with One-way Encrypted Hash is already done by WordPress, that's how it stores passwords. It's added to the badge to show your members another security feature of your website.

Does that help?

[pualsline]

Well, this adds a new level of confusion to me. I have done all the other levels of security to get my badge to verify, but it hasn't done so.

[Cristián Lávaque]

Could you show me a screenshot of your Security Badge panel? WP Admin -> s2Member -> General Options -> Security Badge

Also, what's the URL to your WordPress installation with s2Member?

[pualsline]

www.swanprops.com (website is still in development and nowhere near done)

[Cristián Lávaque]

Thanks.

I made an Unique Security Encryption Key, Brute Force Login Protection, and added Unique IP Access Restrictions.

That's good.

However, in order to qualify your site, you MUST generate a Security Encryption Key (previous section), and then click "Save All Changes". [...] Also, s2Member will NOT "verify" your site if you turn off Unique IP Restrictions, Brute Force Login Protection, or if your /wp-config.php file lacks Security Keys (at least 60 chars in length, each).

Did you check the security keys in your wp-config.php file?

[pualsline]

However, in order to qualify your site, you MUST generate a Security Encryption Key (previous section), and then click "Save All Changes". [...] Also, s2Member will NOT "verify" your site if you turn off Unique IP Restrictions, Brute Force Login Protection, or if your /wp-config.php file lacks Security Keys (at least 60 chars in length, each).

I checked and I did generate the 60 character code.

Did you check the security keys in your wp-config.php file?

I don't know how to access the wp-config.php so if I have to manually add the code then I have not done that...care to explain how to do this?

[Cristián Lávaque]

Read this https://codex.wordpress.org/Editing_wp- ... urity_Keys

You can find the wp-config.php file in your WP's install directory via FTP.