• Identify the Cause: Analyze access logs for suspicious activity and pinpoint the vulnerability.
• Clean and Restore: Restore your website from a clean backup and thoroughly remove any malicious code.
• Address Vulnerabilities: Patch security holes, update software, and strengthen security configurations.
• Seek Expert Help: If needed, consult security professionals for assistance with cleanup and prevention.

• SSL: Enable HTTPS for encrypted communication and improved user trust.
• Secure Zones: Configure sensitive zones to require confirmed sessions.
• Restrict Logins: Enforce IP address confirmation for enhanced account security.
• Maintenance Scripts: Restrict access to maintenance scripts like upgrader.php via IP restrictions.
• Server Hardening: Disable unnecessary services, change default ports, enable automatic updates, and more.
• Robots.txt: Use the robots.txt file to prevent search engine indexing of sensitive areas.

• XSS Attacks: By restricting inline scripts and limiting script sources.
• Data Injection Attacks: By controlling the allowed origins for data requests.
• Clickjacking: By specifying allowed framing sources.

• Confirmed: When you actively log in with your credentials.
• Non-confirmed: When you return to the site and are automatically logged in via cookies.

• Choose a Secure Host: Opt for hosts that offer suEXEC and open_basedir for better account isolation.
• Test Security: Verify the host's security measures with the provided filesystem_browser.php script.
• Restrict _config.php: Remove world-writable permissions from _config.php after installation.

• HTML Filtering: Configurable levels of filtering prevent malicious script injection.
• Content Security Policy (CSP): Restricts the sources from which scripts and other resources can be loaded.
• Input Sanitization: Data is sanitized before being processed to prevent malicious code execution.
• Output Encoding: Data displayed to users is properly encoded to prevent interpretation as active code.

• DODGY_GET_HACK: Suspicious URLs with potentially harmful characters.
• EVIL_POSTED_FORM_HACK: Possible CSRF attempts via malicious form submissions.
• SCRIPT_UPLOAD_HACK: Attempts to upload PHP scripts, potentially malicious.
• DOWNLOAD_PRIVATE_URL_HACK/TRY_TO_DOWNLOAD_SCRIPT: Attempts to download sensitive files.
• BRUTEFORCE_LOGIN_HACK: Repeated failed login attempts.
• SQL_INJECTION_HACK: Attempts to exploit SQL queries for data extraction.

• Avoid FTP: Use secure alternatives like SFTP or SSH for file transfer.
• Secure Email: Enable SSL for IMAP and POP3 email protocols.
• Strong Passwords: Use unique and complex passwords for different services.
• Secure Computers: Keep your own devices patched and secure.
• Maintenance Password: Remove the maintenance password from _config.php when not in use.

• Visual representation of password quality and enforcement of complexity rules.
• Password expiry and prevention of re-use.
• Secure password hashing, even if the database is compromised.
• Temporary passwords for staff setup.

• Two-factor authentication via IP address approval.
• IP address banning, including wildcard banning.
• Session locking to IP addresses.
• Configurable session expiry times.
• Ability to prevent privileged actions from auto-logged in sessions.
• Optional member approval process.

• Comprehensive audit logging of administrative actions.
• Logging of user actions and IP address history.
• Tools to analyze audit logs.
• Failed login logging.
• Hack attack detection, logging, and banning.
• Email notifications for changes to user credentials.

• Protection against CSRF attacks.
• Click-jacking prevention via CSP implementation.
• Secure coding standards and scanning techniques.
• Configurable HTML filtering to prevent XSS attacks.
• Secure code modularization standards.

• Granular privileges and access permissions.
• Content submission validation process.
• Rootkit detection system.
• Spam prevention systems.
• Web application firewall rules.
• Moderation systems.

• MySQL timeout setting: For MySQL 5.7+, set a query timeout to prevent searches from locking up your database. Composr automatically sets this, but you can configure it manually if needed.
• Use InnoDB tables: Switching to InnoDB tables in MySQL can prevent slow queries from affecting other users on your website. Note that InnoDB is not officially supported by Composr yet.
• Enable the fast custom index: As mentioned earlier, the fast custom index is optimized for handling large datasets and filtered searches, potentially leading to significant speed improvements.

Configurable word filters

Investigation: Investigate activity by member ID, username, IP address, or e-mail. Ban troublesome IP addresses.

CAPTCHA: Include CAPTCHA on forms for guests and new members. Enable CSS and/or JavaScript CAPTCHA to make detection by bots much harder. Enable an audio version for the visually impaired.

Integrate with known-spammer blacklists: Multiple configurable levels of enforcement.

Honeypots and blackholes: Find and ban bots via automated traps that humans would never see or fill out.

Heuristics: Clever ways to detect and block spammers based on behaviour.

Published e-mail addresses will be protected from spammers

Protection from spammers trying to use your website for their own SEO

Also known as Tempcode.

Perform computations: Run loops, manipulate logic, numbers, and text.

Handy effects: Easily create design effects like “Zebra striping” and tooltips – and much more.

Branching and filtering: Tailor output according to permissions and usergroups, as well as user options such as language selection.

Include other templates, blocks, or pages, within a template

Create and use standard boxes: Avoid having to copy and paste complex segments of XHTML5.

Easy web browser sniffing: Present different markup to different web browsers, detect whether JavaScript is enabled, detect bots, and detect PDAs/Smartphones.

Randomisation features

Pull up member details with ease: For example, show the current users avatar or point count.

Easily pull different banner rotations into your templates

Escaping: Easily escape parameters and strings to avoid JavaScript or HTML syntax errors and XSS vulnerabilities.

Create your own Tempcode symbols through hooks

Switch users: Masquerade as any user using your admin login

Change theme images inline with just a few clicks

Easily find and edit the templates used to construct any screen

Error monitoring: Get informed by e-mail if errors happen on your site.

Make inline changes to content titles

Easy text changes: Easily change the language strings used to build up any screen.

Easily diagnose permission configuration problems: Log permission checks, or interactively display them in Firefox.

Testing platform: Use our testing_platform non-bundled addon when developing with Composr to ensure nothing has been broken.

Profiler: Use the documented profiling tool to monitor intensive logic and their time / memory consumption.

Health check: Use the bundled health check to routinely run site checks and report any issues or failures detected.

Comcode: Powerful but simple content-enrichment language.

Media embedding: Easily integrate/attach common video and image formats, as well as embeds for common sites such as YouTube (just by pasting in the URL).

Easily create cool effects: Create scrolling, rolling, randomisation, and hiding effects. Put content in boxes, split content across subpages. Create XHTML5 overlays. Place tooltips.

Customise your content for different usergroups

Create count-downs and hit counters

Automatic table of contents creation for your documents

Custom Comcode tags: Set up your own tags, to make it easy to maintain a sophisticated and consistent design as your site grows.

Embed pages within other pages

Full control of your vision: Control hundreds of settings. Strip Composr down. Reshape features as needed.

Full templating support: Reskin features to look however you want them to.

No navigation assumptions: Replace default page and structures as required.

No layout assumptions: Shift content between templates, totally breaking down any default layout assumptions.

Embed content entries of any type on your pages

Theme Wizard: Recolour your CSS and theme images in just a few clicks (Composr picks the perfect complementary palette and automatically makes 100's of CSS and image changes)

Logo Wizard: Generate a basic logo for use on your site

Built-in template and CSS editing tools

Interactive CSS editor: Quickly identify what to change and preview.

Dashboard: View a checklist of things that need done, software upgrade information, latest Composr news, posts in the staff forum, staff notes, useful links, and more.

Audit: View logs and statistics of just about anything with the site and Composr system.

Site statistics: View comprehensive graphs and statistics across a wide range of metrics. Set your own KPIs and get notified when they are reached.

Security: Control site access (including IP bans), privileges, members / usergroups, and word filters.

Structure: Manage and upgrade addons, define zones, configure chatrooms and forums, manage menus, create redirects, and edit the sitemap.

Style: Whitelist the software, manage emoticons, manage themes / run the theme wizard, run the logo wizard, and translate / rephrase the software.

Setup: Set a wide variety of options for your site depending on what addons you have installed.

Tools: Run full or incremental backups, scan for broken URLs, clear the cache or run optimisation tools, edit the code, run Commandr, run the upgrader, run health checks, import content from another site, make and send newsletters, run server checks and view PHP info, run privacy purging or downloading, send an e-mail through the software, and view Composr contributors

Content: Manage all of your content for your site

Help: Search across the site or the tutorials for something

Conflict detection: Detect when multiple staff are trying to change the same thing at the same time.

Examine action logs: See exactly who has done what and when

Commandr: Optional use of a powerful command-line environment (for Unix geeks). Use unix-like tools to explore and manage your database as it if was a filesystem, and perform general maintenance tasks.

Aggregate content types: Design complex content relationships, cloning out large structures in a single operation.

Content versioning: See revisions of certain content

Integrate polls into your website: Gauge visitor opinion.

Community involvement: Users can submit polls and comment and rate them.

Multiple polls: Showcase different polls on different areas of your website.

Archive the data from unlimited polls

User content submission: Allow users to submit to any area of your site. Optionally enable validation so staff must approve the content before it goes live.

Public awards: Give public awards to your choice of “best content”

Per-usergroup privileges: Give special members access to extra features, like file storage

Recommend: Visitors can recommend your website or a page to other visitors. Control who can specify their own custom message and those who must use the default (spam prevention).

Members can report content to you for review via "Report This" links (which creates a Support Ticket with a copy of the content at the time of reporting). You can also turn validation off for content to hide it after a certain number of reports.

Make unlimited chatrooms each with your choice of access restrictions.

Moderation: Moderate messages and ban troublesome users.

Integrate shout-boxes into your website

Instant messaging: Members may have IM conversations with each other, or in groups. Members receive an archive of the conversation in Private Topics once closed.

Site-wide IM: Give your members the ability to pick up conversations anywhere on your site.

Sound effects: Members may configure or upload their own.

Download chatroom logs

Blocking: Choose to appear offline to certain members.

Allow members in certain usergroups to make their own chatrooms, and control when they expire based on inactivity time.