• Identify the Cause: Analyze access logs for suspicious activity and pinpoint the vulnerability.
• Clean and Restore: Restore your website from a clean backup and thoroughly remove any malicious code.
• Address Vulnerabilities: Patch security holes, update software, and strengthen security configurations.
• Seek Expert Help: If needed, consult security professionals for assistance with cleanup and prevention.

• SSL: Enable HTTPS for encrypted communication and improved user trust.
• Secure Zones: Configure sensitive zones to require confirmed sessions.
• Restrict Logins: Enforce IP address confirmation for enhanced account security.
• Maintenance Scripts: Restrict access to maintenance scripts like upgrader.php via IP restrictions.
• Server Hardening: Disable unnecessary services, change default ports, enable automatic updates, and more.
• Robots.txt: Use the robots.txt file to prevent search engine indexing of sensitive areas.

• XSS Attacks: By restricting inline scripts and limiting script sources.
• Data Injection Attacks: By controlling the allowed origins for data requests.
• Clickjacking: By specifying allowed framing sources.

• Confirmed: When you actively log in with your credentials.
• Non-confirmed: When you return to the site and are automatically logged in via cookies.

• Choose a Secure Host: Opt for hosts that offer suEXEC and open_basedir for better account isolation.
• Test Security: Verify the host's security measures with the provided filesystem_browser.php script.
• Restrict _config.php: Remove world-writable permissions from _config.php after installation.

• HTML Filtering: Configurable levels of filtering prevent malicious script injection.
• Content Security Policy (CSP): Restricts the sources from which scripts and other resources can be loaded.
• Input Sanitization: Data is sanitized before being processed to prevent malicious code execution.
• Output Encoding: Data displayed to users is properly encoded to prevent interpretation as active code.

• DODGY_GET_HACK: Suspicious URLs with potentially harmful characters.
• EVIL_POSTED_FORM_HACK: Possible CSRF attempts via malicious form submissions.
• SCRIPT_UPLOAD_HACK: Attempts to upload PHP scripts, potentially malicious.
• DOWNLOAD_PRIVATE_URL_HACK/TRY_TO_DOWNLOAD_SCRIPT: Attempts to download sensitive files.
• BRUTEFORCE_LOGIN_HACK: Repeated failed login attempts.
• SQL_INJECTION_HACK: Attempts to exploit SQL queries for data extraction.

• Avoid FTP: Use secure alternatives like SFTP or SSH for file transfer.
• Secure Email: Enable SSL for IMAP and POP3 email protocols.
• Strong Passwords: Use unique and complex passwords for different services.
• Secure Computers: Keep your own devices patched and secure.
• Maintenance Password: Remove the maintenance password from _config.php when not in use.

• Visual representation of password quality and enforcement of complexity rules.
• Password expiry and prevention of re-use.
• Secure password hashing, even if the database is compromised.
• Temporary passwords for staff setup.

• Two-factor authentication via IP address approval.
• IP address banning, including wildcard banning.
• Session locking to IP addresses.
• Configurable session expiry times.
• Ability to prevent privileged actions from auto-logged in sessions.
• Optional member approval process.

• Comprehensive audit logging of administrative actions.
• Logging of user actions and IP address history.
• Tools to analyze audit logs.
• Failed login logging.
• Hack attack detection, logging, and banning.
• Email notifications for changes to user credentials.

• Protection against CSRF attacks.
• Click-jacking prevention via CSP implementation.
• Secure coding standards and scanning techniques.
• Configurable HTML filtering to prevent XSS attacks.
• Secure code modularization standards.

• Granular privileges and access permissions.
• Content submission validation process.
• Rootkit detection system.
• Spam prevention systems.
• Web application firewall rules.
• Moderation systems.

• MySQL timeout setting: For MySQL 5.7+, set a query timeout to prevent searches from locking up your database. Composr automatically sets this, but you can configure it manually if needed.
• Use InnoDB tables: Switching to InnoDB tables in MySQL can prevent slow queries from affecting other users on your website. Note that InnoDB is not officially supported by Composr yet.
• Enable the fast custom index: As mentioned earlier, the fast custom index is optimized for handling large datasets and filtered searches, potentially leading to significant speed improvements.

So many ways to earn points: From submitting different content to logging in, you control the economy.

Integration with eCommerce: Members can buy advertising space, temporary privileges, gamble, and more! Members can also use points for store discounts.

Send points: Members can send each other points to reward each other

Escrow points: Members can escrow points with a written agreement in exchange for a product or service. The recipient does not receive the points until both members satisfy the escrow. Escrows can be disputed to staff.

Gift points: Enable the gift points balance so members can send a limited amount of points to other members without it deducting from their spendable points balance.

Leader board: Create some community competition by showing who has the most points or who earned the most points for a configurable time interval

Auditing: View every points transaction that has taken place, and reverse any of them, in the points ledger.

Profiles: Browse through member points profiles, and see what virtual gifts members have been given.

Ranks: Create usergroup promotion ladders with rank points; members rank up as their rank points increase. Members can view their rank and unlocked / unlockable privileges on their profile.

Conduct a poll on a forum topic to gather user opinions and feedback

Add unlimited choices

Define a range of acceptable number of choices on which members can vote

Control when voting is open or closed

Control if guests can vote or if you must log in

Require making a post (reply) in the topic when voting

Allow (or deny) the ability for members to revoke / change their vote

Show or hide results from the public

Enable viewing of which members voted on which choices

Add a date/time voting automatically closes

Enable weighted voting through the points system

Enforce topic poll options on a forum basis including defining default or required choices

Show topics on your website through blocks

Comment integration: New topics appear in the ‘comments’ forum as you add content to your website. Members can watch these topics so they never miss an addition to your website.

Support for integrating popular forum software: See our download page for a list of supported forums.

Share login credentials: Login to the Composr site with the same usernames/passwords as your forum.

Share usergroups: Control website access based on someone's forum usergroup.

Emoticon support: The emoticons on your forum will also be used on your website.

(Conversr only)

Virtual Forums: Find posts made since you last visited or within a time frame.

Remembers your unread posts even if you frequently change computers

Recent activity: See what topics you recently read or posted in

Unanswered topics: Find which topics have not yet been answered

RSS and Atom support

The usual: Categories, forums, topics, posts, topic polls, announcements / pinning, sinking, quick reply, topic closing

Forum and Topic tracking: Receive notifications when new posts are made on monitored topics and forums.

Password-protected forums

Present an 'introductory question' which members must answer or agree to before accessing a forum.

Full moderator control: Determine who may moderate what forums.

Inline personal posts: Whisper to members within a public topic; only those members will see the post.

Over 50 bundled emoticons: Also, support for batch importing new ones

Multi-moderation: Record and perform complex routine tasks; make post templates for those tasks.

Mass-moderation: Perform actions on many posts and topics at once.

Post preview: Read a topic's first post directly from the forum-view. Also see the latest posts when making a new post.

Highlight posts as ‘important’

(These features pertain to Conversr only)

Profiles: Browse through and search for members, and view member profiles.

Multiple usergroups: Members can be in an unlimited number of different usergroups. They can also ‘apply’ to join new ones.

Social networking: Create and browse friendships.

Custom profile fields: Allow your members to add extra information which is relevant to your website (or to their subcommunity), and members can set privacy settings on them.

Promotion system: Set up a usergroup rank ladder so members advance the ranks through their rank points. Members can view rank on their profile rank tab including unlocked and unlockable privileges.

Private Topics: A special kind of private messaging system between 2 or more members. Think 'on-site e-mail inbox'.

Invitation-only websites: Restrict registrations from the public; existing members can invite others to join.

Allow members to create and manage clubs (personal usergroups).

Avatars: Include avatars that members can pick from, or allow members to upload their own.

Member signatures, photos, and personal titles

Users online: See which members are currently online (unless they logged in as invisible)

Account pruning: Find and delete unused accounts, or merge duplicate accounts, based on defined criteria.

CSV files: Import and export members using CSV files, including support for automatic creation of custom profile fields and usergroups – great for migrating data

Users can communicate with staff privately through Support Tickets.

Assign to individual staff: Includes the ability for staff members to “take ownership” of raised issues, and for staff to discuss.

Allow users to e-mail in their tickets and replies to a designated e-mail address

Expanded access granting: Grant third party members access to individual tickets.

FAQ integration: Automatically search FAQs before opening a ticket.

Multiple ticket types: Set up different types of support tickets, with different access levels and fine-grained ticket notification settings.

Anonymous posting: Allow staff to post anonymously or as a designated support operator account so that customers don't always expect the same employee to reply.

Merging: If customers open multiple tickets for the same issue, you can merge them.

Closing: Let customers close tickets that are now resolved, or do it yourself.

Filtering: Filter the tickets you see by status and ticket type.

Paid membership: Sell access to sections of your website, or offer member privileges.

Shopping cart for running an online store

Extendable framework: Programmers can easily add new product types to sell, or payment gateways / tax services / shipping providers.

Multiple payment gateways: Accepts payments via PayPal or other gateways developers may add, and manual transactions (cash/cheque).

Invoicing support: Including status tracking and online payment tracking.

Basic accounting support: Input your incoming and outgoing transactions to get a basic ledger, profit-and-loss, and cashflow charting.

Currency conversions: Perform automatic currency conversions within your website pages (requires an API key).

Random quotes: Put random quotes (e.g. testimonials) into your design.

Awards: Showcase your most popular content, and optionally award the submitter with points.

Tags: Set keyword tags for content and display tag clouds.

Recent content: Automatically feature links to your most recent content (via main_multi_content block).

Show website statistics to your visitors (via stats graphs or page hit counters).

Random content: Feature random content from your website specified via a sophisticated filtering language.