Automatic detection, logging, notifying, and banning of hackers

2-factor-authentication: E-mail based 2-factor-authentication security when unrecognised IP addresses are used with certain usergroups (optional, Conversr-only).

Password strength checks: Enforce minimum password strengths based on length and use of upper / lower case, numbers, and symbols, and avoiding repeated characters (Conversr-only).

Architectural approaches to combat all major exploit techniques

A JavaScript framework that makes XSS attacks virtually impossible

Defence-in-depth: Multiple layers of built-in security.

Encrypted custom profile fields: Once set the CPF can't be read unless a key password is entered (Conversr-only, requires OpenSSL).

Extensive support and use of Content Security Policy (CSP)

Track failed logins and automatically ban brute-force attacks

HTML filtering

Protection against CSRF attacks: Forms and AJAX requests make use of randomly generated POST tokens

Root-kit detection kit for developers

Cookies are secure and HttpOnly where possible to prevent session hijacking

Set number of days that passwords expire or must be changed