Mavenseed Documentation
Mavenseed Documentation
Back to Mavenseed
Video Tutorials
Welcome to Mavenseed 🎉
Getting Started
Creating your account
Managing your account
Creating Content
Dashboard
Content
Pages
Courses
Community
Downloads
Live Streams
Categories
Tags
Site Search
Selling Your Content
Single Purchases
Bundles
Memberships
Selling FAQ
SCA
Running your business
Customers
Progress Reports
Orders
Managing Subscriptions
Coupons
Gift Cards
GDPR
Managing your site
Activity
Reports
Settings
Market
Security
Developers
API
Webhooks
Site Customizations
Changelog
May 2021
February 2021
January 2021
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
Beta Accounts
Ensuring Subscription Plans are Synced with Stripe
Updating your Stripe Product ID
Powered by GitBook

Security

For sites with custom domains, your own reCaptcha keys must be saved into your sites Security settings by March 2nd 2021.

Here at Mavenseed the security of your site is one of our top priorities. We're pretty seasoned at this, and have spent many years battling all types of different size attacks on CG Cookie. We've taken everything that we've learned and have deployed numerous measures and mitigations in order to keep your site protected.

reCaptcha

The most integral parts of your site are protected by Google reCaptcha V3. This version of reCaptcha doesn't interrupt the normal flow for your users, and won't require them to "check the boxes with dougnuts", even though, doughnuts are amazing and should always be checked.

To do this the reCaptcha API calculates a score to determine if the user is a real human. During our testing we've found it to be reliable on both mavenseed subdomains, and custom domains.

The following endpoints on your site automatically protected for you:

  • customer sign in

  • customer account creation

  • placing orders

  • subscribing

  • asking questions in the forum

  • answering questions in the forum

If you do not have a custom domain set, or in other words, if you are using the yoursite.mavenseed.com domain, no further action is required on your part.

Custom Domain Users

If you have a custom domain set for your site, you will need to retrieve your own API keys for Google reCaptcha. This is a limitation from Google, as they limit how many custom domains can be added to one set of keys. We would just keep using our keys, but I guess we can't have our cake and eat it too!

Setting this up is super simple (note: this requires a Google account).

  1. Login here with your Google credentials.

  2. On the upper right hand corner of your screen click the plus button to create a site.

  3. Specify a label, choose the option for reCaptcha V3.

  4. Important! Add two domain names in the Domains section. The first should be your main domain name, and the second should be your Mavenseed subdomain URL. So for example if your domain was myballerdomain.com, then you would add myballerydomain.com. ALSO, if your subdomain at Mavenseed is myballerdomain.mavenseed.com, then you would add this as well. When done you will have (2) domains added here! Your custom domain URL, and your mavenseed subdomain URL.

4. Once you've submitted the form, Google will give you two API keys; a site key, and a secret key.

5. Log into your Account at Mavenseed. Find your site in the list of sites, then click the "manage" button.

6. Under the "security" tab, paste in the site key, and the secret key, then save the settings in Mavenseed.

That's it! Your site is now fully protected. Google will give each "action" like logging in or checking out, a score. Typically scores above or near 1.0 mean it's a human, and 0.0 means its likely a bot. In the future we may allow sites to adjust their own sensitivity settings, but for meow you can get a report of the scores from within the reCaptcha admin on Google.

What happens if I don't add the keys?

If you have a custom domain, and you don't add your own keys for reCaptcha, you will be leaving your site vulnerable to attack. It's not a matter of if, it's a matter of when.

Perhaps more importantly, sign in forms, order forms, and subscription forms will not function if you have a custom domain and you have not added your own custom keys.

We realize that this is tying us to "the big G" but for now this is the easiest and most efficient way for us to be able to provide protection to all of our customers sites.

Site Locking

If you are in the process of building up your site you may not want people to see it yet. You can lock your site with a password, and only those with a password will be able to access your site.

Here's how it works:

  1. Log into your Account at Mavenseed. Find your site in the list of sites, then click the "manage" button.

  2. Under the "security" tab, location the Site Password settings.

  3. Supply a password that your users will enter to gain access, and save the settings.

That's it!

When you add a site password, we automagically create a page called "locked". This page has a Site Lock page leaf on it which contains the form to enter the password. This page is editable using the page builder, and is also fully protected by reCaptcha.

​

Previous
Profiles ($)
Next - Developers
API
Last updated 2 months ago
Contents
reCaptcha
Custom Domain Users
Site Locking