Since the beginning of the year, we are working to offer new capabilities to our CMS. Three new plugins have been created and will be integrated to our customers' websites according to their needs.
Here is an overview of the solutions that will be offered soon.
1/ Captcha
In order to replace ReCaptcha, and thus limit tracking cookies on sites, we have developed our own captcha plugin.
It can be easily installed in place of the plugin integrating the Google solution, and does not use any cookie to work.
This captcha does not require any intervention from the visitor who wants to leave a comment in a news item or write a message in a contact form.
Its operation is extremely simple, and yet, all robots are fooled. Indeed, they have been programmed to counter the most used captchas on the market (including ReCaptcha), but are unable to get past a new solution.
Currently, this plugin is being tested on several sites, and we have a 100% success rate. 100% of the bots are blocked while 100% of the visitors were able to post their messages.
Far from being fixed, our solution will evolve according to the adaptation of spammers robots. We still have a few tricks up to make the tool even more efficient.
2/ SpamChecker
Developed with the same goal as the captcha, the SpamChecker aims to fight the scourge of spam on websites. Fully configurable, it is possible to activate and define a weighting on many spam detection points:
- Names
- Company name
- E-mail address
- Presence of HTML
- Presence of Javascript
- Presence of words to be defined in a list
- Presence of language scripts
- Presence of links
- Country of origin of the message
- Host name
This plugin is also being tested on a few sites, however the Captcha plugin is so effective that the robots do not reach this second phase of validation of messages.
The spam checker can be configured on any space where the visitor can post a message. If the message is "not spam", "probable spam" or "proven spam", you just have to tell the parent module what to do with the message according to these 3 possibilities.
3/ 2-factor authentication by code
The security of the sites we produce and host is our priority. The connection to the administrator space is one of the most monitored actions. As on all sites, we regularly have attacks, but they never succeed.
We wanted to be ahead of the game by changing the identification of site administrators. We have modified all the modules for managing administrator accounts to allow the use of two-factor authentication (2FA).
We have created a plugin allowing two-factor authentication by code, based on the TOTP (Time-Based One-Time Password Algorithm, RFC6238) protocol specifications.
Once activated on the site, when the administrator chooses it, he can configure this two-factor authentication with one of the compatible applications in order to reinforce the security of his account. We have been able to validate the good working of the plugin with Authy or Google Authenticator applications. Others may be compatible, and tests can be done according to our customers' requests.
Other 2FA authentication solutions (by email, by SMS, ...) are under development, and can replace the TOTP plugin if it is not suitable.
These three plugins are currently being tested and will be available to our customers in September 2021.
Dear customers, if you are interested in one of these features and want to test them in preview, we would be delighted to configure them on your sites from this summer. Please contact us!
