Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • tabSet
  • 1.4.1
  • 1.4
  • 1.3
  • 1.2
  • 1.1
  • 1.0
8 results
Compare
Name Last commit Last update
CRM/Loginsecurity
Civi/Api4
docs
images
settings
sql
templates
xml
.gitignore
LICENSE.txt
README.md
composer.json
composer.lock
info.xml
loginsecurity.civix.php
loginsecurity.js
loginsecurity.php
mkdocs.yml
package-lock.json
package.json
phpunit.xml.dist
README.md

Login Security

Screenshot

Provides more logging and alerts about who is accessing your CiviCRM instance.

  • Keeps a history of recent devices that accessed CiviCRM (with their IP and browser fingerprint). It works for logged-in users and API access (optional). Note that it does not keep a full log of pages viewed, only a log of devices. The "last seen" is updated every 15 minutes.
  • Provides a global report for administrators.
  • Provides a CiviCRM Status Check if there are too many unsuccessful logins (currently supports only Drupal7 and Drupal8/9).
  • Can send an email notification to the user and/or to administrators when someone accesses your CiviCRM instance.

It aims to help improve the security of CiviCRM by adding more auditing features, but it is by no means a magic bullet for security.

The extension is licensed under AGPL-3.0.

Requirements

  • PHP v7.2+
  • CiviCRM 5.36 or later

Installation

Install as a regular CiviCRM extension.

Getting Started

Regular users may see their access history by going to their contact record, then accessing the "Access History" tab.

Administrators may see the access history of any contact. There is also a CiviReport available, which can be added to the dashboard.

Email notifications may be enabled by administrators from the CiviCRM menu: Administration > System Settings > Login Security.

For more information, see:
https://docs.civicrm.org/loginsecurity/en/latest/

Why a CiviCRM extension?

We wanted a solution that explicitly supported CiviCRM-specific features (ex: API access) and also tied into CiviCRM's reports and status check (for monitoring). Having details of access to the CMS only was not a concern, only access to CiviCRM.

Furthermore, Symbiotic supports Drupal7, Drupal8 and WordPress, so we wanted something that worked on all CMSes in the same way. Most of our clients barely use the CMS, and one day if CiviCRM Standalone is revived, this extension will already support it.

Support

Please post bug reports in the issue tracker of this project:
https://lab.civicrm.org/extensions/loginsecurity/issues

Commercial support is available through Coop SymbioTIC:
https://www.symbiotic.coop/en

Coop Symbiotic is a worker-owned co-operative based in Canada. We have a strong experience working with non-profits and CiviCRM. We provide affordable, fast, turn-key hosting with regular upgrades and proactive monitoring, as well as custom development and training.