This is found under the System menu in the navigation on the left. Settings is a tabbed page listing 10+ options control panels. This includes all the core settings, but is also open to module developers, to inject their own settings.

Login Tracker and Lockout

The ContentBox administrator module now comes with a login tracker which if enabled can track invalid logins and be able to block individual ip addresses from brute-force attempts. We even track all valid logins into the new ContentBox Security Audit Log.

Login Tracker Configuration

You can click the Configure Tracker button from the Auth Logs screen, or click on System > Settings > Security Options

On this menu you will have the following options to change:

Site Options

Site Name: This is the global name of this ContentBox website. This is the name that will display in the browser and what will normally show up in search engines. In the default Theme, this is the Header for the site ( unless you select a logo image ).

Site Tag Line: This is a slogan, motto, your USP Unique Selling Proposition, or short catchy 10 second elevator pitch. This is commonly used as a Alt tag for Logos by themes, each theme varies.

Site Description: The description of the site, also used in HTML description meta tag. This will also appear in the search engine results under the name. You can override this in blog posts, pages, and in modules.

Site Keywords: A comma delimited list of keywords to be used in the HTML keywords meta tags. This helps the search engine identify what your site contains. You can override this in blog posts, pages, and in modules.

Home Page Displays: This enables you to choose the latest blog entries page or an existing ContentBox page to display as the homepage for the website.

Send ContentBox Identity Header: This allows you to enable or disable a Browser Header, to help tools and browsers to identify the software powering the website. This is hidden from users.

Settings Cache Provider: Choose the CacheBox provider to cache global site settings into.

Blog Options

Disable Blog: You can disable the Blog for the entire ContentBox website. This does not delete data, it just disables blog features... including the addition of a Menu Item called Blog if you are using the default page navigation.

Note: If you disable the blog, remember to change the Home Page Display above to a real page and not the blog listing if you are disabling the blog.

Blog Entry Point: Choose the entry point in the URL to trigger the blog engine. The usual defautl entry point pattern is blog. Do not use symbols or slashes (/ )

Site Maintenance

Site Maintenance: You can put your entire site in maintenance mode if you are doing upgrades. This will make it easier to work on major changes to the site without customers seeing half completed work. The site will display a Offline Message, set in the Offline Message field, unless the Theme has a custom Maintenance Layout or Maintenance View.

Offline Message: The message to show users once the site is in maintenance mode, HTML is ok.

Viewing the Site while in Maintenance Mode

If you are logged in, with the MAINTENANCE_MODE_VIEWER permission, you will be able to view the site even when the site is in Maintenance Mode. When the site is in Maintenance Mode, you will see a Red Maintenance banner, to remind you the site is in Maintenance for other users.

Two Factor Authentication

In this settings pane, you can control global settings related to two-factor authentication.

Force 2 Factor Authentication

Turning this flag on will require two-factor authentication for your app. Any users who have not enrolled will be required to enroll on their next login. Keep in mind that if you as an admin are not enrolled in two-factor and this setting is turned on you will be forced to enroll in two factor after saving this configuration.

Trusted Device Timespan

The number of days to keep trusting a user's device. If you set this value to 0, two factor authentication will be required on every log in.

Default Two Factor Provider

Two factor authentication uses a provider system to allow new methods of two factor authentication to be provided via a module. A good example of this extension is .

Note that if you decide to change the default two factor provider, all currently enrolled users will be unenrolled.

In System > Settings > Security Options - You will see 3 new features to ContentBox ( released in ContentBox 3.0 ), the Login Tracker, the Rate Limiter, and Secure Sockets Layer ( SSL ) Encryption.

Login Tracker and Lockout

The ContentBox administrator module now comes with a login tracker which if enabled can track invalid logins and be able to block individual ip addresses from brute-force attempts. We even track all valid logins into the new ContentBox Security Audit Log.

Rate Limiter

One of the biggest problems on the internet today, is out and out traffic overload. Of course, hardened hardware is the best approach to stop denial of service attacks, but we have given you some tools inside of ContentBox to help at the software level. You can now run your very own Rate Limiter.

SSL Support

SSL support can now be found everywhere in ContentBox for both the UI and admin modules. Users can even select specific pages for users to transition into or out of SSL for richer eCommerce or secure experiences.

Other Security Information

Security is a big issue with any website these days, and with the number of WordPress hacks in the wild, it’s a big PRO to using ContentBox. With Brute force attacks to admins so prominent, we have a few features to make your life easier, and your website safer.

Bcrypt Support

One of the major upgrades in ContentBox 3.0, ContentBox now offers BCrypt support for password encryption, to make cracking passwords harder than ever. The default algorithm for passwords is now based on BCrypt with work factors for better security and entropy. You can read more on bcrypt here:

Password Policy

A new password policy is now in place for ContentBox for new and current users, which must be greater than 8 characters with at least one:

• Lower case character

• Upper case character

• Digit

• Special character

Adminless ContentBox Site

All of these features are definitely great addons to ContentBox, but one of the best features of all...you can completely remove the Admin itself from your production site. This would give hackers no access to the login page at all.

Secure your site today.

Site Options

Mail Server: This is the web address for the SMTP server. The address for the SMTP server may be an Internet address, such as mail.company.com, or the IP address of the mail server, such as 127.0.0.1. If not specified, ContentBox will use the mail server address from the ColdFusion Administrator.

Mail Server Username: This is the username for the mail server, if necessary.

If not specified, ContentBox will use the username address from the ColdFusion Administrator.

Mail Server Password: This is the password for the mail server, if necessary.

If not specified, ContentBox will use the password from the ColdFusion Administrator.

Mail SMTP Port: This is the port number on which the mail server is running. This value will default to 25.

Use TLS: This enables/disables (default) the Transport Level Security (TLS) on the connection to the mail server.

Use SSL: This enables/disables (default) SSL encryption on the connection to the mail server.

After you have configured the mail server settings, you can click the Test Connection button to send a test email message to the email address associated with the current logged in user.

When running ContentBox in Development Mode:

When running ContentBox in development mode, the mail server details are not utilized. Instead, all emails will be written to the file system logs for review. This prevents inadvertent emails from being sent during development.

The logs for every email sent will be located in:

[ContentBox Root Folder]\config\logs\mail

Dashboard Customization

When you or your team log into your ContentBox site, you see your ContentBox Dashboard. You can see recent content, recent comments, recent news, some data snapshots… but you can also quickly customize this to help your team communicate. It is as easy as changing a few ContentBox admin settings.

Click on System > Settings and then click on Admin Options.

You can change the Title / Welcome that shows up on the dashboard.

You can update the Dashboard message, so when everyone logs in, they're reminded of some of your rules, regulations, or maybe a holiday message. As seen above:

One of the nice touches I think, is you can update the NEWS RSS feed. This allows you to add some humor to your day, by adding something like Dilbert's RSS feed… or maybe you can use an aggregator to follow what is happening in the CFML world, or maybe some blogs which you need to read and then update your audience.

Number of Records in Dashboard

You can set the number of items to show up in your dashboard, by type. Set the number for each of the following:

• News Feed Count

• Recent Entries Count

• Recent Pages Count

• Recent Content Store Count

These default to 10 when first installing ContentBox

Paging Options

You also have control of your Website paging, on the front end, for blog posts, as well as content in the back end of your website.