====== Extra Security for GetSimple ====== As of version 2.03, GetSimple is a very securely written CMS. However, there will always be ways to increase your site's security. We have some extra security pieces that will help make your GetSimple installation as secure as it can get. These changes are to be made within your [[config:gsconfig|configuration file]]: ''/path/to/getsimple/gsconfig.php'' ===== Login Extra Hash ===== This line will add an extra hash to your login cookie, making it even harder to decrypt. To use it, uncomment out (remove the #) this line in the configuration file and set the unique phrase to something only you can dream of. If you need help creating a unique phrase, you can use our [[http://get-simple.info/api/security/|API here]]. #define('GSLOGINSALT', 'your_unique_phrase'); If you have an existing installation and currently are not using an extra hash, there is a guide on [[how_to:change_admin_password_salted|how to change]] to using it. ===== Unique Salt ===== Each time you install GetSimple, your install receives a completely unique salt value courtesy of our API. If you choose, you can alternatively replace the salt value you received at setup with something you create. To use it, uncomment out (remove the #) this line in the configuration file and set the unique phrase to something only you can dream of. If you need help creating a unique phrase, you can use our [[http://get-simple.info/api/security/|API here]]. This salt (custom or default) is used to prevent XSS hack attempts and provides file upload verification. #define('GSUSECUSTOMSALT', 'your_new_salt_value_here');