All the new releases and updates of Bitrix Framework are thoroughly tested by the IT security department. Nevertheless, the following threats may still persist.

• Coding errors committed when developing a Bitrix Framework powered solution.
• Registered users confide in easy to remember but weak passwords like qwerty or 123456.
• The website administrators may also tend to use weak passwords which is significantly more dangerous.
• Attackers can be very resourceful to intercept passwords transmitted over insecure connections like wi-fi.
• Inappropriately authored system errors may reveal the web solution intrinsics.
• Server and database software may have unknown errors which attackers may exploit.

Therefore, it is obvious that a web project requires an integrated, multilevel approach to defending its security. Relying on only one tool or software is unwise and ultimately dangerous.

To provide a web project with an adequate level of security, select the "Standard" security option (proactive protection and activity control are enabled, administrator security level is set to "High", CAPTCHA-protected registration; no system information is included in error messages).

To protect session data and passwords, prevent phishing and viruses, give extra protection to Control Panel – set the security level to "High" or "Highest".

1. Open "Settings > Proactive Protection > Protection Panel". Ensure the security level is not lower than "Standard". Otherwise, follow the Control Panel recommendations to reach this level.
2. If required, follow the Control Panel recommendations to reach the "High" or "Highest" level.