Toggle search
Toggle menu
9
32
2
199
BensMomCraft Wiki
Toggle preferences menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Security Features

From BensMomCraft Wiki
More actions
Revision as of 19:25, 16 June 2025 by Hardy (talk | contribs) (Created page with "{| class="wikitable" !Layer !What it does !Where you can spot it |- |'''TLS everywhere''' |The site forces an automatic HTTP→HTTPS redirect, so all traffic is encrypted in-transit. |Hitting <code><nowiki>http://bensmomcraft.com</nowiki></code> bounces straight to <code><nowiki>https://…</nowiki></code> bensmomcraft.com |- |'''OAuth log-ins''' |Instead of making you create yet another password, you can authenticate with Discord or Google—both hand you back via the...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Layer What it does Where you can spot it
TLS everywhere The site forces an automatic HTTP→HTTPS redirect, so all traffic is encrypted in-transit. Hitting http://bensmomcraft.com bounces straight to https://… bensmomcraft.com
OAuth log-ins Instead of making you create yet another password, you can authenticate with Discord or Google—both hand you back via the standard OAuth 2.0 flow, meaning the site never handles your credentials. Login / Register screens show the social buttons bensmomcraft.combensmomcraft.com
NamelessMC hardening The site runs the NamelessMC CMS, which ships with:

• bcrypt-hashed passwords • built-in CSRF tokens on every form • optional Google reCAPTCHA for registration • optional per-group or per-user TOTP 2FA

NamelessMC docs highlight 2FA & reCAPTCHA settings docs.namelessmc.comgithub.com and its April 2025 security-patch release notes namelessmc.com
Legal & privacy notices Dedicated Terms & Conditions, Privacy Policy, and Cookie Notice links in the footer satisfy basic GDPR/CCPA transparency and give you opt-in tracking consent. Footer links on every page bensmomcraft.com
Cookie-banner opt-in Visitors from regions that require it see a banner before non-essential cookies are set, reducing regulatory exposure. (It’s the stock NamelessMC “Cookie Notice” module.) Footer + first-load banner trigger bensmomcraft.com
Isolated payments All rank/keys purchases jump to Tebex.io, which is PCI-DSS compliant and runs its own fraud filters—your site never touches card data. “Shop Now” button points to Tebex bensmomcraft.com
Account-consent gate New users must tick “I Agree” to the T&C before registration is accepted, adding an explicit contract layer. Register page checkbox bensmomcraft.com
Role-based permissions NamelessMC lets you granularly restrict StaffCP access, forum moderation, API tokens, etc., minimising blast-radius if a staff account is compromised. (Exposed in StaffCP; documented in NamelessMC docs) docs.namelessmc.com
Non-default game port The public server address (play.bensmomcraft.com:25620) isn’t the vanilla 25565 port, which deters the laziest mass-scan botnets. Front-page IP widget bensmomcraft.com
Retrieved from "https://wiki.bensmomcraft.com/index.php?title=Security_Features&oldid=191"
Last modified
This page was last edited on 16 June 2025, at 19:25.