Security

While this project focuses on ease of use, we care about security.

• HTTPS support
• Passwords are not saved, and not disclosed even without https thanks to SRP
• Automated tests ran on every release, including libraries audit
• No default admin password

Some actions you can take for improved security:

• use https, better if using a proper certificate, even free with Letsencrypt.
• have a domain (ddns is ok too), configure it in "Internet" page, and enable "Accept requests only using domain"
• install "antidos" plugin
• ensure "antibrute" plugin is running
• disable "unprotected admin on localhost"