3 min read

Security Settings

A live dashboard of failed logins, blocked addresses, certificate health, and the password and session policy protecting your account.

Running a business online means trusting that your account is safe. The Security screen gives you a live, at-a-glance picture of your store's safety posture, refreshed automatically every minute (or on demand with the refresh button).

Screen location

This screen is available to the Owner/Super Admin and Store Admin roles. It's available in the new admin sidebar under Extensions → Security; the classic (default) sidebar has no menu entry for it at all — open it directly at the /security URL, or bookmark it for quick access.

The four headline numbers

MetricWhat it means
Failed sign-in attemptsHow many login attempts failed over the last 7 days — a sudden spike is worth investigating
Suspicious activity eventsUnusual patterns the platform flagged in the same window
Blocked addressesSources the platform is actively blocking from reaching your account
Certificates expiring soonSecure-connection certificates protecting your store, so you're warned before one lapses

Below the numbers, a bar chart breaks failed login attempts down by day of the week, so a spike is easy to spot at a glance.

Your active security policy

A panel next to the chart shows the policy currently protecting your account, in plain language:

  • Password policy — minimum length required, and how many days before passwords must be refreshed.
  • Session policy — minutes of inactivity before a session ends, and how many concurrent sessions are allowed per account.
  • Login security — the maximum failed attempts before a lockout, and how long that lockout lasts.
  • Encryption — whether data encryption is active, and the algorithm in use.

These values are read-only on this screen — they reflect the policy BillionBiz enforces for your account, not settings you edit here.

Coming soon

A "Recent Security Events" ledger — a row-by-row log of security-relevant events with timestamp, event type, user, IP address, and severity — is planned for this screen but not built yet. The section currently in the product shows an editorial coming-soon panel instead of live rows.

SSL Certificates

If your store has certificates linked, a second table lists each domain along with its status, issuing authority, expiry date, and a days-remaining countdown — colour-coded so anything under 30 days stands out immediately. This is the same certificate health that's summarised in the headline numbers above.

Note

Two-factor authentication, an active-sessions list, and API keys are not yet part of this screen — they're on the roadmap. Until they ship, account safety here relies on the password policy, session policy, and lockout rules shown above.

Next steps