Security Settings
A live dashboard of failed logins, blocked addresses, certificate health, and the password and session policy protecting your account.
Running a business online means trusting that your account is safe. The Security screen gives you a live, at-a-glance picture of your store's safety posture, refreshed automatically every minute (or on demand with the refresh button).
Screen location
This screen is available to the Owner/Super Admin and Store Admin roles. It's available in the
new admin sidebar under Extensions → Security; the classic (default) sidebar has no menu
entry for it at all — open it directly at the /security URL, or bookmark it for quick access.
The four headline numbers
| Metric | What it means |
|---|---|
| Failed sign-in attempts | How many login attempts failed over the last 7 days — a sudden spike is worth investigating |
| Suspicious activity events | Unusual patterns the platform flagged in the same window |
| Blocked addresses | Sources the platform is actively blocking from reaching your account |
| Certificates expiring soon | Secure-connection certificates protecting your store, so you're warned before one lapses |
Below the numbers, a bar chart breaks failed login attempts down by day of the week, so a spike is easy to spot at a glance.
Your active security policy
A panel next to the chart shows the policy currently protecting your account, in plain language:
- Password policy — minimum length required, and how many days before passwords must be refreshed.
- Session policy — minutes of inactivity before a session ends, and how many concurrent sessions are allowed per account.
- Login security — the maximum failed attempts before a lockout, and how long that lockout lasts.
- Encryption — whether data encryption is active, and the algorithm in use.
These values are read-only on this screen — they reflect the policy BillionBiz enforces for your account, not settings you edit here.
Coming soon
A "Recent Security Events" ledger — a row-by-row log of security-relevant events with timestamp, event type, user, IP address, and severity — is planned for this screen but not built yet. The section currently in the product shows an editorial coming-soon panel instead of live rows.
SSL Certificates
If your store has certificates linked, a second table lists each domain along with its status, issuing authority, expiry date, and a days-remaining countdown — colour-coded so anything under 30 days stands out immediately. This is the same certificate health that's summarised in the headline numbers above.
Note
Two-factor authentication, an active-sessions list, and API keys are not yet part of this screen — they're on the roadmap. Until they ship, account safety here relies on the password policy, session policy, and lockout rules shown above.
Next steps
- Audit Logs — see exactly who made a specific change.
- User Management & Roles — limit what each teammate can access in the first place.
