Table of Contents
At LearnWorlds, we treat security requirements as a priority. We believe that it’s fundamental to offer a platform that provides the highest quality of service while at the same time doesn’t compromise on any aspect of our customers’ – and, by extension, their learners’ – security and privacy.
As we continue to work on additional features, we want to ensure that our customers are aware of every new security mechanism they can deploy to protect their online academies.
This is why, in addition to our existing security protocols, we’re introducing some new security enhancements that will help you keep your school websites safe and secure.
Table of contents
- 1Strengthen your Academy Security with 2-Factor Authentication (2FA)
- 2Eliminate Inaccurate and Fake Addresses with Email Verification
- 3Use reCAPTCHA to Eliminate Fake User Traffic and Bots
- 4Strengthen Your Learners’ Account Security by Setting Strong Password Requirements
- 5Take Control of your School’s Gatekeeping Process Using Signup Approval
Strengthen your Academy Security with 2-Factor Authentication (2FA)
In our ongoing commitment to providing the highest level of security for our users, LearnWorlds is introducing 2-Factor Authentication (2FA) for all Users except School owners, available on all plans:
With 2-Factor Authentication (2FA), school admins can now activate either optional or mandatory two-step verification for all Users, or choose the desired setting per User role.
How to enable and configure 2-factor authentication (2FA) for your school
To enable the setting, navigate to Site Builder → Sign in/up → LearnWorlds
With 2FA enabled, when a User logs in, it is required to enter a One Time Password (OTP) received via email or an authenticator app.
This additional layer of security ensures that only truly authorized users can access their accounts, providing an extra level of protection against potential cyber threats.
💁 To learn more about the user experience when the 2-Factor Authentication (2FA) is enabled and discover all the available settings, please visit our Help Center article here.
Eliminate Inaccurate and Fake Addresses with Email Verification
With our new Email Verification setting, users that sign up to your school must first confirm their email address before they are allowed any access to your school.
Using this setting, you can verify that the email address registered during the signup process is accurate and up-to-date, ensuring your Learners will always receive important communication from your School — while simultaneously reducing high email bounce rates and their domino effect on deliverability.
Email Verification can be used as an extra layer of security, allowing you to ensure that only legitimate users have access to your School and its Learning Activities. By enabling it, you will prevent any malicious actor from impersonating a legitimate user using their email address without having access to that particular Inbox.
How to Enable and Configure Email Verification for Your School
To enable the setting, navigate to Site Builder → Sign in/up → Email Verification
You can also adjust the verification email by navigating to Settings → Notification Emails → Registration Emails → Email Verification
How will your learners experience the email verification process?
When a new User signs up to your School, a “Verification Pending” landing page is displayed, and the User cannot navigate further into your School until the email address is verified:
You can edit the copy or fully customize this landing page by navigating to:
Site Builder → Edit School Site → Manage all pages (under the System Pages group)
💁 To learn more about the user experience when Email Verification is enabled and discover additional settings and tips, please visit our Help Center article here.
Use reCAPTCHA to Eliminate Fake User Traffic and Bots
LearnWorlds now integrates with reCAPTCHA v3, a Google service offered as an out-of-the-box solution for an always-on traffic analyzer that detects fake user and bot activity that tries to access your academy’s website.
With reCAPTCHA, you can safeguard your school’s website from illicit activities like fraud and misuse while minimizing disruption to legitimate users. The underlying technology uses an advanced Risk Analysis Engine to identify malicious traffic and adaptive challenges to prevent fraudulent users and software from taking part in hostile activities on your website.
Without creating friction for your learners by forcing them to go through the tedious process of solving word and image puzzles, you can use reCAPTCHA to protect your academy’s website from any unauthorized activity, including content pilfering and scraping, fake user sign-ups, account takeovers, and credential stuffing.
What parts of your school are protected
reCAPTCHA v3 will never interrupt your learners, so you can enable it whenever you like without affecting conversion.
When enabled, reCAPTCHA will be active on:
How to enable and configure reCAPTCHA for your school
To obtain the keys needed for our reCAPTCHA integration, you must visit this link and log in to the reCAPTCHA admin console with your Google account. Then follow the steps in our support article to obtain the keys.
Go back to your LearnWorlds school in Site Builder → reCAPTCHA, copy each of the keys and paste them into the respective field:
How will your learners know that a form is protected?
When a form is visible, the reCAPTCHA icon will appear at the bottom right corner of the screen:
Strengthen Your Learners’ Account Security by Setting Strong Password Requirements
A strong password is the first line of defense against unauthorized access.
Any account with an easy-to-guess password can be hacked in seconds. To avoid account hijacking by a malicious actor who guesses or brute-force attacks one of your learners’ username and password combinations, it is imperative to ensure your learners’ passwords are strong and difficult to guess.
Starting today, we are introducing a streamlined website setting that will allow you to enable and define strong password requirements for your learners. This will ensure that user passwords are incredibly difficult to guess and remain secure.
We encourage all LearnWorlds customers to take advantage of this new setting and ensure all their users’ passwords, especially those with crucial administrative access, are as strong as possible.
How to configure password strength settings for your school
If you want to enable strong password requirements for your learners, you have to visit your School’s Admin dashboard and navigate to:
Site Builder → Site Settings → Sign in/up → Password strength
By configuring these rules, you can require your learner’s passwords to consist of either one or all of the options below:
Take Control of your School’s Gatekeeping Process Using Signup Approval
Suppose you have some specific eligibility criteria for your learners, such as when running an exclusive educational community for experts, or you wish to maintain a waitlist for admissions. You may also want to employ a screening process as an additional security measure before allowing any kind of access to your school.
In these cases, you can establish an additional gatekeeping step by enabling Signup Approval to provisionally restrict and reduce the risk of unauthorized access. The newly added Signup Approval setting is available on the Users dashboard page:
Users → Signup Approval → Setup
Provisionally restrict access to your school
Using the new Signup Approval workflow, you will be able to provisionally restrict access and determine whether to accept or reject a learner after they complete their sign-up process.
Additionally, you can use this method to open up your school’s website for Sign-ups before any learning activities or courses are published. Newly registered users will subsequently be able to access your academy only after an admin has accepted their Sign-up request.
How to use the Signup Approval Workflow in conjunction with sign-up and qualification forms
To collect the necessary data in order to better inform your access decisions, you can also use the Sign-up and Qualification forms.
By enabling additional Custom Fields on the Sign-up form, you will be able to gather additional information you might need from your learners.
Evangelos is a Product Marketer with experience in SaaS, B2B and B2C companies focusing on Product-Led growth and & CX Marketing. He's a Web 3.0 & Tim Berners-Lee's Semantic Web enthusiast, enjoys producing music "in-the-box" and gaming competitively.