Login Questions

1). You can disable the CAPTCHA security images from the admin section in version 8, but they do protect against disctionary hacking and spam bots.

A suggestion has been made to only have the CAPTCHA images after a 3rd failed login attempt, which I hope to implement into the next beta version.

2). Having to re-log into the admin section is intentional and is done for extra security as a different, more secure, login system is used  for the Admin Section that doesn't include the auto-login feature of the main forum.

This is done as hackers have been able to use data from comprimised databases to gain access to the admin section. The having to type in the admin password should prevent this issue.

In future versions I am looking to maybe take this one step further, whereby there is a special admin section password that all admins would need to enter to get access to the admin section.

The admin section doesn't need to be entered very often, but has tools in it that can be used to delete, wreck, deface, etc. entire forums, so keeping this section totaly secure is a very high priority.

It sounds like you are using the latest stable version 7.97 and not version 8 which is still in beta testing, otherwise you would have found all these tools quite quickly, and the quick reply box is on by default in version 8.

In version 7.97 CAPTCHA can not be disbaled from the admin section, sub forums and post approval are not supported.

In version 8 it will be in the 'Forum Configuartion' page, in version 7 there isn't away to disable it from the admin section.

However, it is not recommended that you disable the CAPTCHA security images as you will have no protection against spammers and hackers.

Borg, what I do with one of my sites is this:  I have an admin username and password for the forums & website (integrated login for entire website) and then I have a different username and password for accessing my non-WWF admin pages.

Also, for convenience, I have links to "Edit this Page," "Delete this Page," "Edit this Recipe," and things like that on the main pages but only visible when an Admin is logged on.  When you click on the links it takes you to a page on the admin section where you can take those actions but asks for the username and password if it hasn't already been entered in the last 15 minutes.

This means that even if I am still logged in to the website, people can't access most of the admin functions by clicking on the admin links (unless they came within 15 minutes of me accessing the admin part of the website with me stepping away from the computer and me forgetting to lock the computer... which I am in a habit of doing, by the way.)

That way it gives me the convenience of administrating the website directly from any page on the website (i.e. I don't have to go into the admin section and do a search for the page I was just looking at) and yet it also makes the admin functions more secure by having more than one username and password for the admin.