This section gives guidelines on configuring the security of your Confluence site:
- Confluence Security Overview and Advisories
- Proxy and HTTPS setup for Confluence
- Configuring Secure Administrator Sessions
- Confluence Cookies
- Using Fail2Ban to limit login attempts
- Securing Confluence with Apache
- Secured secrets by default
- Best Practices for Configuring Confluence Security
- Encrypting passwords in server.xml
- Hiding the People Directory
- Configuring Captcha for spam prevention
- Hiding external links from search engines
- Configuring Captcha for failed logins
- Configuring XSRF Protection
- User Email Visibility
- Anonymous Access to Remote API
- Configuring RSS Feeds
- Preventing and Cleaning Up Spam