---
title: Security Settings
description: Protect your store with WooNooW security features.
---



Navigate to **Settings > Security** to configure access controls and protection features for your store.

## Access Control

### Limit Login Attempts
Protect your admin area and customer accounts from brute-force attacks.
- **Max Retries**: Set the maximum number of failed login attempts allowed.
- **Lockout Time**: Duration to lock out an IP address after exceeding retries.

### Password Strength
Enforce strong passwords for new customer accounts.
- **Minimum Strength**: Choose between Weak, Medium, or Strong requirements (based on zxcvbn strength estimation).

## Checkout Security

### Captcha Protection
Enable ReCaptcha or Cloudflare Turnstile on checkout and registration forms to prevent bot spam.
- **Provider**: Select your captcha provider using the dropdown.
- **Site Key & Secret Key**: Enter your API credentials.

## API Security

### REST API
WooNooW relies on the WordPress REST API.
- **Require SSL**: Force HTTPS for all API requests (Recommended).
- **CORS Settings**: Configure Cross-Origin Resource Sharing if you are hosting the frontend on a different domain.