In this article, we'll examine two strategies your organization and its members can employ to increase user profile security. The goal of these strategies is to help mitigate tampering from bots and other malicious actors.

• Strategy 1 - Super Admins can set default profile privacy settings to ensure a minimum level of security for all profiles across your site.
• Strategy 2 - Super Admins can lock all profile pages behind a login to prevent Google indexing/searching.

Each mitigation strategy is discussed in its associated section below.

(Admins) Implement default profile privacy settings

NOTE: This section is for Super Admins only.

Each user has a profile page where they can provide any personal information about themselves they wish in the available profile fields. As an admin, you can manage the global default privacy settings for each of these fields, allowing you to implement your organization's desired privacy defaults.

Steps

1. In the Admin Toolbar, click Admin.

2. Navigate to Users > Profile > Privacy Defaults.

3. Here, you can set the default privacy setting for each of your site's profile fields (e.g., name, email address).

• The Name column lists your available profile fields.
• You can enable/disable each item by checking/unchecking its Active box (disabled items won't appear on user profiles).
• Set the default privacy setting for each item to one of four options:
• Nobody - Only the user can view the item on his/her own profile.
• My Contacts - Only the user and his/her Contacts can view the item.
• Members Only - Only the user and other users across your site can view the item.
• Public - ALL users can view the item, even those who aren't members of your site. Also, it's important to note that profiles with public information will be indexed by search engines like Google.

WARNING: To help protect your users' information, the recommended default privacy setting is Members Only. This will implement a baseline level of security for your user profiles.

You may want certain fields, like Address Lines, Phone, etc., to be Contacts Only as an additional layer of security for highly sensitive information.

(Members) Manage your profile privacy settings

While site staff set the default privacy settings for your profile information, you can update them at any time, giving you complete freedom over what personal information you want visible to other users viewing your profile. These privacy settings also help protect you from bots and other malicious actors.

Access your profile privacy settings

To access your profile privacy settings:

1. Access your profile.
2. Click My Account > Privacy Settings.

Available privacy settings

Let's look at the two ways you can help secure your profile information.

• Member Directory & Community Roster visibility - Toggle this option to YES/NO to control whether you're included in or removed from the Member Directory and Community Rosters. If set to NO, you're essentially hidden and can't be searched for or found by other members.
• For each of your profile fields, you can control who can see it by selecting one of the following visibility options:

1. Your contacts
2. Other members (i.e., those with an account who are logged in)
3. The general public (i.e., everyone, even those without an account)
4. Only you

WARNING: To help protect your information, the recommended privacy setting is Members Only.

You may want certain fields, like Address Lines, Phone, etc., to be Contacts Only as an additional layer of security for highly sensitive information.