# Configuring Security Features

Varbase 11.0.x provides a comprehensive set of security features through the **Varbase Security Base** recipe. This recipe installs and configures multiple modules designed to protect your site against common security threats including spam, brute-force attacks, cross-site scripting (XSS), clickjacking, and weak passwords.

## Security Modules Included

The Varbase Security Base recipe installs and configures the following security components:

| Module          | Purpose                                       |
| --------------- | --------------------------------------------- |
| CAPTCHA         | Challenge-response test for form submissions  |
| reCAPTCHA       | Google reCAPTCHA integration                  |
| Honeypot        | Invisible spam trap for forms                 |
| Antibot         | JavaScript-based bot detection                |
| Password Policy | Configurable password strength requirements   |
| SecKit          | HTTP security headers and protection settings |
| Flood Control   | Rate limiting for login and form submissions  |

## Sections

### [Spam Protection](/developers/configuring-a-varbase-site/security-features/spam-protection.md)

Configure CAPTCHA, reCAPTCHA, Honeypot, and Antibot to protect forms against automated spam submissions.

### [Password Policies](/developers/configuring-a-varbase-site/security-features/password-policies.md)

Configure password strength requirements including character types, minimum length, history restrictions, and username restrictions.

### [Security Kit](/developers/configuring-a-varbase-site/security-features/security-kit.md)

Configure SecKit for protection against XSS, CSRF, and clickjacking attacks through HTTP security headers.

### [Flood Control](/developers/configuring-a-varbase-site/security-features/flood-control.md)

Configure rate limiting for login attempts and contact form submissions to prevent brute-force attacks.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.varbase.vardot.com/developers/configuring-a-varbase-site/security-features.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.