HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Hi my name's Doug and I'm happy to find this forum.
My big question now is; What are people doing about securing Vanilla sites from hackers? I have run many WP Blogs and (as you probably know), precautions have to be taken with WordPress to thwart would-be hackers.
So what is the protocol for securing a Vanilla Forum???
Thanks In Advance
Doug (aka DiamondDug
Build a Wall….they might be mexicans...
Don't give the wrong permissions to users, use plugins that help you avert forced attacks by bots.
It is the same advice anyone can give without knowing the threat.
WP has many plugins that have demonstrated to be the source of hacker doors. Where they inject script and render your site useless.
You can be vigilant by scanning your site on a regular basis and if you have rogue files delete them.
Vanilla stays up to date with credible threats that are reported in a professional way by people who know the code well. And then they update the code to fix the potential flaw.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Web security is an entire profession / trade skill. There is no "special list" for Vanilla per se, and I chafe at the notion that there is one for any well-developed application (such as WordPress) or that you can simply follow some 5-point list and never get compromised.
You need, in part:
I think it is unfortunate that the dashboard (i.e. admin) functionalities are not "behind one slug" so that you would be able to additionally use .htpasswd easily. It would be very easy that way to add a security layer that would persist even if the admins credentials are compromised.