Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Securing my forum

edited July 2007 in Vanilla 1.0 Help
I was wondering how secure Vanilla forum is and if there is anything I need to do to secure it further. I'm hesitant to apply an ssl certificate because I'm not well versed in php or mysql and doubt I would be able to configure the necessary prefixes. I happen to know that my forum,, will not only be vulnerable to threats, but in all probability, someone will try to hack into it and cause problems. A friend of mine said that I could remove certain files, but even he's not sure which ones. Can anybody help me secure my forum?!


  • Options
    lechlech Chicagoland
    One step to ensure no dodgy issues arise after you're installed is to delete the setup directory after you've successfully set up vanilla.

    On it's own, Vanilla is fairly secure unless there are some still undocumented vulnerabilities. The best practice is to monitor things daily and regularly make a backup of the database it's using. Further, limit the add-on usage to only the bare minimum of what's required and remove ones which are not in use.
  • Options
    what lech said.

    also, a large part of the security of your forum is dependent on your ISP or web server administrator. even if vanilla itself were totally bulletproof, there might exist vulnerabilities in your server environment. this is where most attacks will occur - "underneath" vanilla and outside of your direct control (unless you run the webserver yourself). talk to your server admin about security, at least to get a feeling for how "on top of it" they are. they have more power over your site's security than you.

    like lech said, only use the addons that you absolutely need, delete your setup folder after your forum is up and running, and keep coming back here to the lussumo forums to stay informed about any potential vulnerabilities (in your addons or in the vanilla core.)
  • Options
    also, this is the only major vulnerability i've seen in vanilla in almost 2 years, and it's not a "real" vulnerability in the sense of compromising administrative control of the forum.
  • Options
    Cool. Thanks a lot for you help, guys. I'm all over it. GoDaddy is my host and my web server. I'll check back often.
This discussion has been closed.