Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Securing my forum
I was wondering how secure Vanilla forum is and if there is anything I need to do to secure it further. I'm hesitant to apply an ssl certificate because I'm not well versed in php or mysql and doubt I would be able to configure the necessary prefixes. I happen to know that my forum, thelancasternewspaper.com, will not only be vulnerable to threats, but in all probability, someone will try to hack into it and cause problems. A friend of mine said that I could remove certain files, but even he's not sure which ones. Can anybody help me secure my forum?!
Thanks!
Thanks!
0
This discussion has been closed.
Comments
On it's own, Vanilla is fairly secure unless there are some still undocumented vulnerabilities. The best practice is to monitor things daily and regularly make a backup of the database it's using. Further, limit the add-on usage to only the bare minimum of what's required and remove ones which are not in use.
also, a large part of the security of your forum is dependent on your ISP or web server administrator. even if vanilla itself were totally bulletproof, there might exist vulnerabilities in your server environment. this is where most attacks will occur - "underneath" vanilla and outside of your direct control (unless you run the webserver yourself). talk to your server admin about security, at least to get a feeling for how "on top of it" they are. they have more power over your site's security than you.
like lech said, only use the addons that you absolutely need, delete your setup folder after your forum is up and running, and keep coming back here to the lussumo forums to stay informed about any potential vulnerabilities (in your addons or in the vanilla core.)