How to : Secure Your MyBB Forum

Forum security is always a top priority, it’s very important to protect your forum from MyBB security threats and avoid hackers and exploits. MyBB is a very secure forumForum security is always a top priority, it’s very important to protect your forum from MyBB security threats and avoid hackers and exploits. MyBB is a very secure forum, but just like all forum software, it’s not 100% perfect but it’s always improving. MyBB security should be your first concern when maintaining your forum, this is a MyBB security tutorial with some guidelines to help increase security on your forum, here is the tutorial :

1.) Use a password that is STRONG and always on the Update

You Can Use to create or Generate Strong Password ;) .and Update Your Password Every 1 weeks .

2.) Check Your CHMOD permissions

Check Your CHMOD permissions For just a precaution, make sure you check the CHMOD permissions on the file manager. Directories should be 755, and 644 files. Config.php file you can change it to 444 if you like. As its structure is as follows :

/Inc/settings.php => 666
/Inc/config.php => 666 ( install ) 444 ( after installation )
/cache/ => 777
/cache/themes/ => 777
/uploads/ => 777
/uploads/avatars/ => 777
/admin/backups/ => 777

3.) Change Your Admin Directory Path

Go To Inc Foder Then Click Config.php ,Edit It You Will Find :

$config['admin_dir'] = ‘admin’;

You Can Change it For Example :

$config['admin_dir'] = ‘admin-lol’;

Now Rename /admin/ directory to /admin-lol/ . then Your Admin CP Path Will Be :

4.) Protect your config.php file :

To prevent direct access to the config.php file, it helps you make the rules. Create a file .htaccess in the directory /inc/, and enter the following :

<files config.php>
Order deny, allow
deny from all
</ Files>

5.) Do not use too much Plugin

I do not forbid you to use the plugin you want is fine pake plugins that you think is good. But remember, plugins develop by the third party! not by the developer’s official MyBB. Bug can be found in the plugin are you using now? therefore, make sure the plugin you are using the secure and free from all kinds of bugs. 1-2 plugin is enough, in the sense that it was important. As anti-spam for example. The more complex a plugin, the greater the possibility there was a bug!

* Dont Use Tabs And Mytabs Plugins *
* Dont Use Google Seo Plugins *

6.) Protecting Against Injections Use PHP-Firewall

Download PHP-Firewall Via : <= Only 5 Second ,it will not hurt you

Done ? . Upload the Files And To Install Edit Global.php
And Add this code :

define(‘PHP_FIREWALL_REQUEST_URI’, strip_tags( $_SERVER['REQUEST_URI'] ) );
if ( is_file( @dirname(__FILE__).’/php-firewall/firewall.php’ ) )
include_once( @dirname(__FILE__).’/php-firewall/firewall.php’ );

7.) Disable Anonymous Ftp And Use Normal Ftp And Make Sure To Use Strong Password

Check your Cpanel And Make Sure That You password is Strong For Some People That Dont use Cpanel In There Vps , Add Extra user & pass For PhpMyadmin By Using Htaccess & Make Sure That It have User And Pass By Default & Configured Properly And Passwords Should Be Strong And not Like Each Others

8.) Hide MyBB version

its Simple ,Here is The way :

go to admin CP > Configuration > General Configuration > Show Version Numbers > Off

9.) Hide admin CP links

Also in the config.php file is an option to hide the Admin CP links, good for MyBB security and for after changing your admin URL directory in case if your administrator account gets compromised. Find:

$config['hide_admin_links'] = 0;

Change the “0″ to “1″, make sure you remember where your admin directory is. ( Your admin Directory is /admin-lol/ ,lol :D )

10.) Turn off HTML in posts

By default it is disallowed, and I recommend you keep it that way unless you know your members very well. Allowing HTML opens MyBB security vulnerabilities on your forum.

11.) Run File Verification occasionally for MyBB security checks

If you notice something not right or functioning properly like it’s supposed to, you should run File Verification in Admin CP > Tools & Maintenance. This tool will check for valid MyBB files upon installation, it will return missing or corrupted files if any. Use this knowledge to replace any forum files if needed, you should be able to do this easily with a forum directory backup.

12.) Make sure you use the latest version of MyBB.

do not be lazy to upgrade your forum >:) . If MyBB CMS released its new version, can be sure there are bugs that have been found in its prior version. And of course you MUST upgrade to it! how can you look at the MyBB Wiki.

13.) Backup your forum regularly

This is really important for MyBB security, either in case your forum gets compromised or your forum’s files are corrupted and beyond repair. In Admin CP > Tools & Maintenance > Database Backups is where you can run a New Backup of your forum’s database. In Task Manager there’s a task called Weekly Backups (disabled by default) to run backing up your database automatically for you. Enable this task, I prefer to run it daily though for extra MyBB security. These backups are stored on your server and you can download them anytime you want, make sure you chmod the backups directory to 777 inside your admin directory.

Also don’t forget to backup your forum directory using FTP, or if you use cPanel use the cPanel Backup option for your forum.


Ok, Hopefully helpful and Thank you for Visiting my Little Blog :)


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>