Skip to:
Content
Pages
Categories
Search
Top
Bottom

security


  • mazcar
    Participant

    @mazcar

    I am new to WordPress/BBPress and am coming from PHPBB.

    I am creating a bulletin board using the BBPress plug-in for WordPress. I’m not planning on really using WordPress (yet) for my website. It’s just a few static pages, a css file, and, soon, a forum.

    My board will be for just fifty people and I would like to create all the accounts myself so that I don’t have to worry about spam posts from bogus accounts.

    • In PHPBB, there is a control panel option to disable the ability to create new accounts? I don’t see that option in WP/BBPress. How would I do that?
    • I think I read on this forum that I can make my board invisible to non-members, but that is not a control panel option. What’s the prefered way for a newbie to do that?

    Also, I read an article on WP security, Top 5 WP Vulnerabilities and How To Fix Them.

    http://www.esecurityplanet.com/open-source-security/top-5-wordpress-vulnerabilities-and-how-to-fix-them.html

    Vulnerability # 1: SQL Injection & URL Hacking.
    Vulnerability # 2: Access to Sensitive Files.
    Vulnerability # 3: Default Admin User Account.
    Vulnerability # 4: Default Prefix for Database Tables
    Vulnerability # 5: Brute-Force Login Attempts

    3, 4, and 5 seem pretty obvious to me. However, for help with mitigating the threat of Brute-Force Login Attempts, the author refers to two plug-ins: Limit Login Attempts and Better WP Security. Are these the preferred plug-ins? Although, I really must ask you guys why these two plug-ins aren’t written into the core software in the first place? In fact, shouldn’t the control panel also allow me to limit the creation of new accounts, as well?

    I know BBPress, as a plug-in, is new, but WordPress has been around for ten years. Are the features that I list above planned for future releases, or is security not really an issue for the WP community, but rather up to each user?

    Before I forget, how do I implement the solutions to the first two vulnerabilities? Do I just copy the code that the author lists into my .htacess file?

    I don’t want to sound critical of WP/BBPress, or be the guy who is constantly comparing it to PHPBB. I just want to know the mentality behind it and, really, what I am getting myself into. I had a pretty secure PHPBB board that was easy to set-up and manage, but it was boring and looked like every other PHPBB board out there. I was told that WP/BBPress is customizable (some guy on your board showcases a beautiful board about Stratoliner motorcycles) and more secure than PHPBB. I hope to explore these features without becoming a full-time board developer nor becoming a php guru.

    Thanks. I really appreciate this forum. I have been reading all sorts of posts. So if these questions have been answered, please don’t flame me; it’s not for lack of searching.

Viewing 1 replies (of 1 total)

  • zaerl
    Participant

    @zaerl

    “disable the ability to create new accounts”: Admin panel -> Settings -> General -> Anyone can register (no)

    “What’s the prefered way for a newbie to do that? “: Admin panel -> Forums -> All forums -> The selected forum -> right column (Visibility)

    “Are these the preferred plug-ins?”: yes indeed

    “Do I just copy the code that the author lists into my .htacess file?”: yes, those two vulnerabilities affect every single non-trivial piece of dynamic web software, not only WordPress

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.